Research

The technical basis for every claim we make, and the open problems we are working on.

Working paper v1.0, June 2026

Decision Receipts: A Verifiable Primitive for AI Governance Evidence

Anya Chueayen and the Aqta Research Team. Aqta Technologies, Dublin.

A cross-jurisdiction synthesis across eight regulatory frameworks (EU DORA, SR 11-7, EU AI Act, NIST AI RMF, Colorado SB 24-205, UK FCA Consumer Duty, UK ICO under UK GDPR, Singapore PDPC Model AI Governance Framework + AI Verify) shows they converge on the same seven evidence properties. We propose ATTESTATION-v1 as an open specification for the underlying primitive, describe the reference implementation in production since 21 April 2026, and test the primitive against a worked field deployment with full anti-survivorship-bias accounting. The bootstrap reports the W19 hit at p = 0.222; the paper's contribution is the primitive, not a claim of predictive capability.

Read the working paper. Comments and corrections to hello@aqta.ai.

Cite (plain text)
Chueayen, A. and the Aqta Research Team (2026). Decision Receipts: A Verifiable Primitive for AI Governance Evidence. Working paper v1.0, Aqta Technologies, Dublin. https://aqta.ai/research/working-paper/
Cite (BibTeX)
@techreport{chueayen2026receipts,
  title       = {Decision Receipts: A Verifiable Primitive for AI Governance Evidence},
  author      = {Chueayen, Anya and {Aqta Research Team}},
  institution = {Aqta Technologies},
  address     = {Dublin, Ireland},
  year        = {2026},
  month       = {6},
  type        = {Working paper},
  number      = {v1.0},
  url         = {https://aqta.ai/research/working-paper/}
}

Open problems

Research agenda

The directions we are actively working on, each with an honest status. In development means code is running and the work is closing; roadmap means scoped and planned; research means open and unsettled.

ZK circuits / Groth16In development

BN254 Schnorr and Groth16 verification already run on the production gateway. The proving and circuit-compilation pipeline (circom + snarkjs) is the closing track, so a receipt can prove a policy held without exposing the prompt.

Post-quantum migrationRoadmap

A documented path to the NIST post-quantum standards (FIPS 204 / ML-DSA, FIPS 205 / SLH-DSA, FIPS 206 / FN-DSA). The signature is a tagged field, not the format, so receipts signed today stay verifiable under the new algorithm.

Cross-org threat intelligenceResearch

How receipts from many organisations can be aggregated into shared signals (policy-bypass patterns, prompt-injection campaigns) without breaking offline verifiability or leaking any single organisation's prompts.

ATTESTATION-v2Roadmap

The next spec revision: richer receipt-chain topology for autonomous agents, selective-disclosure fields, and a profile for multi-step tool use, kept backward-compatible with v1 verifiers.

Our thesis

The core claim

ATTESTATION-v1 is an open protocol; AqtaCore is the reference implementation. Three pillars follow.

01·Cross-provider by construction

A bank or hospital does not run on a single AI cloud. Receipts produced by AqtaCore verify identically whether the model behind the agent was OpenAI, Anthropic, Vertex, Bedrock, or an on-prem deployment. The audit layer cannot live inside any one vendor's surface.

02·Offline-verifiable against one key

A regulator, customer, or auditor verifies any receipt by fetching one Ed25519 public key from app.aqta.ai/security/pubkey.txt (served as raw base64; algorithm specified in §4 of the spec). The verifier runs offline. No call back to Aqta, no log fetched from any cloud.

03·Open spec, open verifiers

ATTESTATION-v1 is dual-licensed: code Apache 2.0, spec text CC BY 4.0. Reference verifiers ship at parity on PyPI and npm. Every third-party verifier strengthens us rather than reducing dependency on us.

Reference implementations

Verify the claims

Open spec

Aqta-ai/attestation-spec. Twelve-section formal specification, code Apache 2.0 + spec text CC BY 4.0, IETF Internet-Draft in preparation.

Reference verifiers, shipping at parity

aqta-verify-receipt on PyPI and on npm. Both at v1.0.2.

Conformance suite, 14 / 14 vectors

Six valid receipts plus eight invalid, each documenting a specific behaviour: signature tamper, chain break, canonicalisation drift, key-rotation edge case, replay, malformed envelope, schema-version mismatch, prompt-hash mismatch.

Production gateway live since 21 April 2026

api.aqta.ai, currently on v1.1.0. Hit / for the service and version banner.

