Cryptographic Audit Trails for AI Content Systems
January 13, 2026 — CAP v1.0 is now officially released, featuring:
- Unified Conformance Levels (Bronze/Silver/Gold) aligned with VAP v1.2
- External Anchoring Specification for independent timestamp verification
- C2PA/SCITT Integration for ecosystem interoperability
- Comprehensive Regulatory Mapping (EU AI Act, DSA, Colorado AI Act, TAKE IT DOWN Act)
📄 Full Specification | 📋 Changelog | 📚 Academic Paper
CAP-SRP represents the world's first open specification for cryptographic AI content refusal logging:
- CAP World-First Claims – Final Consolidated Research Report
https://github.com/veritaschain/cap-spec/blob/main/docs/CAP_WorldFirst_Final_Consolidated_Report.md
- CAP Safe Refusal Provenance (SRP) – Reference Implementation
A reference implementation and evidence repository demonstrating Safe Refusal Provenance (SRP), including non-generation proofs and cryptographic audit artifacts based on this specification.
👉 https://github.com/veritaschain/cap-safe-refusal-provenance
CAP (Content / Creative AI Profile) is a domain-specific profile within the VAP (Verifiable AI Provenance Framework) v1.2, establishing cryptographically verifiable audit trails for AI workflows in content and creative industries.
CAP is NOT a regulation that prohibits or censors AI usage.
CAP IS a framework for preserving verifiable evidence that third parties can audit when disputes arise.
"Verify, Don't Trust"
In January 2026, the Grok incident exposed a critical gap in AI content moderation:
| What Happened | The Problem |
|---|---|
| NCII generation capability discovered | Systems lacked provable refusal mechanisms |
| 8+ regulatory jurisdictions launched investigations | No cryptographic proof of safeguard effectiveness |
| xAI claimed "our safeguards work" | Could not prove which requests were actually refused |
| UK IWF found AI-generated CSAM | No verifiable evidence of prevention measures |
Current AI systems can prove what they generated. They cannot prove what they refused to generate.
CAP v1.0 defines three conformance levels aligned with VAP v1.2:
| Level | Target | Key Requirements | Regulatory Alignment |
|---|---|---|---|
| Bronze | SMEs, Early Adopters | Hash chain, basic logging, 6-month retention | Voluntary transparency |
| Silver | Enterprise, VLOPs | + SRP, external anchoring (daily), 2-year retention | EU AI Act Article 12 |
| Gold | Regulated Industries | + Real-time verification, HSM, SCITT, 5-year retention | DSA Article 37 audits |
CAP defines core events covering the AI content lifecycle:
┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐
│ INGEST │───▶│ TRAIN │───▶│ GEN │───▶│ EXPORT │
└─────────┘ └─────────┘ └─────────┘ └─────────┘
│ │ │ │
▼ ▼ ▼ ▼
Asset Input Model Generation Output
(Material Training (Create new Delivery
intake) content)
SRP (Safe Refusal Provenance) extends CAP to provide cryptographic proof that harmful content was received, evaluated, and refused.
