Cryptographic Audit Trails for AI Content Systems
January 13, 2026 β CAP v1.0 is now officially released, featuring:
- Unified Conformance Levels (Bronze/Silver/Gold) aligned with VAP v1.2
- External Anchoring Specification for independent timestamp verification
- C2PA/SCITT Integration for ecosystem interoperability
- Comprehensive Regulatory Mapping (EU AI Act, DSA, Colorado AI Act, TAKE IT DOWN Act)
π Full Specification | π Changelog | π Academic Paper
CAP-SRP represents the world's first open specification for cryptographic AI content refusal logging:
- CAP World-First Claims β Final Consolidated Research Report
https://github.com/veritaschain/cap-spec/blob/main/docs/CAP_WorldFirst_Final_Consolidated_Report.md
- CAP Safe Refusal Provenance (SRP) β Reference Implementation
A reference implementation and evidence repository demonstrating Safe Refusal Provenance (SRP), including non-generation proofs and cryptographic audit artifacts based on this specification.
π https://github.com/veritaschain/cap-safe-refusal-provenance
CAP (Content / Creative AI Profile) is a domain-specific profile within the VAP (Verifiable AI Provenance Framework) v1.2, establishing cryptographically verifiable audit trails for AI workflows in content and creative industries.
CAP is NOT a regulation that prohibits or censors AI usage.
CAP IS a framework for preserving verifiable evidence that third parties can audit when disputes arise.
"Verify, Don't Trust"
In January 2026, the Grok incident exposed a critical gap in AI content moderation:
| What Happened | The Problem |
|---|---|
| NCII generation capability discovered | Systems lacked provable refusal mechanisms |
| 8+ regulatory jurisdictions launched investigations | No cryptographic proof of safeguard effectiveness |
| xAI claimed "our safeguards work" | Could not prove which requests were actually refused |
| UK IWF found AI-generated CSAM | No verifiable evidence of prevention measures |
Current AI systems can prove what they generated. They cannot prove what they refused to generate.
CAP v1.0 defines three conformance levels aligned with VAP v1.2:
| Level | Target | Key Requirements | Regulatory Alignment |
|---|---|---|---|
| Bronze | SMEs, Early Adopters | Hash chain, basic logging, 6-month retention | Voluntary transparency |
| Silver | Enterprise, VLOPs | + SRP, external anchoring (daily), 2-year retention | EU AI Act Article 12 |
| Gold | Regulated Industries | + Real-time verification, HSM, SCITT, 5-year retention | DSA Article 37 audits |
CAP defines core events covering the AI content lifecycle:
βββββββββββ βββββββββββ βββββββββββ βββββββββββ
β INGEST βββββΆβ TRAIN βββββΆβ GEN βββββΆβ EXPORT β
βββββββββββ βββββββββββ βββββββββββ βββββββββββ
β β β β
βΌ βΌ βΌ βΌ
Asset Input Model Generation Output
(Material Training (Create new Delivery
intake) content)
SRP (Safe Refusal Provenance) extends CAP to provide cryptographic proof that harmful content was received, evaluated, and refused.
