The temptation in 2026 is to bolt AI onto today's audit logs. To pretend that what regulated industries need is more dashboards, more retention policies, more screenshots of model outputs. That mistake is the equivalent of using the new electric dynamo to power one giant central machine in 1900. It is technically possible. It misses the point. Without a new kind of evidence, machine intelligence will be deployed cautiously, slowly, or not at all in the places that need it most: hospitals, banks, public agencies. With it, AI becomes a thing regulators can audit, clinicians can defend, and customers can verify.
The point is to make every AI decision commit to itself, before it acts. That single primitive, applied across an industry, changes what is possible. We call it a receipt.
I. Bookkeeping for Machines
In 1494, the Franciscan friar Luca Pacioli published a textbook describing a curious accounting practice used by Venetian merchants. For every transaction, the merchant wrote two entries: one as a debit, one as a credit. The sum of all debits had to equal the sum of all credits. If they ever diverged, the books were wrong, and you knew immediately where to look.
Double-entry bookkeeping did not make trade faster. The same goods crossed the same seas. What it did was make trade legible across strangers. A merchant in Venice could extend credit to a merchant in Bruges he had never met, because the bookkeeping made the exposure visible and the trust mechanical. Within two centuries, the practice underwrote the rise of joint-stock companies, the Dutch East India Company, the Bank of England, modern insurance, and ultimately the financial system that funded the industrial revolution.
The lesson is not about ledgers. It is that a small primitive, applied across a domain, can change what kinds of cooperation are possible.
AI today is in the position of pre-Pacioli commerce. Every model deployment is a private negotiation. The buyer trusts that the vendor logs the right things; the regulator trusts that the buyer trusts the vendor; the auditor trusts that nothing has been edited since. None of the trust is mechanical. All of it is promises.
When something goes wrong, the questions a regulator will ask are the questions a Venetian merchant in 1493 could not answer: what was the model asked, when, by whom, under which policy, and with what result? The screenshots in today's compliance binders cannot answer these questions in a form that survives independent scrutiny. They are the same artefacts Pacioli's contemporaries used, and they will fail for the same reasons.
What would the present-day equivalent of double-entry look like for AI?
It would be a record produced by the model's own runtime, not by a human after the fact. It would be cryptographically signed, so that any tampering is detectable by any reader, not just by the vendor. It would commit to the exact prompt, the exact policy in effect, the exact model version, the exact response, at the exact moment. It would be portable across vendors and clouds, so that a hospital running its AI on AWS today and Azure tomorrow does not lose its audit trail. And it would be verifiable offline, by anyone with the public key, in a form a regulator's laptop can run without phoning home to the vendor.
This is what we mean by receipt. The cryptography is invisible plumbing. What matters is the social fact the receipt makes possible: a regulator who never met the bank can now audit what the bank's AI did, in a form the bank cannot edit.
Cloud audit logs are signed and timestamped, but each is single-provider, post-execution, and shaped by the vendor that runs it. A receipt is cross-provider, pre-execution, regulator-shaped, and bank-portable. It travels with the decision and is verifiable on the regulator's laptop in the same format across any cloud.
What does receipt-format consensus look like? Today, every cloud has its own audit log schema. A regulator overseeing AI in finance, healthcare, and the public sector faces three formats with three trust models. What would it take to converge on a single verifier, the way every browser converged on TLS?
What is the shape of evidence that survives an adversarial proceeding? A screenshot does not. A signed receipt with a hash chain might. We do not yet have case law to confirm this. We are building toward it.
What does a receipt look like for a model that does not know what it did? Foundation models are non-deterministic. The receipt cannot reproduce the answer; it can only commit to the inputs, the policy, and the output as observed. That is a new epistemic object, and its boundaries are not yet drawn.
The three questions above are not rhetorical. They are the questions we work on, with concrete artefacts (open spec, conformance suite, ZK research, post-quantum migration plan) on the research page.
II. The Aesthetic of Evidence
Pre-commitment changes what evidence means: a forecast dated and signed before the outcome carries a different epistemic weight than one written after. Dating does not improve a forecast. It changes what the forecast is allowed to mean.
On 9 May 2026 AqtaBio, our outbreak-forecasting product, committed a signed forecast ranking DR Congo Ebola position 4 in the Congo Basin biome. WHO declared a DR Congo Ebola PHEIC on 17 May. An 8-day lead, verifiable by anyone via public git log against the WHO date. The signal does not generalise: see the working paper for the explicit p-value, denominator, and what this single match licenses us to claim.
This is what we mean by the aesthetic of evidence. Not all evidence is equal in shape. A document produced after the outcome can fit any narrative; a document produced before constrains the narrative it can fit. Receipts make this distinction mechanical and public, instead of social and disputable.
Receipts give AI a kind of taste: the taste to know which things are worth committing to in advance, in what form, and on what evidence terms. A forecast worth making is a forecast worth dating. A decision worth automating is a decision worth signing. A claim worth trusting is a claim worth verifying without trusting the claimant.
The implications run further than they first appear. Receipts make cross-border claims auditable: a multinational pharma trial in Germany can be re-verified by an Irish public-healthcare auditor without re-running it. They make cross-time claims credible: a prediction from 2026 verifiable in 2036 still has its original signature. They make cross-vendor claims portable: when a bank migrates its model from AWS to Azure, the receipts come with it.
How do we keep receipts human-readable while machine-verifiable? A regulator's counsel must be able to read a receipt aloud to an oversight body. A model engineer must be able to verify ten thousand of them per second. These are different requirements imposed on the same artefact.
