Court-Admissible by Design, Not by Subpoena

What this means for you

VEST is a tamper-evident audit ledger for regulated work. It treats every change to a document, a record, or an automated decision the way Google Certificate Transparency treats a TLS certificate: published into a log that anyone can verify, and that no one, including the operator running the log, can rewrite.

The pitch

A Rust service that gives compliance teams one answer to four questions. Did this happen? Who attested to it? When? Can a third party prove it without trusting us? VEST is the layer underneath SOC2 evidence collection, GDPR Article 30 records, HIPAA audit controls, and the new EU AI Act Article 12 logging mandate.

Who it’s for

The compliance officer or platform engineer who has been asked to produce an audit trail in court, and wants the trail to verify itself.

Proof points

• Built on the same Merkle tree primitive (RFC 6962) that powers Google and Cloudflare Certificate Transparency logs in production
• Performance targets are dated and named: P99 append latency under 70 milliseconds, inclusion proof verification under 10 milliseconds, one million operations per day per document
• Compliance map is explicit and cited in the source research: SOC2 Type II, GDPR Article 30, HIPAA audit control, eIDAS qualified electronic signatures, EU AI Act Article 12, CPRA ADMT assessments
• Positioned in the research roadmap as a “personality” on top of Google Trillian, the same backend used for the planet-scale CT logs since 2013

mindmap
  root((VEST))
    Verifiable
      anyone can check
      no trusted operator
    Tamper-evident
      append-only
      reorder is detectable
    Court-admissible
      named regulations
      named precedents
    Compliance-grade
      SOC2 GDPR HIPAA
      EU AI Act CPRA eIDAS