Request Received
β
βΌ
βββββββββββββββββββ
β GEN_ATTEMPT β β MUST be recorded for every request
ββββββββββ¬βββββββββ
β
βΌ
Risk Assessment
β
ββββββ΄βββββ¬ββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββ βββββββββββ βββββββββββ
β GEN β βGEN_DENY β βGEN_ERRORβ
β(allow)β β(refuse) β β(failure)β
βββββββββ βββββββββββ βββββββββββ
β GEN_ATTEMPT = β GEN + β GEN_DENY + β GEN_ERROR
This mathematical constraint prevents:
- Hiding successful generations of harmful content
- Selectively logging only favorable outcomes
- Claiming refusals without corresponding attempts
| Document | Description | Status |
|---|---|---|
| CAP-Specification-v1.0 | Normative specification | Official Release |
| CAP-Specification-v0.2 | Previous version | Superseded |
| Threat Model | Security threat analysis | Current |
| CAP vs VCP | Relationship to VCP | Current |
| Glossary | Terminology reference | Current |
Schemas for machine validation:
core-event.schema.jsonβ Common event fieldsingest.schema.jsonβ Asset ingestiontrain.schema.jsonβ Model traininggen.schema.jsonβ Content generationexport.schema.jsonβ Asset delivery
gen-attempt.schema.jsonβ Request receivedgen-deny.schema.jsonβ Request refusedgen-warn.schema.jsonβ Allowed with warninggen-escalate.schema.jsonβ Escalated to humangen-quarantine.schema.jsonβ Generated but quarantined
- INGEST event β Recording asset intake
- GEN event β Recording content generation
- EXPORT event β Recording asset delivery
- GEN_ATTEMPT event β Request received
- GEN_DENY event β Request refused
- Evidence Pack β Complete audit package
CAP provides technical capabilities aligned with regulatory requirements:
| Regulation | Jurisdiction | CAP Alignment |
|---|---|---|
| EU AI Act | EU | Article 12 logging, Article 53 transparency |
| Digital Services Act | EU | Article 35 systemic risk mitigation, Article 37 audits |
| GDPR | EU | Processing records, consent management, crypto-shredding |
| Colorado AI Act | USA | Impact assessments, 3-year retention |
| TAKE IT DOWN Act | USA | NCII evidence requirements |
| Copyright Act Art. 30-4 | Japan | AI training exception documentation |
| South Korea AI Framework Act | Korea | High-impact AI logging (effective Jan 2026) |
The theoretical foundations of CAP-SRP are detailed in our peer-reviewed preprint:
- Title: "Proving Non-Generation: Cryptographic Completeness Guarantees for AI Content Moderation Logs"
- DOI: 10.5281/zenodo.18213616
- Published: January 11, 2026
| Project | Description |
|---|---|
| VCP Specification | VeritasChain Protocol for financial/trading systems |
| VAP Framework | Parent framework (v1.2) for domain-specific profiles |
| VCP Explorer | Visualization and verification tools |
cap-spec/
βββ README.md # This file
βββ LICENSE # CC BY 4.0
βββ SECURITY.md # Security policy
βββ GOVERNANCE.md # VSO governance
βββ VERSIONING.md # Semantic versioning policy
βββ docs/
β βββ CAP-Specification-v1.0.md # Normative specification (v1.0)
β βββ CAP-Specification-v0.2.md # Previous version (superseded)
β βββ CHANGELOG.md # Version history
β βββ CAP-vs-VCP.md # Relationship to VCP
β βββ CAP-Glossary.md # Terminology
β βββ CAP_WorldFirst_Final_Consolidated_Report.md # World-first verification
β βββ Threat-Model.md # Security analysis
β βββ Regulatory-Mapping/ # Compliance guides
β βββ EU-AI-Act.md
β βββ DSA.md
β βββ GDPR.md
β βββ JP-Copyright-30-4.md
β βββ US-NCII.md
βββ schemas/
β βββ cap/ # Core event schemas
β βββ srp/ # SRP extension schemas
βββ examples/
β βββ cap-core/ # Core event examples
β βββ cap-srp/ # SRP event examples
βββ test-vectors/ # Conformance test data
βββ canonicalization/ # RFC 8785 JCS tests
βββ hash/ # EventHash tests
βββ signature/ # Ed25519 tests
βββ completeness/ # SRP invariant tests
We welcome contributions. Please see:
- GOVERNANCE.md β How decisions are made
- SECURITY.md β Reporting security issues
To propose changes:
- Open an issue describing the proposed change
- Reference relevant specification sections
- Include test vectors if applicable
This specification is published under CC BY 4.0 International License.
- Website: https://veritaschain.org
- Email: standards@veritaschain.org
- GitHub: https://github.com/veritaschain
- Media: media@veritaschain.org
Β© 2025-2026 VeritasChain Standards Organization (VSO). All rights reserved.
VSO is a vendor-neutral standards body. References to specific products or organizations are for interoperability documentation purposes only and do not constitute endorsement.