WHY ACF

Show me, right now, the cryptographic trace of the decision your agent took at 3:14 AM.

This page exists because by December 2, 2027, you will be asked.

// SCÉNARIO — 17.03.2027 — 14:12

"Show me, right now, the cryptographic trace of the decision your AI agent took at 3:14 AM, when it revoked the credit line of customer Dupont-Mercier; I want the hash, the signature, the model, the prompt, and the name of the natural person who bears civil liability for it."

— Your auditor, March 17, 2027, 2:12 PM.

This is not a hypothesis: enforcement of the EU AI Act high-risk obligations begins December 2, 2027.

Request a free auditDownload the whitepaper
// Without ACF / With ACF

Without ACF / With ACF

Five concrete scenarios. Two opposite outcomes. One single difference: the underlying trust infrastructure.

Without ACF
  • At 3:14 AM, your credit scoring agent denies 847 loans in cascade, and no one can reconstruct the decision the next day.
  • The customer service agent promised a €4,200 refund to a customer, then the redeployment erased the trace of the promise.
  • Your procurement agent just signed a €540,000 contract with a supplier under EU sanctions, with no documented prior control.
  • When the auditor asks who is civilly liable, the answer loops in a blame chain between IT, the model vendor, and the business unit.
  • No trace lets you demonstrate, to a regulator or a court, that the decision complied with the AI Act, ISO 42001, or the applicable sector obligations.
With ACF
  • The 3:14 AM decision carries an Ed25519 signature, a chained SHA-256 hash, and the name of the DDAO who is civilly liable for it.
  • The refund promise triggers the level-2 kill switch, mapped to fiche ACF-11, archived before any redeployment.
  • The supplier contract is classified N1 not N3, which makes fiche ACF-09 'sanctions screening' mandatory before signature.
  • The auditor receives within 30 seconds a signed PDF, mapped to AI Act, ISO 42001, NIST AI RMF, GDPR, and COBIT.
  • Your Sovereignty Score™ moves from 34 to 78 in six months, and every agentic decision remains opposable to a third party years later.
// Three possible responses

Three possible responses

On March 17, 2027, at 2:12 PM, your auditor is waiting. You have three responses available. Only one leaves you standing on March 18.

01Level 1 — Silence

"We will check with the engineering teams and come back to you."

// Consequence

Regulatory investigation opened, exposure to an AI Act sanction of up to €35M or 7% of global turnover, executive accountability triggered, prolonged legal uncertainty.

02Level 2 — Application logs

"We have application logs, we can export them for you."

// Consequence

Logs deemed non-probative under article 1366 of the French Civil Code, external forensic audit imposed, multi-month adversarial process, defense reconstructed after the fact.

03Level 3 — Cryptographic proof

"Here is the Ed25519-signed PDF; you can verify it independently with the public key."

// Consequence

Opposable trace produced immediately, verifiable by the auditor independently of your systems, compliance demonstrated across five frameworks (AI Act, ISO 42001, NIST AI RMF, GDPR, COBIT).

// ACF is a Decision Trust Infrastructure

ACF is a Decision Trust Infrastructure

ACF is not a framework you deploy. It is a trust infrastructure you join, in the same sense that TLS is for the web or SWIFT is for interbank settlement. The standard does not live in your servers: it lives in the ability of any third party to verify, years later, that an agentic decision actually took place, who carried it, and under which doctrine.

Ed25519
Signed identity

Every agent, every model, every doctrine carries a cryptographic identity registered in the ACF trust registry. No signature, no regulatory operability.

SHA-256
Replicable verification

Any decision can be replayed by a third party, years after issuance, with the same public key and the same chained hash. What is independently verified is opposable.

RFC 3161
Opposable trace

The Ed25519-signed PDF + RFC 3161 qualified timestamp constitutes proof under article 1366 of the Civil Code. No spreadsheet export, no log extraction: a document that defends itself.

// The real question

The real question

The question is no longer whether AI agents will make decisions. The question is whether those decisions will still be defensible years later. ACF® is the infrastructure that answers yes to that second question, by construction and not by luck.

Position your organization on the ACF scale.

A free diagnostic identifies the gaps separating you from the enforceable threshold — the point where an agentic decision remains defensible before a regulator, an auditor, a court or an insurer years later.

Request a free auditDownload the whitepaper
Your technical teams can verify the mechanics at acfstandard.io