What does an AI-readable corpus of evidence look like, ten years from now? If every regulated AI action since 2026 produced a receipt, what does a 2036 oversight body do with that corpus? What does a 2036 regulator do with the patterns inside it? We do not yet have the tools to read evidence at that scale, and the tools we build will determine which questions can be asked of the record.
What is the proof artefact for an automated decision? A doctor signs off on a chart with their name. A judge signs off on a ruling with their seal. An AI signs off on its action with what? We think the answer is a receipt that names the human policy the AI was operating under and the cryptographic identity of the inference, jointly. Neither alone is sufficient.
If our manifesto has an aesthetic argument it is this: the shape of evidence determines the shape of trust. A field that does not yet have its verifiable primitive is a field where cooperation is constrained by the wealth of the strangers involved. Aqta is building the primitive that makes AI cooperation cheap across strangers.
III. Cooperative Trust at Machine Speed
Regulated industries are not slow because they are stupid. They are slow because the cost of being wrong is asymmetric, and they have, until now, had no mechanism for trust that is cheap and durable at machine speed.
A bank deploying a new model takes months to satisfy three different parties: the model vendor, the bank's own risk committee, and the regulator. Each party operates on artefacts the other two distrust. A hospital deploying clinical-decision support takes the same months for the same reasons, with a different alphabet of regulators. A public agency deploying anything is slower still. The friction is not technical. The friction is that every party in the chain has to take the previous party's word.
Receipts collapse the friction. Once a model emits a verifiable signed record of every decision, the chain of trust becomes a chain of verifications. The bank's risk committee verifies the vendor's claim. The regulator verifies the bank's claim. An auditor or oversight body, if it comes to that, verifies the regulator's claim. No single party has to be trusted, because the artefact itself is the proof.
We are betting that this collapse of trust cost is large enough to change what AI gets deployed and where. Hospitals will deploy clinical AI in places they currently cannot, because the audit story will be defensible. Banks will deploy models in customer-facing decisions where the regulatory weight is presently prohibitive. Public agencies will deploy AI in eligibility decisions, scheduling, and triage, where the political weight is presently prohibitive. None of these deployments require better AI. They require better evidence.
The bet that runs through everything we build is that one receipt shape can cross the portfolio. The same signed record that dates an outbreak forecast also proves a redaction held and stamps a health reading on the phone in someone's pocket. Three concrete artefacts, one primitive:
- AqtaBio dated a signed outbreak forecast that led the WHO Ebola PHEIC by eight days, verifiable by anyone via public git log. (Live, W19 precedent)
- Bounds Pro strips sensitive data on-device and keeps an on-device record of what it removed. (Live, public)
- Pulse signs a health reading on the phone people already have, so the record travels with the patient instead of the vendor. (Live, public)
- AqtaCore has been signing production AI calls continuously since 21 April 2026; the reference verifier is open-source on public registries. (Live since 21 April 2026)
- Spectra lets people browse the web by voice, with every action signed so the record of what the agent did on your behalf is portable and verifiable. (Public demo)
- Testera is the educational case: adaptive coaching designed for transparency, with the basis for every recommendation traceable to the student's history. (Live, test prep)
Different domains, one primitive. We do not claim to be the only company that has noticed this. We claim to be the company that ships it, dated, into regulated industries.
Can a regulator's audit infrastructure scale to billions of AI decisions per day? Today's audit dashboards cannot. A receipt-shaped record can, because the verification is local and parallelisable.
What is the right governance interface between many humans and many AI agents, when every interaction produces a receipt? This is the question we live within. We use AqtaCore for our production AI calls, and we are extending the same routing to internal tooling. If the interface is wrong, we are the first to know.
How do we keep receipts cheap? Cryptography is not free. Storage is not free. If the receipt cost more than the inference, the primitive does not generalise. We have a target: receipt overhead below five milliseconds, receipt storage below the cost of the response. Below those numbers, receipts become the default. Above them, they remain a luxury.
The next decade of AI deployment will not be decided by who has the biggest model. It will be decided by who built the verifiable primitive that lets the biggest model be used in the places that need it. We are building that primitive. If you work on these questions, we should talk.
IV. The Industry Just Said It Out Loud
The IAPP AI Governance Global summit’s 4 June 2026 closing-day session, “Who Watches the Watchers: Governance for Human in the Loop,” framed the question the field has been edging toward. Here is how we would put it, and what we built AqtaCore to answer.
Aqta position
When a human intervenes, the receipt names what they did, when, and against which policy. Without that, human-in-the-loop is theatre.
Our position does two things.
First, it sets aside model evaluation as the test. Benchmark scores are not how regulators measure compliance. The framing that the AI itself is the thing being governed is wrong.
Second, it names the actual test: human intervention effectiveness. Not policy on paper. Not oversight committee minutes. Effectiveness, demonstrable.
This is the framing the regulated buyer has been waiting for. It is also exactly what we have been operationalising since 21 April 2026.
The receipt is the measurement primitive. Every decision pre-flagged. Every intervention timestamped. Every kill cryptographically signed. Every auditor can verify offline, against a published key, without trusting the vendor.
Before the receipt, “we have human oversight” was a slide claim.
After the receipt, “human intervened at T+47ms, signed receipt 0x8f3a…d92c, verified against pubkey gUoUhIvptKAo…” is a forensic record.
The industry has now said it out loud. We have been building the answer for the question they just framed.
Write to us at hello@aqta.ai or find us on LinkedIn.
If your team is putting AI into a regulated workflow, apply for a pilot. Sandboxed, four to six weeks, a signed evidence package at the end.