Technical Whitepaper · v4.0 · April 2026

Post-Quantum AI Compliance Infrastructure
for a regulated world.

AUTHOR Echelon Intelligence Group LLC
CLASSIFICATION Public
EFFECTIVE August 2026 (EU AI Act Art. 12)
HCS TOPIC 0.0.10416909

Rubric Protocol is post-quantum AI compliance infrastructure. It solves a fundamental problem: AI systems make consequential decisions continuously, but most organizations cannot prove what those decisions were, when they were made, or whether they complied with applicable law. Rubric embeds at the framework level — one line at startup — and anchors every AI decision to the Hedera Consensus Service mainnet using ML-DSA-65 post-quantum signatures. Customers declare their system's intended use and jurisdiction; Rubric computes the complete regulatory obligation set automatically and generates cryptographically verifiable evidence packages for EU AI Act Annex IV (Articles 9–15, 17, 26, 49, 72, 73), SR 11-7 model risk management, NIST AI RMF safe harbor, TX TRAIGA, CO AI Act, and more. The result: compliance that is proven, not asserted — at 177 million attestations per day.

1B+
Daily attestation capacity
<100ms
ZK proof generation
15
AI frameworks supported
5
Federation nodes · 4 continents
§1 · The Problem

AI systems make decisions.
Nobody can prove what they decided.

The EU AI Act Article 12 requires high-risk AI systems to maintain automatic logging of autonomous decisions — tamper-evident, retained for at least six months, available to regulators on demand. Enforcement begins August 2026.

Existing approaches fail in one of three ways: application-level logs are mutable and unverifiable; third-party audit tools bolt on after the fact and miss real-time decisions; blockchain solutions introduce unacceptable latency for production AI pipelines.

A financial institution using GPT-4o for credit decisions makes 40,000 autonomous determinations per day. Under Article 12, every one must be logged with sufficient detail to reconstruct the decision context. No existing infrastructure handles this at scale.

The penalty for non-compliance is up to 3% of global annual turnover — for a $10B institution, that is $300M per year.

§2 · The Solution

One line of code.
Every decision attested.

Rubric embeds at the framework level — not the application level. A single call at startup instruments every LLM call, agent decision, and tool use automatically. No per-decision code. No codebase audit. No latency impact.

import autogen_rubric as rubric # One line at startup. Everything below is attested. rubric.instrument( api_key="your-api-key", pipeline_id="loan-underwriting", ) # Works with OpenAI, Anthropic, LangChain, CrewAI, # LlamaIndex, AutoGen, Agno, Azure AI Agents, and 7 more.

Each attestation receives a unique ID, is cryptographically signed with ML-DSA-65 (NIST FIPS 204 post-quantum signature standard), aggregated into a Merkle forest, and anchored to Hedera Consensus Service — a public, immutable, verifiable ledger with Byzantine fault-tolerant consensus.

§3 · Architecture

Built for production scale.
Not a proof of concept.

Rubric uses a three-tier aggregation architecture that achieves 1,000,000:1 compression for HCS writes — enabling billion-scale daily throughput at minimal on-chain cost.

Tier 1
In-memory buffer. Attestations received and signed in <1ms. Flushed to Tier 2 every 30 seconds or at 100,000 items. Zero disk I/O on the hot path.
Tier 2
SHA3-256 Merkle forest aggregation. Up to 1,000 Tier-1 forests combined into a single root. Anchored to Hedera Consensus Service as a single HCS message.
HCS Anchor
Immutable on-chain record. Topic 0.0.10416909. Byzantine fault-tolerant finality in ~3 seconds. Verifiable by any third party without Rubric infrastructure.
ZK Layer
Noir/Barretenberg BN254 Merkle inclusion proofs. Any attestation can be proven without revealing payload contents. Proof generation: 63ms average. Suitable for on-chain or regulatory submission.
Federation
5-node federation across US, EU, SG, JP, CA. ML-DSA-65 signing on every node. mTLS inter-node communication. Shamir 3-of-5 threshold signing for high-assurance attestations.

Post-Quantum Cryptography

All signatures use ML-DSA-65 (CRYSTALS-Dilithium), standardized by NIST in FIPS 204 (August 2024). Rubric's implementation uses a native N-API C++ addon via liboqs, delivering 52× faster signing than pure JavaScript implementations. Attestations signed today remain verifiable against quantum adversaries.

Payload Privacy

Decision payloads are encrypted with AES-256-GCM before storage. The customer holds the encryption key — Rubric stores only the ciphertext and a cryptographic commitment. Rubric cannot read your AI decisions. Regulators receive the key from the customer directly for audit purposes.