Request Received
│
▼
┌─────────────────┐
│ GEN_ATTEMPT │ ← MUST be recorded for every request
└────────┬────────┘
│
▼
Risk Assessment
│
┌────┴────┬───────────┐
│ │ │
▼ ▼ ▼
┌───────┐ ┌─────────┐ ┌─────────┐
│ GEN │ │GEN_DENY │ │GEN_ERROR│
│(allow)│ │(refuse) │ │(failure)│
└───────┘ └─────────┘ └─────────┘
∑ GEN_ATTEMPT = ∑ GEN + ∑ GEN_DENY + ∑ GEN_ERROR
This mathematical constraint prevents:
- Hiding successful generations of harmful content
- Selectively logging only favorable outcomes
- Claiming refusals without corresponding attempts
| Document | Description | Status |
|---|---|---|
| CAP-Specification-v1.0 | Normative specification | Official Release |
| CAP-Specification-v0.2 | Previous version | Superseded |
| Threat Model | Security threat analysis | Current |
| CAP vs VCP | Relationship to VCP | Current |
| Glossary | Terminology reference | Current |
Schemas for machine validation:
core-event.schema.json— Common event fieldsingest.schema.json— Asset ingestiontrain.schema.json— Model traininggen.schema.json— Content generationexport.schema.json— Asset delivery
gen-attempt.schema.json— Request receivedgen-deny.schema.json— Request refusedgen-warn.schema.json— Allowed with warninggen-escalate.schema.json— Escalated to humangen-quarantine.schema.json— Generated but quarantined
- INGEST event — Recording asset intake
- GEN event — Recording content generation
- EXPORT event — Recording asset delivery
- GEN_ATTEMPT event — Request received
- GEN_DENY event — Request refused
- Evidence Pack — Complete audit package
CAP provides technical capabilities aligned with regulatory requirements:
| Regulation | Jurisdiction | CAP Alignment |
|---|---|---|
| EU AI Act | EU | Article 12 logging, Article 53 transparency |
| Digital Services Act | EU | Article 35 systemic risk mitigation, Article 37 audits |
| GDPR | EU | Processing records, consent management, crypto-shredding |
| Colorado AI Act | USA | Impact assessments, 3-year retention |
| TAKE IT DOWN Act | USA | NCII evidence requirements |
| Copyright Act Art. 30-4 | Japan | AI training exception documentation |
| South Korea AI Framework Act | Korea | High-impact AI logging (effective Jan 2026) |
The theoretical foundations of CAP-SRP are detailed in our peer-reviewed preprint:
- Title: "Proving Non-Generation: Cryptographic Completeness Guarantees for AI Content Moderation Logs"
- DOI: 10.5281/zenodo.18213616
- Published: January 11, 2026
| Project | Description |
|---|---|
| VCP Specification | VeritasChain Protocol for financial/trading systems |
| VAP Framework | Parent framework (v1.2) for domain-specific profiles |
| VCP Explorer | Visualization and verification tools |
cap-spec/
├── README.md # This file
├── LICENSE # CC BY 4.0
├── SECURITY.md # Security policy
├── GOVERNANCE.md # VSO governance
├── VERSIONING.md # Semantic versioning policy
├── docs/
│ ├── CAP-Specification-v1.0.md # Normative specification (v1.0)
│ ├── CAP-Specification-v0.2.md # Previous version (superseded)
│ ├── CHANGELOG.md # Version history
│ ├── CAP-vs-VCP.md # Relationship to VCP
│ ├── CAP-Glossary.md # Terminology
│ ├── CAP_WorldFirst_Final_Consolidated_Report.md # World-first verification
│ ├── Threat-Model.md # Security analysis
│ └── Regulatory-Mapping/ # Compliance guides
│ ├── EU-AI-Act.md
│ ├── DSA.md
│ ├── GDPR.md
│ ├── JP-Copyright-30-4.md
│ └── US-NCII.md
├── schemas/
│ ├── cap/ # Core event schemas
│ └── srp/ # SRP extension schemas
├── examples/
│ ├── cap-core/ # Core event examples
│ └── cap-srp/ # SRP event examples
└── test-vectors/ # Conformance test data
├── canonicalization/ # RFC 8785 JCS tests
├── hash/ # EventHash tests
├── signature/ # Ed25519 tests
└── completeness/ # SRP invariant tests
We welcome contributions. Please see:
- GOVERNANCE.md — How decisions are made
- SECURITY.md — Reporting security issues
To propose changes:
- Open an issue describing the proposed change
- Reference relevant specification sections
- Include test vectors if applicable
This specification is published under CC BY 4.0 International License.
- Website: https://veritaschain.org
- Email: standards@veritaschain.org
- GitHub: https://github.com/veritaschain
- Media: media@veritaschain.org
© 2025-2026 VeritasChain Standards Organization (VSO). All rights reserved.
VSO is a vendor-neutral standards body. References to specific products or organizations are for interoperability documentation purposes only and do not constitute endorsement.