Signed receipt demo

app.aqta.ai/demo. Click through a real signed call end-to-end, verify against the published key.

ZK research

BN254 Schnorr verification and Groth16 verification both run on the production gateway. The proving and circuit-compilation pipeline is the active research track (Enterprise Ireland Innovation Voucher); circuits not yet compiled. Reference implementation via py_ecc.optimized_bn128.

Post-quantum migration plan

Documented path to NIST FIPS 204 / ML-DSA-65. Same envelope, same conformance vectors, new signature algorithm and key URL. Receipts produced today verify under the post-quantum regime because the signature is a tagged field, not the format itself. ML-DSA-65 verifier not yet shipped; envelope is forward-compatible by construction.

Cross-border verification demo

A signed paediatric-vitals receipt produced at a partner clinic in Northern Thailand verifies offline in a Dublin clinic against the same published key. Real signature verification in the browser via TweetNaCl; tamper-the-payload-and-watch-verification-fail sandbox included.

Proof

The dated public artefact

On 9 May 2026, our public git ledger at Aqta-ai/aqtabio-research listed DR Congo Ebola at rank 4 of the Congo Basin tiles in commit commitments/2026-W19.json. On 17 May 2026, the WHO declared a PHEIC for Bundibugyo Ebola in DR Congo and Uganda. Eight days. Biome-correct, country-rank 4.

Reproduce the timeline yourself: open the 2026-W19.json commit history on GitHub and read its commit timestamp against the WHO declaration date.

The same signing pipeline that produces AqtaCore receipts underwrites this prospective signal. Operational proof that the receipts methodology generalises from policy decisions to prospective forecasts.

Open questions

Open research questions we work on

If any of these resonate, we want to hear from you. Email hello@aqta.ai with subject prefix [research].

Protocol questions (for cryptographers)

  • Cross-provider receipt aggregation. When a Tier-1 bank runs agents on three different model clouds, how should receipts produced under different deployment regimes be aggregated, audited, and queried as a single evidence corpus without breaking offline verifiability?
  • Post-quantum migration without receipt invalidation. What is the minimum-disruption transition path from Ed25519 to ML-DSA-65 such that receipts produced under the classical regime remain verifiable in the post-quantum regime indefinitely?
  • ZK receipts for sensitive prompts. How do we extend BN254 Schnorr + Groth16 to produce receipts that prove policy was enforced and the right model was called, without revealing the prompt or output, while remaining offline-verifiable?
  • Receipt-chain topology for autonomous agents. When an agent calls tools, edits files, or moves money across many steps, what is the right granularity of receipts and what is the right hash-chain topology so the chain reconstructs the agent's trajectory without exposing redundant detail?

Application questions (for domain experts)

  • Regulator-readable export formats. What is the right export format for a multi-month receipt chain such that a Central Bank examiner can ingest, query, and verify the corpus with off-the-shelf tools?
  • Cross-border health-record portability. The Northern-Thailand-to-Dublin verification demo shows the protocol works. What is the right human-facing UX so a patient or a clinician trusts a receipt signed by a clinic on the other side of the world?
  • Prospective-forecast attestation. AqtaBio's W19 → Bundibugyo PHEIC artefact is one data point. What does a principled framework for dated, prospective, signed predictions in any domain (public health, climate, supply chain) look like, and what failure modes does it have that single-receipt attestation does not?
  • Recursive lab interpretability at the receipt layer. If a research org runs AI agents that act, learn, and update themselves over time, how do receipts produced today remain interpretable to a regulator or auditor reading them three years later, after the underlying models have changed?

Support

Ecosystem

AWS Startups programme. Auth0 (enterprise SSO live in production). Selected for WeBuild Cohort 2, the TechFoundHer founder programme under the Shared Island Enterprise Scheme, delivered with InterTradeIreland, Invest Northern Ireland, and Enterprise Ireland. Main Stage Top 10 at the GenAI Zürich Hackathon 2026 (ETH Entrepreneur Club, Colosseum EC, Technopark Zürich AI Startup Center, April 2026): shortlisted from 93 submissions for the funded on-site hack, then pitched on the Main Stage with Bounds (bounds.aqta.ai), our open-source PDF redaction product.

Page last updated 2026-06-11.

Continue

Related

AboutMission and team backgroundManifestoThe long-form thesisTrust centreCompliance architectureTechnical walkthroughThe signing pipeline explained