immut is the Evidence Trust Layer. It sits underneath your existing compliance tools and anchors every file to the XRP Ledger blockchain with a precise timestamp. This creates tamper-evident, independently verifiable proof that a document existed at a specific moment — court-admissible in 88 countries.

Is blockchain evidence accepted in court?

Yes. Blockchain-anchored evidence has been accepted as legal evidence in US Federal Court (US v. Sterlingov, 2024), the EUIPO across all 27 EU member states (AZ Factory v. Valeria Moda, 2025), China's Supreme People's Court (1,400+ IP cases since 2018), and under EU Regulation 2025/2531. immut certificates are accepted in 88 countries and 171 jurisdictions.

Does my file leave my device?

No. immut generates a SHA-256 hash of your file on your own device. Only the hash is recorded on the blockchain. Your original file never leaves your infrastructure. Public proof. Private work.

Does immut replace Vanta or Drata?

No. immut is the proof layer that sits underneath your existing compliance tools. Vanta and Drata collect your evidence. immut proves when that evidence existed. They complement each other — immut adds the independent timestamp your compliance platform cannot provide.

Which compliance standards does immut support?

immut produces records that satisfy evidence requirements in ISO 27001, ISO 9001, ISO 14001, ISO 45001, SOC 2, GDPR, HMRC R&D, HSE health and safety, KYC/AML, EU AI Act, HIPAA, and more. Any standard that requires dated, tamper-evident records is supported.

What happens if immut shuts down?

Every certificate already issued remains independently verifiable on the public XRP Ledger. The proof does not depend on immut existing. A regulator, a judge, or opposing counsel can verify your certificate on the public blockchain at any time, with or without immut.

Evidence Record

US HHS Office for Civil Rights · 2024 · Cannot prove

US HIPAA Risk Analysis Initiative Enforcement

HHS OCR, 2023-2025

Compliance records

What happened

The HHS Office for Civil Rights launched the HIPAA Risk Analysis Initiative, a targeted enforcement programme specifically focused on healthcare organisations' inability to produce contemporaneous documentation of required safeguards. OCR's explicit stated enforcement position is stark: if you cannot produce documentation of a risk analysis, training records, or policy acknowledgments, OCR treats those safeguards as if they never existed. The initiative produced multiple enforcement settlements against organisations that were not accused of ignoring HIPAA, but of failing to document that they had complied with it at the time the required activities were performed. In each case, the organisation could not produce records proving the required compliance activities had been completed contemporaneously. The pattern is directly analogous to the GDPR accountability principle: the burden of proof rests with the covered entity, and standard document formats do not discharge it.

Outcome

Multiple settlements: PIH Health $600,000; BayCare Health System $800,000; Bryan County Ambulance Authority $90,000. All triggered by inability to produce documented evidence that required compliance processes had been completed.

Sources

Authority source confirmed

AuthHHS OCR: Risk Analysis Initiative

Public proof. Private work.

immut records a cryptographic hash of your file on the public XRP Ledger at the moment of creation. The timestamp is independently verifiable by anyone.

Anchor your evidence

Evidence Record

See all 43 rulings on record.

Jurisdiction filters, evidence-type filters, and authority sources linked on every case.

Back to all cases|Get started free