An open RFC for AI decision provenance, designed to map to EU AI Act Annex III, SEC guidance, and BCRA principles. We built it because the industry needs it; we publish it because we want it standardized. Walk its eight sections on the right.
{ "manifest_version": "1.0", "query_id": "q_8c4d2a1f", "timestamp": "2026-05-29T14:32:18Z", "platform": "deino@1.0.0", "forecast": { "distribution": [0.62, 0.28, 0.10], "confidence": 0.87 }, "node_versions": [{ "id": "act:84a2", "v": 142 }, …], "agents_invoked": [{ "name": "a2a:profiler", "v": "3.1" }, …], "llm_attribution": { "sister_0": "anthropic/claude", … }, "reproducibility": { "seed": 42, "deterministic": true }, "signature": "0x7a3f…e21b", "signed_by": "customer-key:k_42f", "hash_algorithm": "SHA-256" }
Every ontology node accessed, version-pinned. Reproducibility requires this exact set, byte for byte.
Live RFC · hover a section to see which manifest fields it governs, and why.
Every vendor documents decisions differently — or not at all. Some ship “citations,” some “explainability scores,” most just a model name and a timestamp. When Annex III enforces, that won’t be sufficient.
Regulators will ask: what versioned data did the model consult, which agents were involved, which LLM produced what part, and can you reproduce this exactly? The manifest answers all four — and DEINO publishes the format as an open standard, independent of any commercial product.
The same manifest satisfies clauses across jurisdictions. This cross-walk is maintained as regulations evolve.
| Framework | Requirement | Manifest field |
|---|---|---|
| EU AI Act | Annex III §1.b — provenance of training data & decisions | node_versions, llm_attribution |
| EU AI Act | Annex III §3 — human oversight evidence | agents_invoked, signed_by |
| SEC AI Guidance | Reproducibility of AI-influenced decisions | reproducibility, full manifest |
| BCRA Principles | Trazabilidad of AI outputs | query_id, timestamp, signature |
| FINRA RN 24-09 | Audit trail for AI-recommended trades | full manifest export |
| SOX §404 | Controls over AI-derived financial reporting | full manifest + sign-off chain |
The RFC is public, the reference implementation is Apache 2.0. We invite other vendors to adopt the format and regulators to reference it. Email the standards working group to participate.