Skip to content

COMPLIANCE REPORTING

Generate Article 50 disclosures from signed manifests.

Hashproof builds EU AI Act Article 50 compliance reports directly from your signed corpus. Auditor-ready PDF and JSON, configurable date ranges, with a manifest-level evidence chain. Endpoint: POST /v1/reports/eu-ai-act.

What the report includes

Every report is anchored to specific manifests. There is no summarization layer between the regulation and the underlying cryptographic evidence.

EU AI Act Article 50 mapping

Each signed manifest is mapped to the relevant Article 50 disclosure obligation: synthetic-media labeling, training-data attribution, automated-decision marking. The mapping is maintained as the regulation moves through Commission updates.

PDF and JSON output

Reports ship as a single PDF for human reviewers and a structured JSON document for ingest into your audit tooling. Both reference the same underlying manifest IDs; nothing is summarized away.

Configurable date ranges

Generate per-quarter, per-month, or custom-range reports. Useful when an audit asks for evidence of compliance over a specific window, or when you need to prove a mitigation took effect on a known date.

Auditor evidence chain

Every claim in the report links back to a specific manifest, signature, and Merkle inclusion proof. Auditors can pull the underlying evidence with a single API call against the cited manifest IDs.

How a report is built

One request kicks off the pipeline. Reports for typical corpora return in under 30 seconds; very large date ranges run async with a webhook callback.

  1. 01

    POST a date range

    Send the report start and end dates to /v1/reports/eu-ai-act. Optionally scope to a specific tenant or set of tags; default is your full signed corpus.

  2. 02

    Server walks the signed corpus

    Hashproof iterates every signed manifest in the window, classifies its disclosure obligations, and groups them by Article 50 category.

  3. 03

    Auditor evidence is assembled

    For each disclosure, the report cites the manifest ID, the signature, the Merkle inclusion proof, and (when applicable) the resolved upstream lineage.

  4. 04

    PDF and JSON returned

    Response includes signed download URLs for both formats, valid for 24 hours. The PDF is human-reviewable; the JSON is machine-ingestible by audit platforms.

Minimal request

Reports are scoped to your tenant and a date range. The endpoint returns signed download URLs for both formats.

curl -X POST https://api.hashproof.ai/v1/reports/eu-ai-act \
  -H "x-api-key: $HASHPROOF_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "startDate": "2026-01-01",
    "endDate": "2026-03-31"
  }'

# => {
#   "reportId": "rpt_01JS7Z...",
#   "manifestsCovered": 12_438,
#   "pdfUrl": "https://...",
#   "jsonUrl": "https://...",
#   "expiresAt": "2026-04-29T18:00:00Z"
# }

Related capabilities

Compliance reports are downstream of the verb triple. The strength of the evidence chain comes from what was signed, resolved, and verified.

Sign

Compliance reports are only as strong as the manifests behind them. Issue C2PA manifests with managed keys, hybrid signatures, and Merkle anchoring.

Verify

Reports cite verified manifests. Confirm authenticity, trust-list match, and lineage in one HTTP call.

Federation

Federated registrars contribute to the evidence chain. Auditors can trace a report back through cross-registrar lineage.

EU AI Act enforcement begins August 2026.

Reporting is included on Scale and Enterprise. Free and Growth tenants can preview a sample report against their signed corpus.