immut is the Evidence Trust Layer. It sits underneath your existing compliance tools and anchors every file to the XRP Ledger blockchain with a precise timestamp. This creates tamper-evident, independently verifiable proof that a document existed at a specific moment — court-admissible in 88 countries.

Is blockchain evidence accepted in court?

Yes. Blockchain-anchored evidence has been accepted as legal evidence in US Federal Court (US v. Sterlingov, 2024), the EUIPO across all 27 EU member states (AZ Factory v. Valeria Moda, 2025), China's Supreme People's Court (1,400+ IP cases since 2018), and under EU Regulation 2025/2531. immut certificates are accepted in 88 countries and 171 jurisdictions.

Does my file leave my device?

No. immut generates a SHA-256 hash of your file on your own device. Only the hash is recorded on the blockchain. Your original file never leaves your infrastructure. Public proof. Private work.

Does immut replace Vanta or Drata?

No. immut is the proof layer that sits underneath your existing compliance tools. Vanta and Drata collect your evidence. immut proves when that evidence existed. They complement each other — immut adds the independent timestamp your compliance platform cannot provide.

Which compliance standards does immut support?

immut produces records that satisfy evidence requirements in ISO 27001, ISO 9001, ISO 14001, ISO 45001, SOC 2, GDPR, HMRC R&D, HSE health and safety, KYC/AML, EU AI Act, HIPAA, and more. Any standard that requires dated, tamper-evident records is supported.

What happens if immut shuts down?

Every certificate already issued remains independently verifiable on the public XRP Ledger. The proof does not depend on immut existing. A regulator, a judge, or opposing counsel can verify your certificate on the public blockchain at any time, with or without immut.

Evidence Record

Irish Data Protection Commission · 2022 · Cannot prove

Meta Platforms: €17M GDPR Accountability Fine

DPC Decision IN-18-5-5, March 2022

Compliance records

What happened

The Irish Data Protection Commission investigated 12 personal data breach notifications submitted by Meta (then Facebook Ireland) in 2018. After a multi-year investigation, the DPC's formal finding was not that Meta lacked security controls. It was that Meta had "failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice." This is a direct application of GDPR Articles 5(2) and 24(1), the accountability provisions that place the burden of proof on the data controller to demonstrate compliance. Meta may have had the controls operating in practice. But it could not prove they were operating to the required standard. The fine of €17 million is the clearest statement in European law of the exact problem immut solves: standard document formats on internal systems do not satisfy the accountability principle. A blockchain-timestamped record of each security measure and control at the moment of implementation would create exactly the "readily demonstrable" record the DPC required.

Outcome

€17 million fine. Landmark finding that inability to demonstrate compliance is itself a sanctionable breach of GDPR accountability provisions, regardless of whether the controls were in fact operating.

Sources

Authority source confirmed

AuthDPC: Decision IN-18-5-5

Public proof. Private work.

immut records a cryptographic hash of your file on the public XRP Ledger at the moment of creation. The timestamp is independently verifiable by anyone.

Anchor your evidence

Evidence Record

See all 43 rulings on record.

Jurisdiction filters, evidence-type filters, and authority sources linked on every case.

Back to all cases|Get started free