immut is the Evidence Trust Layer. It sits underneath your existing compliance tools and anchors every file to the XRP Ledger blockchain with a precise timestamp. This creates tamper-evident, independently verifiable proof that a document existed at a specific moment — court-admissible in 88 countries.

Is blockchain evidence accepted in court?

Yes. Blockchain-anchored evidence has been accepted as legal evidence in US Federal Court (US v. Sterlingov, 2024), the EUIPO across all 27 EU member states (AZ Factory v. Valeria Moda, 2025), China's Supreme People's Court (1,400+ IP cases since 2018), and under EU Regulation 2025/2531. immut certificates are accepted in 88 countries and 171 jurisdictions.

Does my file leave my device?

No. immut generates a SHA-256 hash of your file on your own device. Only the hash is recorded on the blockchain. Your original file never leaves your infrastructure. Public proof. Private work.

Does immut replace Vanta or Drata?

No. immut is the proof layer that sits underneath your existing compliance tools. Vanta and Drata collect your evidence. immut proves when that evidence existed. They complement each other — immut adds the independent timestamp your compliance platform cannot provide.

Which compliance standards does immut support?

immut produces records that satisfy evidence requirements in ISO 27001, ISO 9001, ISO 14001, ISO 45001, SOC 2, GDPR, HMRC R&D, HSE health and safety, KYC/AML, EU AI Act, HIPAA, and more. Any standard that requires dated, tamper-evident records is supported.

What happens if immut shuts down?

Every certificate already issued remains independently verifiable on the public XRP Ledger. The proof does not depend on immut existing. A regulator, a judge, or opposing counsel can verify your certificate on the public blockchain at any time, with or without immut.

Evidence Record

UK Information Commissioner's Office · 2025 · Cannot prove

Advanced Computer Software Group: £3.07M ICO Fine

ICO Enforcement Decision, August 2025

Compliance records

What happened

Advanced Computer Software Group is an NHS software supplier whose systems were compromised in a ransomware attack in August 2022, affecting NHS 111 and other critical health services. The ICO investigation found that Advanced had procured a vulnerability scanning tool but had not been using it, and that its internal patching records were inaccurate, showing patching activities that had not been performed to the claimed standard. The company presented itself as meeting recognised security standards. The ICO's finding was that claimed compliance, unsupported by contemporaneous evidence of controls actually operating, is treated as no compliance at all. The provisional fine of £6 million was reduced to £3.07 million to reflect remediation steps taken after the attack. The Annex A 8.15 immutable logging requirement introduced in the ISO 27001:2022 revision exists precisely to prevent this scenario: a blockchain-timestamped log of vulnerability scans and patch activities, created at the time of each event, would be unmodifiable proof that the scanning was actually occurring.

Outcome

£3.07 million fine (reduced from £6 million provisional). Underlying finding: claimed compliance that cannot be evidenced is treated as no compliance at all.

Sources

Authority source confirmed

AuthICO: Advanced enforcement notice

Public proof. Private work.

immut records a cryptographic hash of your file on the public XRP Ledger at the moment of creation. The timestamp is independently verifiable by anyone.

Anchor your evidence

Evidence Record

See all 43 rulings on record.

Jurisdiction filters, evidence-type filters, and authority sources linked on every case.

Back to all cases|Get started free