The HAPP Protocol
The trust layer for AI governance
Tamper-proof evidence that AI systems are governed. Verifiable by anyone. Trusted everywhere.
What is HAPP?
Human-Attested Provenance Protocol. Three primitives that turn governance actions into verifiable, portable trust.
Anchor
Hash governance decisions to immutable ledgers. Every approval, attestation, and incident lock gets a SHA-256 fingerprint anchored on-chain.
Attest
Issue cryptographic attestations of compliance state. A human reviewer signs off, creating a verifiable record of who attested what, and when.
Exchange
Share verifiable proof across organisations and regulators. Trust becomes portable — no proprietary formats, no vendor lock-in.
How HAPP Works
From governance event to verifiable proof in four steps
Governance Event
Approval, attestation, incident lock, or provenance record is created
SHA-256 Hash
Event data is hashed into a unique cryptographic fingerprint
Merkle Batching
Hashes are batched into a Merkle tree for efficient anchoring
On-Chain Anchor
Merkle root is written to an EVM-compatible blockchain
Verification ID
A unique VRF-ID is issued for the anchored proof
Public Verify
Anyone can verify at verisum.org/verify/{id}
Cryptographic Pipeline
event_data → SHA-256(payload) → Merkle(batch) → anchor(root, EVM) → VRF-{type}-{id}
Proofs are batched to minimise gas costs. Each batch produces a single Merkle root anchored on-chain. Individual proofs are verified via Merkle inclusion proofs against the anchored root.
Use Cases
HAPP proofs serve anyone who needs to trust that governance happened
Regulatory Reporting
Submit verifiable evidence to the FCA, ICO, EU AI Office, and sector regulators. Proofs link directly to anchored governance records — no more screenshots and spreadsheets.
Supply Chain Trust
Prove your AI governance posture to partners, customers, and auditors. Share verifiable attestations without exposing internal governance data or processes.
Board Assurance
Tamper-proof board-level attestations that create an auditable chain of who approved what, when, and under what governance posture. Evidence that survives leadership changes.
Cross-Org Interoperability
Exchange governance proof between organisations using a common protocol. HAPP proofs are portable, vendor-neutral, and independently verifiable by any party.
What Can Be Proven
Every governance action becomes a verifiable proof
Governance Assessments
Org-level and system-level assessment scores, dimension breakdowns, and maturity classifications.
Policy Approvals
That a specific AI policy was reviewed, approved, and published by an authorised person on a specific date.
Staff Declarations
That staff members completed AI usage declarations within a given compliance window.
Incident Responses
That an AI incident was logged, investigated, and resolved according to your governance process.
Vendor Due Diligence
That AI vendor assessments were conducted with specific risk ratings and mitigation actions.
Regulatory Alignment
That your governance posture was assessed against specific regulatory frameworks at a point in time.
Integrate HAPP Into Your Stack
REST APIs for anchoring, verification, and exchange. Build governance proof into any workflow.
/api/prove/approvalsCreate Approval
Submit a governance decision for human approval. Returns a verification ID once the approver signs off and the hash is anchored.
/api/prove/attestationsIssue Attestation
Create a signed attestation of compliance state. The attestation is hashed, Merkle-batched, and anchored. Shareable via verification link.
/api/public/verifyVerify Proof
Public endpoint. Pass a verification ID to confirm the proof is authentic, unaltered, and anchored. No authentication required.
/api/prove/provenanceRecord Provenance
Track AI system outputs with model version, data sources, and review status. Creates an auditable chain from input to output.
/api/prove/exchangesTrust Exchange
Share anchored proofs with external parties — regulators, auditors, partners. Creates a logged exchange record with recipient details.
/api/prove/incident-locksIncident Lock
Forensic freeze of governance state at the moment of an incident. Captures scores, policies, and system config as immutable evidence.
SDK
JavaScript/TypeScript and Python SDKs for integrating HAPP anchoring and verification directly into your governance workflows, CI/CD pipelines, and compliance tooling.
Coming Q3 2026Verification Portal
Any HAPP proof can be independently verified at:
https://app.verisum.org/verify/{verification-id}No account required. No authentication. Anyone with the verification ID can confirm the proof is authentic and unaltered.
// Verify any HAPP proof — no auth required
const response = await fetch(
`https://app.verisum.org/api/public/verify?id=${verificationId}`
);
const proof = await response.json();
// Returns:
// {
// valid: true,
// type: "attestation",
// anchored_at: "2026-03-15T14:22:00Z",
// chain_tx: "0x7a3f...e91d",
// organisation: "Verisum Demo Corp",
// event_hash: "sha256:a1b2c3d4..."
// }Built on Open Standards
Designed for enterprise adoption. No vendor lock-in.
Cryptographic Standards
SHA-256 hashing, Merkle tree batching, ECDSA signatures. Industry-standard cryptography — no proprietary algorithms.
EVM-Compatible Chains
Anchor to Ethereum, Polygon, Arbitrum, or any EVM-compatible chain. Proofs are chain-agnostic and portable between networks.
Enterprise-Grade
SSO/SAML, role-based access, immutable audit logs, and dedicated account management. Built for regulated industries.
Protocol Principles
No vendor lock-in
HAPP proofs are self-contained. If you leave Verisum, your proofs remain independently verifiable. The protocol is the product, not the platform.
Minimal on-chain footprint
Only Merkle roots are anchored. Governance data stays off-chain in your Verisum instance. The chain stores proof of existence, not content.
Human attestation required
HAPP requires a human in the loop. Automated systems can trigger governance events, but only authorised humans can attest and approve.
Portable trust
Proofs can be exchanged between any two parties. No bilateral integration required. One verification link, universal trust.
Why Cryptographic Proof Matters
Regulators want evidence, not promises
The EU AI Act requires documented governance. HAPP provides verifiable proof that governance actions occurred as declared.
Boards need accountability signals
Governance attestations create an auditable trail of who approved what, when, and what the governance posture was at that point.
Partners need trust portability
Cross-org trust exchange lets you share governance evidence with supply chain partners without exposing internal data.
Incidents need forensic freeze
When something goes wrong, incident lock captures the governance state at the moment of the incident — before anyone can alter records.
Start Proving Your Governance
HAPP is available today on Verisum Verify. Anchor your first proof in minutes.