Compliance & audit.
The platform's compliance posture, stated truthfully. Pre-audit is pre-audit. Pilot-ready is pilot-ready. Where access has not been granted or certification has not been obtained, that is said plainly.
01Current status, in one place
SOV-2026-02-26
02TÜV SÜD pre-audit status
The platform is currently in the pre-audit phase with TÜV SÜD. Pre-audit is the phase in which the documentation dossier is reviewed in advance of formal audit, scope is defined, and outstanding items are surfaced. The pre-audit dossier is complete; the formal audit is the next phase, when scope is finalized.
The website states this status verbatim and does not extend it. The platform is not "TÜV-certified," is not "TÜV-approved," and does not carry any TÜV mark. It is in the pre-audit phase. That is the maximum claim the relationship currently supports, and it is what is published.
03EU AI Act positioning
The EU AI Act provides a risk-based framework for the regulation of AI systems. The platform's architectural posture aligns with the Act's intent in three load-bearing places:
- Transparency. Every decision is reproducible from inputs and policy. The transparency requirement is satisfied structurally rather than narratively.
- Human oversight. The Time Sovereignty Layer makes human authority for irreversible actions architecturally required, not procedurally exhorted.
- Logging and traceability. The hash-chained, signed forensic chain provides a logging surface that exceeds what the Act's Article 12 (record-keeping) requires for high-risk systems.
Per-vertical conformity assessment is scoped under the deployment's specific use case. Where the deployment is in scope of high-risk classification under Annex III, the Article 9 risk management system, Article 13 transparency, and Article 14 human oversight requirements are addressed by the platform's existing architecture and documentation.
0423-risk register
The platform maintains a 23-item risk register covering architectural, operational, integration, and regulatory risk categories. Each item carries: a description, a severity classification, a likelihood classification, the mitigating control, and the named responsible party. The register is maintained as part of the pre-audit dossier and is reviewed continuously.
The full register is available under NDA. Categories covered (non-exhaustive): chain integrity, signature key compromise, policy version drift, provider unavailability, sensor input integrity, role-token mapping leakage, replay storage durability, time-source compromise, jurisdictional regulatory shift, irreversible-action classification drift.
05Runtime verification addendum
The runtime verification addendum to the dossier specifies the operational checks the platform performs continuously: chain consistency verification, signature validity checks, policy version pinning per decision, time-source health, and the per-vertical operational invariants. The addendum is a living document; the architecture for the checks is fixed and is part of the sealed core.
06Master File / G.11 scope
The Master File compiles the platform's architectural specification, the policy framework, the conformity-relevant procedures, and the risk register into a single dossier. The G.11 scope corresponds to the section that addresses operational governance — the controls, the named authorities, the audit surface — and is the primary section a regulator interrogates. The dossier is available under NDA.
07Copyright — registered in Brazil
The core architecture is registered as a copyrighted work in Brazil. The registration covers the architectural specification, including the layer model, the canonical-output set, the Time Sovereignty Layer, the IX Algorithm specification for SLAM XP, the POL Protocol specification, the Five-Win constraint specification, and the SCINTILLA model specification.
08OpenTimestamps proof
The current sealed-core proof carries the public OpenTimestamps ID SOV-2026-02-26. The proof anchors the sealed core in a public, third-party-independent timeline. Verification is mechanical: the OpenTimestamps proof file (available under the documentation page) verifies against the public anchor. No vendor trust is required for the verification.
0913-point stress test
The platform has passed an internal 13-point stress test covering: chain consistency under load, signature integrity under partial failure, policy version drift detection, time-source compromise tolerance, replay reproducibility under storage migration, irreversible-action authorization integrity, role-token mapping reversibility refusal, provider unavailability behaviour, sensor input integrity refusals, recovery-path execution, OpenTimestamps anchoring durability, mass-deferral behaviour, and audit replay end-to-end.
The test is internal. It is not a third-party certification. It is documented in the dossier and is one of the inputs to the TÜV SÜD pre-audit.
10What is not claimed
The platform is not "TÜV-certified" or "TÜV-approved." It is not "trusted by FIFA, UEFA, or any federation." It is not "certified by any third party" beyond the copyright registration in Brazil and the OpenTimestamps anchoring. It is not "deployed worldwide." It does not have offices in any jurisdiction beyond what is true. None of those claims appear on this site, by policy.