§3.5 · Agentic AI Attestation

Beyond decisions.
The full agent accountability stack.

Modern AI systems are not single-shot decision engines — they are autonomous agents that reason across multiple steps, call external tools, maintain state across interactions, and delegate to other agents. Rubric attests the entire stack, not just the final output.

Tool Call Attestation

Every external tool invocation — web search, code execution, API calls, database queries — is attested with hashed input/output pairs, duration, success status, and chain linkage to the prior attestation. This is where AI risk actually lives: not the reasoning, the action.

# Automatic via instrument() — or manually: client.attest_tool_call( agent_id="credit-agent", tool_name="credit_bureau_query", tool_input=applicant_id, tool_output=credit_report, success=True, duration_ms=142, ) # toolInputHash, toolOutputHash, priorAttestationId all set automatically

Agent State Hashing

At every decision point, Rubric captures a SHA3-256 hash of the agent's current memory, context window, and system prompt — capped at 4KB to bound storage impact. Two identical decisions made from different mental states produce different state hashes, making behavioral drift cryptographically detectable. State hash type is recorded as full or truncated for audit transparency.

Chain Linking

Every attestation carries a priorAttestationId reference, forming a tamper-evident chain across the agent's full session. Deleting or reordering any attestation breaks the chain. The complete reasoning sequence — from initial input through every tool call and state transition to final decision — is cryptographically sealed and independently verifiable.

Agent Identity Registry

Each agent is registered with a stable W3C DID anchored to Hedera mainnet and a dedicated ML-DSA-65 (NIST FIPS 204) keypair. Agents are first-class cryptographic principals — auditors can verify which agent acted, not just that an agent acted. Registration records include jurisdiction, permitted uses, model hash, and version.

# Register an agent — returns DID + ML-DSA-65 public key curl -X POST https://rubric-protocol.com/v1/agents/register -H "x-api-key: your-key" -d '{"agentId":"credit-agent","jurisdiction":"EU","permittedUses":["credit-decisioning"]}' # Returns: did:hedera:mainnet:0.0.3923341#agent-credit-agent

The combination of tool call attestation, agent state hashing, chain linking, and cryptographic agent identity transforms Rubric from a compliance logging tool into a constitutional enforcement layer — the accountability infrastructure that makes autonomous AI systems deployable in regulated environments.

§4 · Regulatory Compliance

Global regulatory compliance.
Computed automatically from intent.

Declare your AI system's intended use and jurisdiction. Rubric computes your complete regulatory obligation set automatically — mandatory fields, applicable articles, safe harbor conditions, and a ready-to-paste SDK configuration. No compliance expertise required.

Regulation Scope Rubric Coverage Status
EU AI Act — Art. 12 + Annex IV High-risk AI — automatic logging + technical documentation Continuous attestation stream + Annex IV Evidence Package generator ✓ Live
EU AI Act — Art. 14 Human oversight — override and review evidence human.override + human.review event attestation with reviewerId ✓ Live
EU AI Act — Art. 72 + 73 Post-market monitoring + serious incident reporting Incident attestation with 15-day notification trigger on severity=serious ✓ Live
GPAI — Annex XI + XII General-purpose AI model documentation Model hash attestation + downstream provider evidence packages ✓ Live
SR 11-7 / OCC / FDIC Model risk management — US financial institutions Model inventory, validation status, outcome analysis, exception tracking ✓ Live
NIST AI RMF 1.0 GOVERN / MAP / MEASURE / MANAGE Four-function mapping → TX TRAIGA + CO AI Act safe harbor unlocked ✓ Live
TX TRAIGA Texas — impact assessment + algorithmic discrimination riskLevel + populationGroup fields → safe harbor via NIST RMF alignment ✓ Live
CO AI Act Colorado — pre-deployment risk assessment (Jun 2026) Pre-deployment attestation + NIST RMF safe harbor certificate ✓ Live
TPRM 2023 (Fed/OCC/FDIC) Third-party AI vendor oversight upstreamModelId attestation → vendor compliance trail ✓ Live
EU DSA + NIS2 Content moderation + critical infrastructure DSA moderation event attestation + infrastructure schema ✓ Live

Every assertion in every compliance report is backed by a cryptographic attestation anchored to Hedera HCS Topic 0.0.10416909 — independently verifiable without Rubric's involvement. Regulators, notified bodies, and auditors can verify any evidence entry directly on-chain.

§5 · Integration

13 frameworks.
Two packages. Zero configuration.

Rubric ships as two distribution packages — one for Python, one for TypeScript/Node — covering 13 major AI frameworks. Installation takes under 60 seconds. Every package includes the full compliance field set and auto-populates timing, latency, and event classification.

