P2 · Verifiable AI

Prove EU AI Act compliance without sharing originals.

Hide the AI system internals, training data and model details
Prove compliance with each AI Act provision

Complying with the EU AI Act means proving operational accountability for a "high-risk AI system." Lemma lets you prove compliance with each provision — risk assessment performed, human oversight, transparency — as attributes, without disclosing the original data.

Finance / FinTech · Public sector · All industries · Regulatory 2 min read
live in production since 2025 · Public-infrastructure PoC in production · ETHGlobal AI Agents 2026 Finalist
01 · THE PROBLEM

Three voices from the front line.

  • Legal / compliance

    “We want to run AI that falls in the EU AI Act's high-risk class in a compliance-verifiable form”

  • AI governance

    “We want to continuously prove our AI's compliance to regulators and third-party auditors”

  • Executives

    “We want to minimize regulatory-breach risk technically”

02 · THE SHIFT

Hand over the source, or just the facts?

Change what reaches the AI, and the leakage risk goes with it.

Without Lemma
Hand over the original
ai_system:
customer-decision-bot
risk_category:
high
audit_log:
…(millions of rows)
training_data:
…(huge dataset)
model_card:
↓ all of it goes to the AI / outside
With Lemma
Hand over just the facts
agent:
did:lemma:agent-decision-bot
modelId:
lemma-internal-classifier-v2
policyHash:
0x71c5…
satisfiesPolicy:
true
holder:
did:lemma:org-acme-ai
jurisdiction:
EU
disclosed:
[risk_assessment_done, human_oversight, transparency]
hidden:
[training_data, model_internals, customer_data]
ZK verified:
✓ VALID
↓ only the necessary facts to the AI

Each AI Act provision is implemented as a policyHash, and every AI decision issues a satisfiesPolicy proof. What is disclosed is only attributes such as "risk assessment done," "human oversight" and "transparency" — while training data, model internals and customer data stay hidden and protected. Compliance can be presented to regulators and third-party auditors continuously, without surfacing the originals.

See the technical details ↗
03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method Pass without exposing Independent verification Tamper-proof
Access control only
Masking / anonymization
Encryption only
Lemma (ZK proof)the only one with all 3
04 · HOW IT WORKS

What's next

We enter through compliance-policy design and a PoC, and stay alongside you through to operations.

  1. A 30-minute review — identify the AI system and the applicable provisions you want to prove compliance for.
  2. Design the compliance policy — implement each AI Act provision as a policyHash.
  3. Connect a proof-issuing layer — generate a satisfiesPolicy proof per AI decision.
  4. Prove one system via a PoC — roll out to one high-risk AI in 4 weeks, confirming per-provision compliance proofs.
  5. Hands-on support through operations — existing plan tiers (Civic / Critical / Compliance) serve only as a cost reference; the setup and pricing are designed together.

Tell us one AI system worried about the AI Act's high-risk class, in the first 30 minutes. No disclosure of training data or model details required.

05 · RELATED

Related use cases

Still have questions? See the FAQ →

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the four axes.

See use scenarios for Verifiable AI in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Try Seal → Trust402 reference implementation →