AGI-ERA · MODEL ACCOUNTABILITY

PLENA AI Training & Deployment Attestation

Third-party receipts for what AI systems are trained on, evaluated against, and deployed under. Built for the EU AI Act Article 53 regime, the NIST AI Risk Management Framework procurement standard, and the downstream deployers in regulated industries who must answer to regulators about the AI systems they use.

The five casesLanguages & reviewer queueInstitutional pilot

Opening problem

The European Union's AI Act, the NIST AI Risk Management Framework, the UK and US AI Safety Institute commitments, ISO/IEC 42001 on AI Management Systems, the Singapore Model AI Governance Framework, and a growing body of national legislation all converge on a single requirement: AI systems must be documented to a standard that allows regulators, procurement officers, downstream deployers, and affected parties to understand what was trained on what data, what evaluation regime was applied, what safety claims were made, and under what conditions the system was deployed.

The existing infrastructure for this documentation is essentially self-report. Model cards (Google), system cards (OpenAI, Anthropic), evaluation frameworks (HELM, MMLU, the AI Safety Institute evaluations) are all builder-controlled. The builder describes the training, the builder describes the evaluation, the builder asserts the safety claim. Regulators have no independent receipt of any of this. Procurement officers have no independent receipt. Downstream deployers in regulated industries — healthcare, finance, defense, public services — are asked to rely on the builder's word that the system they are deploying does what the builder claims.

This is not a complaint about builders. The builders that publish system cards are doing more than those that do not, and the work is genuine. It is a structural gap: there is no third-party receipt layer between the builder's self-report and the regulator or deployer who must trust it.

PLENA AI Training & Deployment Attestation is built to be that receipt layer. Not by certifying AI safety, evaluating model capabilities, or replacing AI Safety Institute audits — all of which require deep technical specialization PlenaProof does not claim — but by producing human-witnessed third-party attestation that the documented training conditions, evaluation procedures, and deployment restrictions were what they were claimed to be, in a form regulators and deployers can verify independently of the builder.

Five cases PlenaProof covers

For each case, three actors share the work: the builder makes the declarations of process, named third-party witnesses (independent reviewers, ethics committees, procurement-side observers) attest that the process occurred as described, and PLENA seals the four-artifact bundle. The receipt does not require the builder to disclose proprietary data — only that the process was followed. Every artifact is an existing PLENA receipt format applied to a specific AI training or deployment need — no new platform, no new identity layer.

Training Data Provenance Attestation

Witnessed declaration of training data sources, licensing chains, consent (where applicable), red-teaming and curation processes, and the chain of custody from raw data through training-ready corpus. The receipt does not require the builder to disclose proprietary data — only to attest, with third-party witness, to processes whose existence can be verified without disclosure.

  1. Training Data Declaration. Sealed builder statement of data sources, licensing, consent flows, and curation processes.
  2. Sealed Process Evidence Packet. Procedural artifacts that demonstrate the declared processes occurred — without exposing the underlying data.
  3. Annual Yearbook. Year-over-year refresh capturing any changes to data sourcing or curation.
  4. Multilingual Handover Packet to regulators and deployers. Drafted to satisfy EU AI Act Article 53 documentation requirements.

Compute Provenance Attestation

Witnessed receipts of which compute resources trained which model, under what conditions, at what scale. Supports downstream chip-export compliance (US Bureau of Industry and Security regulations), energy attribution for sustainability disclosure (relevant for SEC climate rules and EU CSRD), and audit of compute-based safety thresholds (relevant for EU AI Act Article 51 systemic-risk provisions).

  1. Compute Declaration. Sealed record of compute provider, location, hardware class, runtime hours, and energy attribution.
  2. Sealed Provenance Evidence. Procurement records, datacenter receipts, vendor attestations.
  3. Refresh Yearbook. Updated each training cycle and on material changes.
  4. Multilingual Handover Packet. Drafted for export-control authorities, sustainability auditors, and safety-threshold regulators.

