Compliance you can
verify.
Every TRAI certificate is a cryptographically signed evidence bundle. Below: the regulations and standards we satisfy, the TRAI features that satisfy them, and what we're working toward.
What this page is
A live compliance crosswalk mapping every regulation and standard TRAI addresses to the specific feature(s) that satisfy it. Like compliance.figma.com — but for cryptographic compliance of AI-generated content.
What this page is NOT
A compliance theater. If a control is missing or pending, we say so. Click any row to read the gap detail.
Where to verify
Every cert ID resolves to a JSON cryptographic receipt at /api/v1/verify/{cert_id}. The receipt is independently verifiable without contacting TRAI.
Honest state
The single fastest way to differentiate from inflated asset listings is to be the only one disclosing technical debt. Here's the real state of TRAI today.
Production-ready
- · 21 Rust crates · cargo test passing
- · 4 SDKs: Python, Python-light, TypeScript, Go
- · 36 MCP tools (Claude Code, Cursor, Codex)
- · Apache 2.0 + MIT dual license
- · OpenSSF Silver (badge id 13436)
- · RFC 9943 SCITT receipts (CCF 7.x)
- · RFC 9901 SD-JWT envelopes
- · FIPS 204 ML-DSA-65 post-quantum hybrid
Needs work before scale
- · HSM signing configured but not load-tested at production volume
- · PostgreSQL persistence Docker-only — needs RDS / Supabase for prod
- · Bus factor 1 — single founder, no co-maintainer merged yet
- · SOC 2 Type II target Q1 2027
- · OpenSSF Gold target Q4 2026
Framework crosswalk
Each row links a specific regulation or standard to the TRAI feature(s) that satisfy it. Status reflects current compliance, not aspiration.
| Regulation / Standard | Status | TRAI features | Gap / Target |
|---|---|---|---|
| EU AI Act Art 50 EU AI Act Article 50
Reference ↗
| ✓ compliant
since 2026-04-01 |
| No gaps |
| PLD Product Liability Directive 2024/2853
Reference ↗
| ✓ compliant
since 2026-04-01 |
| No gaps |
| DORA RTS DORA Regulatory Technical Standards 2024/1774
Reference ↗
| ✓ compliant
since 2026-04-01 |
| No gaps |
| NIS2 Art 21(2)(h) NIS2 Article 21(2)(h) cryptography
Reference ↗
| ✓ compliant
since 2026-04-01 |
| No gaps |
| ISO 42001 ISO/IEC 42001 — AI Management System | ◐ partial |
| Independent third-party audit scheduled Q2 2028.
Target: 2028-04-01 |
| FIPS 204 + 140-3 L3 FIPS 204 (ML-DSA) + FIPS 140-3 Level 3 HSM
Reference ↗
| ✓ compliant
since 2026-04-01 |
| No gaps |
| RFC 9943 SCITT RFC 9943 — SCITT (Supply Chain Integrity, Transparency, and Trust)
Reference ↗
| ✓ compliant
since 2026-07-04 |
| No gaps |
| RFC 9901 SD-JWT RFC 9901 — SD-JWT (Selective Disclosure JWT)
Reference ↗
| ✓ compliant
since 2026-07-04 |
| No gaps |
| OpenSSF Silver OpenSSF Best Practices Badge
Reference ↗
| ◐ partial |
| Gold criteria incremental: dangerous-workflow + token_permissions + signed releases.
Target: 2026-12-31 |
Cryptographic verification path
Every TRAI cert is verifiable offline by anyone holding the issuer's public key. No contact with TRAI required.
- Step 1Extract COSE_Sign1Pull the base64-encoded COSE_Sign1 envelope from the cert JSON receipt.
- Step 2Verify composite signatureVerify Ed25519 + ML-DSA-65 against issuer's public key per draft-ietf-lamps-pq-composite-sigs-15.
- Step 3Verify RFC 3161 timestampVerify TSA signature against Actalis Italia (eIDAS QTSP) root certificate.
- Step 4Verify SCITT inclusionVerify Merkle inclusion proof against CCF 7.x ledger root. RFC 9943 compliant.
SOC 2 Type II — target Q1 2027. Placeholder, not a fake badge. ISO 42001 certification target Q2 2028. This trust center is open about what it does and does not satisfy. Last updated 2026-07-05.