Hash-anchored compliance attestations
Attestry ships signed, offline-verifiable EU AI Act technical files and hash-anchored attestations across EU AI Act, NIST AI RMF, ISO 42001, and the Colorado AI Act, so your buyers, auditors, and regulators can check your claims without an email chain.
Free plan · no credit card · SOC 2 in progress
Example Credit Scorer
EU AI Act · Art. 9
Issued Mar 14, 2026
ID: atr_01HQAV8WZ3K6T9YFX2N4PMR5BD
did:web:acme-c…xample
Trusted by AI teams shipping into regulated markets
The compliance gap
Three things break the second an auditor asks to see the evidence.
Compliance claims live in PDFs + Notion pages. Buyers can't verify without your security team on the call.
EU AI Act Article 9, NIST MAP-1.1, and ISO 42001 Clause 6.1 describe the same control. Answering four times doesn't scale.
When a model retrains, the compliance posture moves too. Most teams can't reconstruct what changed, when.
What you get
Everything you need to move fast in regulated markets and prove it later.
How it works
1
Fingerprint your model (SHA-256), declare its intended purpose, and map it to the frameworks it touches. Takes 60 seconds.
2
Attestry signs a compliance claim against your assessment, anchored to a SHA-256 hash with a public verify page.
3
Share a URL or QR code. Buyers + auditors + regulators confirm the certificate is genuine and not revoked, in real time on the public portal.
Frameworks + security
Frameworks covered
Assessments across all four; classification and document generation per framework capability.
Security posture
SOC 2 Type II
in progress
Ed25519 signing (Annex IV technical files)
production
Data residency
US region; EU available on request
For developers
TypeScript + Python SDKs. An MCP server for Claude Desktop + Cursor. A REST API for hash-anchored proofs and Ed25519-signed Annex IV technical-file binds.
import { Attestry } from "@attestry/sdk";
const client = new Attestry({ apiKey: process.env.ATTESTRY_KEY });
// Register your system once.
await client.systems.register({
name: "atlas-credit-scorer",
purpose: "Consumer credit scoring",
frameworks: ["eu-ai-act", "colorado-ai-act"],
});
// Issue a signed attestation against an evidence bundle.
const attestation = await client.attestations.issue({
systemId: "sys_0001",
frameworkKey: "eu-ai-act",
articleRef: "Article 9",
evidenceBundleUrl: "https://example.com/evidence.zip",
});
console.log(attestation.verifyUrl);
// → https://attestry.app/verify/a1b2c3d4e5f6...<64-char SHA-256>No CI plumbing. No compliance-team hand-off. Your deploy pipeline signs the attestation; your registry publishes it; your buyers verify it themselves.
MCP integration guideFree plan includes fingerprinting, unverified attestations, and a public registry listing. Upgrade when you need signed proofs or SLA-backed verification.