Evaluation and Safety Claim Attestation

Third-party witnessed verification that the evaluation results, capability benchmarks, and safety mitigation efficacy claims published by the builder correspond to actual processes conducted. Distinct from independent evaluation itself (which is what AI Safety Institutes and red-teaming organizations do) — this is the attestation that an evaluation occurred as described, complementary to the evaluation itself.

  1. Evaluation Process Declaration. Sealed builder statement of which evaluations were run, by whom, against which benchmarks.
  2. Sealed Results Evidence Packet. Logs, named-witness attestations, and procedural records.
  3. Refresh Yearbook. Capturing each evaluation cycle and any methodology changes.
  4. Multilingual Handover Packet. Releasable to AI Safety Institutes, procurement, and regulators.

Deployment Scope and Use Restriction Attestation

Receipts of which deployments the model has been authorized for, under what restrictions, with what monitoring, with what human-in-the-loop arrangements, with what override capabilities. Relevant for both the builder (defending against misuse claims) and the deployer (demonstrating compliance with use restrictions).

  1. Deployment Scope Declaration. Sealed statement of authorized deployment contexts and restrictions.
  2. Sealed Use Restriction Evidence. Contractual restrictions, monitoring arrangements, override architecture.
  3. Annual Yearbook. Year-over-year deployment-scope record.
  4. Multilingual Handover Packet to downstream deployers. So the deployer can demonstrate compliance independently.

Incident and Post-Deployment Continuity

Receipts of post-deployment incidents, mitigations applied, model updates and version transitions, deprecations and successor mappings. The artifact survives the builder's reorganization, sale, or shutdown — important because AI liability claims often surface years after deployment, when the original builder may no longer exist.

  1. Incident Declaration. Sealed builder statement of any post-deployment incident.
  2. Sealed Incident Evidence Archive. Logs, named-reviewer attestations, mitigation records.
  3. Refresh Yearbook. Update on incident status, mitigation effectiveness, and model successor mappings.
  4. Multilingual Handover Packet to regulators and continuing deployers. Authoritative across the builder's reorganization or shutdown.

Institutional version

A parallel set of artifacts for model builders, AI Safety Institutes, downstream deployers in regulated industries, and AI procurement offices.

Aggregated multi-model attestation across a builder's portfolio; population-level attestation for regulators tracking sector-wide AI deployment; integration with existing compliance frameworks. Target buyers: AI model builders facing regulatory pressure (especially mid-size builders without the legal resources of the largest labs); national AI Safety Institutes (US, UK, EU AI Office, Japan AISI, Singapore IMDA); foundation-model deployers in regulated industries (healthcare AI vendors, fintech AI vendors, defense AI vendors, public-sector AI deployers); government AI procurement offices; insurance providers writing AI liability coverage (Munich Re, Lloyd's of London syndicates, the emerging AI-insurance market).

Same complement-not-replace disclaimer. PLENA AI Training & Deployment Attestation does not evaluate or certify AI safety, conduct red-teaming or capability benchmarking, adjudicate AI liability claims, or replace AI Safety Institute evaluations. It documents that processes occurred.

The 100-Year Operating Commitment

Adapted for a sector where the builder may not exist when the liability surfaces.

PLENA AI Training & Deployment Attestation is built on the assumption that AI builders, model versions, and deployment contexts will change faster than the liability claims and regulatory inquiries they generate. Where actually implemented and populated, the intended architecture replicates each artifact produced here across multiple independent archives and anchors it cryptographically to public records that do not depend on the continued existence of any single builder or platform, and verifiable offline by anyone holding the cryptographic keys. Receipts survive builder reorganization, model deprecation, platform change, and the multi-year delay typical between AI-related incidents and the regulatory or legal proceedings that follow them.

