OVS-AI 1.0

This document specifies the Open Verification Specification for AI Compliance (OVS-AI), a standard for proving that an AI system has undergone compliance assessment against one or more regulatory frameworks. The specification defines model fingerprinting, compliance attestation, and public verification protocols.

OVS-AI is designed to be implemented by any platform, registry, or compliance tool. It is framework-agnostic and extensible to new regulatory regimes as they emerge. This document is structured following ISO/IEC Directives, Part 2, for potential submission to international standards bodies.

This document specifies requirements for:

1. generating deterministic fingerprints for AI model versions;
2. creating compliance attestation certificates that bind a fingerprint to regulatory framework assessment results;
3. publicly verifying the compliance status of an AI model using only its fingerprint;
4. mapping attestation results across multiple regulatory frameworks via a crosswalk mechanism.

This document is applicable to organizations that develop, deploy, procure, or audit AI systems and wish to establish a portable, verifiable compliance record.

This document does not specify the content of regulatory frameworks themselves, nor does it define assessment criteria. It specifies the data structures and protocols for recording and verifying that an assessment was performed.

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document.

• ISO/IEC 42001:2023, Information technology — Artificial intelligence — Management system
• NIST AI 100-1, Artificial Intelligence Risk Management Framework (AI RMF 1.0)
• FIPS 180-4, Secure Hash Standard (SHA-256)
• RFC 8259, The JavaScript Object Notation (JSON) Data Interchange Format
• RFC 3339, Date and Time on the Internet: Timestamps
• W3C Verifiable Credentials Data Model v2.0, Credential issuance and verification

For the purposes of this document, the following terms and definitions apply.

3.1 model fingerprint

Deterministic SHA-256 hash of a canonical JSON payload containing an AI system's identifying attributes, used to uniquely identify a specific model version.

3.2 attestation

Cryptographically bound certificate that associates a model fingerprint with the results of a compliance assessment against one or more regulatory frameworks.

3.3 attestation domain

Category of compliance an attestation covers: AI compliance, post-quantum cryptography readiness, or cross-domain.

3.4 verification

Process by which a third party confirms the compliance status of an AI model by querying a public registry using the model's fingerprint.

3.5 framework crosswalk

Mapping of requirements between regulatory frameworks, enabling a single assessment to partially or fully satisfy multiple compliance regimes.

3.6 registry

Public service that stores model fingerprints, attestation records, and provides a verification API.

3.7 conforming implementation

A system that implements all mandatory requirements (clauses marked "shall") of this specification.

1. Construct a JSON object with exactly these fields in this order:systemId,modelVersion,modelArchitecture,weightsHash.
2. Absent optional fields shall be serialized as JSON null, not omitted.
3. Serialize using RFC 8259 canonical form (no whitespace, no custom replacer).
4. Compute SHA-256 (FIPS 180-4) of the UTF-8 encoded string.
5. Encode the digest as a lowercase 64-character hexadecimal string.

import { createHash } from "crypto";

interface FingerprintInput {
  systemId: string;           // UUID of the AI system
  modelVersion: string;       // e.g. "v2.1.0"
  modelArchitecture?: string; // e.g. "transformer-decoder"
  weightsHash?: string;       // SHA-256 of model weights file
}

function generateFingerprint(input: FingerprintInput): string {
  const payload = JSON.stringify({
    systemId: input.systemId,
    modelVersion: input.modelVersion,
    modelArchitecture: input.modelArchitecture ?? null,
    weightsHash: input.weightsHash ?? null,
  });
  return createHash("sha256").update(payload).digest("hex");
}

interface RegistryFingerprint {
  algorithm: "sha256";       // Hash algorithm identifier
  fingerprint: string;       // 64-character lowercase hex string
  modelVersion: string;      // Version of the model at fingerprint time
  systemId: string;          // UUID of the AI system
  registeredAt: string;      // RFC 3339 timestamp
}

Attestry (attestry.ai) serves as the reference implementation of OVS-AI 1.0. It implements all Level 2 (Registry) requirements and provides the following public endpoints:

# Verify a model (public — no authentication required)
curl https://attestry.ai/api/v1/registry/lookup?fingerprint=e3b0c44298fc1c...

# Register a model (requires API key)
curl -X POST https://attestry.ai/api/v1/registry/register \
  -H "Content-Type: application/json" \
  -H "x-api-key: rs_live_..." \
  -d '{"systemId": "550e8400-...", "modelVersion": "v2.1.0"}'

Full API documentation: attestry.ai/docs

OVS-AI 1.0 is being prepared for submission to the following standards bodies and regulatory programs. Organizations and national bodies interested in co-sponsoring submissions are invited to contribute via the GitHub repository.

The OVS-AI specification is developed as an open-source project to enable community feedback, implementation validation, and transparent governance. The specification text, TypeScript type definitions, and reference test suite are published under the Apache 2.0 license.