# AI training data documentation must reflect what was true at training time. That is a different and much harder question than whether documentation exists today. It is the question the EU AI Act, training-data copyright courts, and US copyright regulators are now deciding AI compliance on. immut creates a SHA-256 hash of your dataset or model snapshot on your own device and anchors it to the XRP Ledger, producing tamper-evident, independently verifiable proof that a specific dataset existed at a specific moment, unchanged, without exposing the data itself. ## What do the regulations require for AI training data? The EU AI Act, NIST, and US copyright regulators all converge on the same requirement: prove your training data record existed, in this form, at this date, to a party that does not trust you. - **EU AI Act, Article 53(1)(a), technical documentation.** Providers of general-purpose AI models must draw up and keep up-to-date technical documentation covering training, testing, and evaluation results. It must reflect what was true at training time, not what can be reconstructed after a complaint. Obligations applied from 2 August 2025. - **EU AI Act, Annex XI, Section 1(2)(c), training data provenance.** Documentation must include type and provenance of data and curation methodologies. A model card written after training cannot demonstrate that provenance was recorded at training time. - **EU AI Act, Article 10(2) plus Annex IV item 2, data governance.** Training data for high-risk AI systems must be subject to data governance practices, and documentation must cover training methodologies and provenance. Provenance is named twice in the regulation at two levels of specificity. - **EU AI Act, Article 55(1)(a), adversarial testing.** Providers of GPAI models with systemic risk must perform and document adversarial testing. That documentation is only useful if it can be shown to predate deployment, not postdate a complaint. - **EU AI Act, Article 12(1), automatic logging.** High-risk AI systems must allow automatic recording of events over the system's lifetime. Logs that can be altered by the provider they are supposed to audit do not satisfy the requirement. - **NIST AI 600-1 (July 2024), content provenance.** The US Generative AI Profile identifies content provenance as a cross-cutting requirement and recommends logging, metadata annotation, and documentation of the source, legal rights, privacy status, generation date, method, and lineage of training data. It states the gap explicitly: AI developers often fail to vet or adequately document the training data they are using. - **US Copyright Office, Part 2 (February 2025), human authorship.** Human authorship is a bedrock requirement for copyright. A provider that cannot demonstrate exactly what human-authored content was in its training corpus, and on what basis its use was authorised, lacks the foundation for a clean copyright defence. ## Why is a model card written after training a problem? A model card written after training is forensically identical to one written before it. Documentation in Notion, Confluence, SharePoint, and Hugging Face model cards is editable. File timestamps can be rewritten. Metadata can be changed. No document audit can tell the difference. Model cards are often written months after training, sometimes in response to litigation. Data sheets completed after the fact are indistinguishable from those completed at training time. Cloud storage is subject to provider-level modification, government orders, and operational bugs outside your retention settings. ## What does the litigation show? The litigation is already here, and the question in every case is when. Providers cannot point to a contemporaneous, tamper-evident record of exactly what was in their training datasets at the moment training ran. - **Getty Images v. Stability AI** (US District Court, D. Del., 1:23-cv-00135, ongoing): the exact composition of the LAION corpus at training time, and the CMI status of images at ingestion, cannot be established from retrospective documentation. - **New York Times v. OpenAI / Microsoft** (US District Court, S.D.N.Y., 1:23-cv-11195, ongoing): scope of the training corpus, what NYT content was ingested, when training ran on which dataset version. - **Thomson Reuters v. ROSS Intelligence** (US District Court, D. Del., February 2025 ruling, first US ruling rejecting AI training fair use): ROSS could not demonstrate with contemporaneous records what was in the dataset at training time. - **Andersen v. Stability AI** (US District Court, N.D. Cal., 3:23-cv-00201, ongoing): Section 1202 claims dismissed for insufficient CMI evidence, illustrating the evidentiary gap. - **Concord Music v. Anthropic** (US District Court, M.D. Tenn., 3:23-cv-01092, ongoing): what music content was in the training corpus and whether acquisition was lawful. Contemporaneous dataset records did not exist. - **EU AI Act enforcement** (EU AI Office, from 2026): whether GPAI technical documentation reflects training-data provenance at training time rather than after-the-fact reconstruction. Litigation costs in training-data copyright suits are running to tens of millions of dollars before trial. The EU AI Act carries penalties of EUR 15 million or 3% of worldwide annual turnover for failure to produce compliant technical documentation. ## How does immut prove AI training data provenance? The dataset stays private. The proof is public. A SHA-256 hash is a one-way fingerprint: anyone can verify it matches the original, no-one can reconstruct the original from it. 1. **Dataset stays on your infrastructure.** The SHA-256 hash is computed locally. The training dataset, model checkpoint, or evaluation log is not transmitted, stored, or visible to immut. 2. **Hash anchored to the XRP Ledger.** The hash is written to the public XRP Ledger at the moment you finalise the dataset. Once written, no party can alter or delete it. 3. **Certificate issued immediately.** A court-ready certificate contains the hash, XRPL transaction ID, ledger sequence number, and UTC timestamp. 4. **Proof outlives immut.** The record lives on a public blockchain and remains verifiable even if immut ceased to exist. Integrates with MLflow, Weights and Biases, DVC, Hugging Face, and any data pipeline with an API or webhook. ## Do courts accept blockchain-anchored evidence? Accepted in 88 countries and 171 jurisdictions. - **United States, US v. Sterlingov (2024):** the US District Court for DC admitted blockchain transaction records as primary evidence, without requiring expert testimony on the underlying technology. - **European Union, EU Regulation 2025/2531 (eIDAS-2):** qualified electronic time-stamps have the legal effect of evidence of the date and time indicated and the integrity of the data, binding across all 27 Member States. - **France, AZ Factory v. Valeria Moda (2025, Tribunal Judiciaire de Marseille):** a blockchain timestamp was accepted as proof of prior creation in an IP dispute, establishing date and integrity without production of the file itself. - **China, Supreme People's Court (2018):** blockchain-stored evidence is presumptively authentic. Over 1,400 IP cases have since been decided on blockchain-anchored evidence. ## The question to ask yourself If the EU AI Office asked you to prove your training dataset was exactly as your data card describes at the moment training ran, could you? ## Where can I learn more? - Live page: https://www.immut.io/evidence/ai-provenance - Developer docs: https://www.immut.io/docs - For AI agents: https://www.immut.io/ai-agents