Package Ecosystem Frameworks Install
autogen-rubric Python OpenAI, Anthropic, LangChain, LlamaIndex, AutoGen, CrewAI, Haystack, Semantic Kernel, LangGraph, DSPy, Pydantic AI, OpenAI Agents SDK, Google ADK, Agno, Azure AI Agents pip install autogen-rubric
@rubric-protocol/sdk TypeScript/JS OpenAI SDK, any Node.js pipeline npm install @rubric-protocol/sdk
rubric-mastra TypeScript Mastra, Vercel AI SDK npm install rubric-mastra
@rubric-protocol/mcp-server MCP Claude Desktop, Cursor, Cline, Continue, any MCP host npx @rubric-protocol/mcp-server
§6 · Performance

Tested at scale.
Zero errors.

TestResultConditions
Peak throughput 3,247 RPS H41 load test, single node, tiered path
Federation throughput 2,052 RPS with ZK 5-node federation, ZK proofs enabled
Daily capacity 209M attestations/node Sustained throughput, 0 errors
Federation capacity 1B+ attestations/day 5-node federation aggregate
ZK proof generation 63ms average Noir/Barretenberg, BN254, depth-20 Merkle
Error rate 0 errors 4.15M attestations, pre-ZK federation test
§8 · GRC & SIEM Integration

Your existing tools.
No custom integration.

Every attestation is exportable in three formats on demand. Pipe directly into your existing GRC or SIEM platform — no custom integration, no professional services engagement.

FormatUse CasePlatforms
JSON API integration, custom dashboards, data warehouses Any system with REST API support
CSV GRC platform ingestion, spreadsheet analysis ServiceNow, Archer, OneTrust, Excel
SIEM NDJSON Security event correlation, threat detection Splunk, Elastic SIEM, IBM QRadar
PDF Report Court-admissible compliance documentation Regulators, auditors, board reporting
# CSV export — pipe directly into ServiceNow / Archer curl "https://rubric-protocol.com/v1/export/attestations?format=csv&from=2026-03-01" -H "x-api-key: your-key" -o attestations.csv # SIEM export — direct Elastic/Splunk ingestion curl "https://rubric-protocol.com/v1/export/attestations?format=siem" -H "x-api-key: your-key" -o attestations.ndjson # PDF compliance report — court-admissible, SHA3-256 hash sidecar curl -X POST https://rubric-protocol.com/v1/export/report -H "x-api-key: your-key" -d '{"org":"Acme Corp","period_from":"2026-03-01","period_to":"2026-04-01"}'

Each export record includes a verify_url linking to the public audit portal — regulators can independently verify any attestation without access to your internal systems or Rubric infrastructure.

§9 · Webhooks

Real-time event push.
Every decision, instantly.

Every attestation can be pushed to your SIEM, GRC platform, or custom endpoint in real time via HMAC-SHA256 signed webhooks. Non-blocking — zero latency impact on the attestation pipeline.

EventTriggerUse Case
attestation.created Every accepted attestation Real-time SIEM ingestion, live dashboards
batch.anchored Tier-2 HCS anchor On-chain confirmation alerts, audit logs
* All events Full event stream to data warehouse
# Register — one API call, instant delivery curl -X POST https://rubric-protocol.com/v1/webhooks -H "x-api-key: your-key" -d '{"url":"https://your-siem.company.com/events","events":["attestation.created"]}' # Each delivery is HMAC-SHA256 signed # X-Rubric-Signature: sha256={hmac} # X-Rubric-Event: attestation.created # X-Rubric-Delivery: {unique-id}

Webhooks auto-disable after 10 consecutive delivery failures — preventing noise while surfacing endpoint issues. Delivery status and failure counts are tracked per endpoint and visible via GET /v1/webhooks.

§7 · Pricing

Start free.
Scale when you do.

TierMonthlyAttestationsRetentionSLA
Developer Free 1,000/mo 7 days
Standard $999 100K/mo 30 days 99.9%
Enterprise $9,999 Unlimited 365 days 99.9%
Dedicated $25,000+ Unlimited Custom 99.99%

Design partner pricing available: 60-day free pilot followed by $2,500/month. Contact Scott@Rubric-Protocol.com to discuss requirements.

Technical Deep-Dive

Want the full architecture?

The technical deep-dive covers ML-DSA-65 implementation details, N-tier Merkle forest design, ZK circuit specification, threshold consensus protocol, and Halborn audit results. Sent to qualified enterprise prospects and researchers.

No spam. One email with the document. That's it.
Request Received

We'll be in touch shortly.

Scott will send the technical deep-dive within 24 hours.
Questions? Scott@Rubric-Protocol.com