Read the full 100-Year Commitment

Why this differs from AI Safety Institute evaluations and model cards

National AI Safety Institutes (US AISI, UK AISI, EU AI Office, Japan AISI, Singapore IMDA) conduct evaluations of AI systems. These evaluations are excellent for what they are — independent technical assessments. They are not receipts; they are reports, written by the evaluator, owned by the evaluating institution.

Model cards and system cards (Google, OpenAI, Anthropic, Meta) are excellent disclosures — they document what the builder claims about training, evaluation, and limitations. They are builder-controlled and builder-published.

PLENA AI Training & Deployment Attestation is a third thing: a witnessed third-party attestation that the processes the builder claims were followed actually were followed, that survives the builder's continued cooperation and the evaluating institution's continued existence. It complements both AI Safety Institute evaluations (which assess capability and safety) and builder system cards (which describe what was done) by adding the receipt layer (which attests that what was described was in fact done).

PLENA AI Training & Deployment Attestation does not evaluate AI safety. It documents that processes occurred. The two functions are distinct and both necessary.

Existing instruments this complements

  • EU AI Act (Articles 6–15 for high-risk systems; Article 51 for general-purpose AI with systemic risk; Article 53 for general-purpose AI documentation)
  • NIST AI Risk Management Framework (AI RMF 1.0)
  • ISO/IEC 42001 (AI Management Systems)
  • C2PA Content Credentials
  • White House AI Executive Orders
  • UK AI Safety Institute commitments
  • Singapore Model AI Governance Framework
  • OECD AI Principles
  • G7 Hiroshima AI Process Code of Conduct
  • The Bletchley Declaration and successor AI Safety Summit commitments

What this does not do

PLENA AI Training & Deployment Attestation does not evaluate or certify AI safety. It does not conduct red-teaming, capability benchmarking, or adversarial testing. It does not adjudicate AI liability claims. It does not replace AI Safety Institute evaluations, third-party safety audits, or model evaluations. It does not function as a safety certification or fitness-for-purpose claim. It does not transfer, store, or run model weights. It does not provide AI alignment research or safety methodology. It does not represent any party in regulatory proceedings.

Languages and the human-reviewer queue

This page launches in PLENA's 8 live languages, with the EU AI Act epicenter languages (English, French, German, Italian, Spanish, Polish) particularly central. Mandarin (China AI development) is already in the launch set. Japanese (forthcoming addition pending human reviewer) and Korean (forthcoming addition pending human reviewer) are priority queue items given the geographic concentration of AI development. Contact hello@joinplena.com for translator inquiries. See the full Translation Roadmap.

Scholarship and norms

This product is built in conversation with:

  • EU AI Act (Regulation 2024/1689)
  • NIST AI Risk Management Framework 1.0
  • Stanford HAI AI Index Report (current edition)
  • Partnership on AI publications
  • C2PA technical specifications
  • ISO/IEC 42001:2023
  • AI Now Institute reports
  • Bletchley Declaration on AI Safety and successor summit declarations
  • The EU AI Office and US AI Safety Institute foundational publications
  • The PLENA white paper Beyond the Will: Verifiable Succession Infrastructure for the 21st Century

Related PLENA receipt grammar

Agent-to-Agent Accountability Hyperagent Attestation · self-modifying AI Student Authorship Attestation Deepfake Victim Documentation Healthcare Consent (regulated-industry AI) Financial Services Attestation Diaspora Inheritance & Continuity Labor & Recruitment Carbon & Climate Finance All Sector AI Trust Suites CONSERVASIGILLATEMPORA Sworn Human Reviewer Registry Refusal Receipts Translation Roadmap

For AI builders, AI Safety Institutes, regulated-industry deployers, and AI procurement offices

Mid-size builders facing Article 53 documentation pressure; national AI Safety Institutes; healthcare/fintech/defense/public-sector AI deployers; government procurement offices; AI liability insurers: PlenaProof welcomes pilot conversations.

Request a pilot conversationhello@joinplena.com