Compliant AI systems and non-compliant ones are technically identical.
The EU AI Act requires high-risk AI system providers to maintain technical documentation covering training data provenance, performance metrics, testing records, and significant changes, all with precise timestamps showing when each item existed and what it said at that time. Under GDPR Article 22 and the Act's transparency requirements, you must be able to show exactly what your model was trained on, when automated decisions were made by which model version, and that training data was obtained with appropriate authorisation. A model trained on licensed data and one trained without it produce outputs that are technically indistinguishable. What differs is the record that proves which.
AI and technology companies have already paid the price.
Where immut earns its keep in AI.
Every one of these activities already happens in your ML engineering, legal, and compliance teams. immut adds a layer of independently verifiable proof to each one.
Acquiring, curating, and documenting the datasets used to train foundation models, fine-tuned models, and AI-assisted products.
Timestamp each data licence and dataset snapshot at the moment of acquisition. If a copyright holder, regulator, or court demands to know whether a specific dataset was licenced at the time it was used for training, the blockchain record proves the licence existed before the training run, not that it was obtained retrospectively after a claim.
GEMA successfully sued OpenAI in November 2025 after showing that song lyrics used to train ChatGPT were returned almost identically by the model when requested. The court ordered OpenAI to cease saving the lyrics and pay damages. Thomson Reuters won summary judgment in February 2025 after ROSS Intelligence used Westlaw content without authorisation to train its AI legal research tool.
Three steps. Seconds per file.
Hash the file.
immut generates a SHA-256 hash of your file on our servers. For sensitive workloads, dedicated servers are available so files stay inside infrastructure you control.
Record on the public ledger.
The hash is committed to the XRP Ledger, a public blockchain, with a precise timestamp.
Timestamped certificate.
immut returns a certificate of the record and its timestamp. Blockchain-anchored evidence of this kind has been accepted in courts across 88 countries and 171 jurisdictions.
immut sits under the records your ML engineering, legal, and compliance teams already produce, in any tool. Files stay where they live; immut writes the proof that anyone can verify.
Proof that satisfies the four properties regulators and courts require.
Timestamped at the moment of creation.
Any change after creation is detectable by mathematics.
A regulator, auditor, or court can verify without trusting you or your vendor.
Blockchain-anchored timestamps of this kind have been accepted as legal evidence in 88 countries across 171 jurisdictions.
Prove it without publishing it.
Because only the hash is ever made public, model weights, training pipelines, and proprietary datasets can be proven to exist on a given date without disclosing the underlying files. Public proof. Private work.
How immut protects AI and model IP →