CEN/CENELEC JTC 21 is developing harmonized standards to support conformity assessment under the EU AI Act (Regulation 2024/1689). These standards will define how providers and deployers demonstrate that their AI systems meet the requirements of Articles 9 through 15 and Article 50.
A recurring challenge in this standards work is the gap between documented compliance and verifiable compliance. Current approaches rely on policy statements, static test reports, and point-in-time snapshots that do not capture what an AI system actually did during production operation.
We present SWT3 (Sovereign Witness Token v3) as a production reference implementation that addresses this gap. SWT3 is an open cryptographic protocol that generates tamper-evident evidence at the point of AI inference. It is not a proposal or a concept paper. It is working software deployed in production, with SDKs in five programming languages, a locked protocol specification, and public verification infrastructure.
We offer this contribution to support JTC 21's standardization efforts and welcome the opportunity to participate in relevant working groups.
The following table maps EU AI Act requirements under JTC 21's scope to corresponding SWT3 capabilities. Each row identifies the article, the compliance challenge, and the specific SWT3 mechanism that produces verifiable evidence.
| AI Act Article | Requirement | Compliance Challenge | SWT3 Evidence |
|---|---|---|---|
| Art. 9 | Risk management system | Proving that guardrails and safety filters were active at inference time, not just configured | AI-GRD.1 (guardrail enforcement), AI-GRD.2 (content safety). Factors record required vs. active guardrail counts per inference. |
| Art. 10 | Data governance | Demonstrating that personal data was minimized during AI processing without destroying audit evidence | Four clearing levels (0-3) progressively strip metadata from the evidence payload before it leaves the developer's infrastructure. Evidence integrity survives all levels via SHA-256 fingerprint. |
| Art. 12 | Record-keeping | Producing tamper-evident logs that "enable the tracing back" of AI system operation | AI-INF.1 (inference provenance with hashed input/output), AI-INF.2 (latency tracking). Daily Merkle rollup provides tamper evidence for the entire day's records. |
| Art. 13 | Transparency | Proving that explanations were generated alongside AI outputs, not added retrospectively | AI-EXPL.1 (explainability attestation), AI-EXPL.2 (confidence scoring). Anchors are timestamped at the moment of observation. |
| Art. 14 | Human oversight | Verifying that a human actually reviewed an AI decision before it became effective | AI-HITL.1 (human review attestation), AI-HITL.2 (override decision recording). Each review event is individually anchored. |
| Art. 15 | Accuracy, robustness, cybersecurity | Detecting model degradation in production, not just at deployment time | AI-MDL.1 (weight integrity), AI-MDL.2 (version tracking), AI-MDL.3 (drift detection against baseline). |
| Art. 27 | Fundamental Rights Impact Assessment | Producing evidence that FRIA safeguards are operational during production use | AI-FAIR.1 (bias measurement), AI-FAIR.2 (fairness threshold), AI-REV.1 (revocation of prior decisions). FRIA/DPIA mapping guide published. |
| Art. 50 | Transparency (GPAI) | Identifying AI-generated output and proving agent identity | AI-ID.1 (agent identity attestation with HMAC-SHA256 non-repudiation). Identity survives all clearing levels. |
SWT3 is not a draft specification or a research proposal. It is a production system with the following characteristics:
| Capability | Detail | Status |
|---|---|---|
| Protocol specification | SWT3 Spec v1.3.0. Fingerprint formula, anchor format, and clearing levels are locked. | Production |
| SDKs | Python (PyPI), TypeScript (npm), Rust (crates.io), C# (NuGet), Ruby (RubyGems) | Published |
| AI Procedures | 43 procedures covering inference, model integrity, guardrails, fairness, human oversight, explainability, identity, access control, tool witnessing, revocation, security, RAG provenance, hardware attestation, environmental telemetry, and trust mesh | Production |
| Clearing engine | 4 levels (Analytics, Standard, Sensitive, Classified) satisfying GDPR data minimization and AI Act evidence obligations simultaneously | Production |
| Fingerprint parity | 38 cross-language test vectors verified across all 5 SDKs. Identical fingerprint output from identical inputs in every language. | Verified |
| Merkle integrity | Daily Merkle rollup (domain-separated tree) with inclusion proofs. Any anchor's membership in the day's evidence set is independently verifiable. | Production |
| Public verification | Unauthenticated endpoint for structural validation and revocation status. No account or vendor relationship required. | Live |
| MCP integration | Model Context Protocol server enabling AI agents to discover and invoke compliance witnessing through standard tool enumeration | Published (npm) |
| OSCAL bridge | Witness anchors embed into NIST OSCAL Assessment Results for US/EU regulatory interoperability | Production |
We offer the following assets to support the JTC 21 standardization process:
In April 2026, a series of technical papers were published on the European Commission's Futurium platform proposing an execution-time governance architecture for AI Act compliance. This architecture, built on Virtual Identity (VI), Compliance Jurisdiction Token (CJT), Algorithmic Logic Fingerprint (ALF), and Ledger-Anchored Validation Receipts (LAVR), describes a pattern that SWT3 independently implements under different terminology.
We have published a detailed technical mapping showing primitive-by-primitive correspondence between the proposed architecture and SWT3's production implementation. This independent convergence strengthens the case that the standards community is arriving at a shared understanding of what runtime compliance evidence requires.
Our mapping document and a formal consultation response have been submitted through the Futurium platform.
| Working Group | Scope | SWT3 Relevance |
|---|---|---|
| WG2 (Operational Aspects) | Conformity assessment framework | SWT3 provides the evidence layer that conformity assessments consume. Anchors map directly to assessment objectives. Verification requires only a SHA-256 implementation. |
| WG3 (Engineering Aspects) | Data management, logging, bias, NLP evaluation | SWT3 clearing levels address data management (Art. 10). Inference logging (Art. 12) is the protocol's core function. Bias measurement (AI-FAIR.1/2) is a built-in procedure. |
| WG5 (Cybersecurity for AI) | Security standards for AI systems | HMAC-SHA256 payload signing, fingerprint integrity verification, Merkle tamper evidence, and clearing-level data sovereignty address AI-specific security requirements. |
We respectfully request consideration of this contribution by CEN/CENELEC JTC 21. Specifically:
| Organization | Tenable Nova LLC |
| Protocol | SWT3 v1.3.0 (Apache 2.0) |
| Patent status | Patent pending |
| SDKs | pip install swt3-ai | npm install @tenova/swt3-ai | crates.io, NuGet, RubyGems |
| Protocol specification | https://sovereign.tenova.io/guides/swt3-protocol.html |
| Live auditor demo | https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public?framework=EU-AI-ACT |
| EU AI Act mapping | https://sovereign.tenova.io/guides/vi-cjt-alf-lavr-mapping.html |
| FRIA/DPIA mapping | https://sovereign.tenova.io/guides/fria-dpia-mapping.html |
| Contact | founder@tenovaai.com |
| Website | https://tenova.io |
© 2026 Tenable Nova LLC. This document is provided as a technical contribution to the CEN/CENELEC JTC 21 standardization process. It does not constitute a formal standards proposal. The SWT3 protocol specification is licensed under Apache 2.0. Protocol mechanisms are patent pending.