TeNova

Home / Guides / NB Pilot Package

Notified Body Pilot Package

10-day structured engagement to evaluate cryptographic AI compliance evidence for EU AI Act conformity assessment.

Audience: Notified Body leadership, conformity assessment teams, AI Act technical assessors. This document defines the problem, the evidence SWT3 provides, and the evaluation engagement.

1. The Problem

EU AI Act Articles 9, 11, 12, and 14 require continuous evidence of risk management, technical documentation, record-keeping, and human oversight for high-risk AI systems.

Current conformity assessments rely on point-in-time snapshots: documentation reviews, interviews, and manual artifact collection. Between assessments, there is no continuous evidence stream proving ongoing compliance.

The Solution

SWT3 is an open witness protocol that produces per-inference cryptographic anchors. Each anchor records three compliance factors, a clearing level, and a tamper-evident fingerprint.

SWT3 does not enforce policy. It creates an independent, continuous evidence record that Notified Bodies can verify against EU AI Act requirements at any point in time.

2. Evidence You Get

Art. 12 -- Record-Keeping
Per-inference provenance hashing, model identity, latency tracking
AI-INF.1, AI-INF.2, AI-MDL.1, AI-MDL.2
Art. 9 -- Risk Management
Fairness metrics, bias assessment, behavioral baseline drift detection
AI-FAIR.1/2/3, AI-BASE.1, AI-VIO.1
Art. 14 -- Human Oversight
Human-in-the-loop verification, access control, explainability evidence
AI-HITL.1/2, AI-ACC.1, AI-EXPL.1/2
Art. 50 -- Content Marking
C2PA manifest, watermark, and metadata tag provenance witnessing
AI-MARK.1
Art. 10 -- Data Governance
Training data provenance, RAG context hashing, PII lifecycle tracking
AI-DATA.1/2/3/4, AI-RAG.1/2
Art. 16 -- Post-Market
Anchor revocation with 7 reason codes, safe-state transitions
AI-REV.1, AI-SAFE.1

3. How It Works

  1. Install the SDK -- pip install swt3-ai or npm install @tenova/swt3-ai. Five languages, six package registries.
  2. Wrap the AI client -- Three lines of code. The SDK intercepts inference calls, computes SHA-256 hashes locally, and transmits only hashes and numeric factors.
  3. Evidence flows to auditor portal -- Notified Body assessors get read-only access to real-time compliance posture, exportable as Compliance Passport, OSCAL AR, or conformity checklist.
No custom code. This pilot uses the published SWT3 SDK and the Axiom platform as-is. If evaluation identifies needs requiring custom development, that becomes a separate Sovereign engagement.

4. Pilot Scope

Included

  1. Dedicated Enclave-tier tenant with 365-day anchor retention, full ledger access, and regulatory export suite
  2. SDK integration support for one AI system under assessment (Python or TypeScript, any provider)
  3. Three structured working sessions (remote, 60 minutes each):
    • Kickoff: tenant provisioning, SDK installation, first anchor verification
    • Mid-point: evidence review, auditor portal walkthrough, clearing level configuration
    • Findings: export review, gap identification, transition discussion
  4. Auditor portal access with real witness evidence from the integrated AI system
  5. Compliance Passport export (HTML + signed JSON) for Art. 11 technical documentation evidence
  6. OSCAL Assessment Results export (NIST-validated)
  7. EU AI Act conformity checklist with article-level evidence mapping

Not Included

5. Timeline

DaysPhaseActivities
1-3SetupTenant provisioning, SDK installation, first inference witnessed, kickoff session
4-7Evidence GenerationLive inference witnessing, clearing level tuning, auditor portal populated, mid-point session
8-10ReviewExport generation, evidence walkthrough, findings session, transition discussion

6. Investment

$10,000 USD
Single invoice, net-30 terms. No recurring commitment.

The pilot investment covers all deliverables listed in Section 4, including Enclave-tier platform access for the duration of the engagement. Pilot investment is not credited toward subscription fees.

7. Success Criteria

  1. All applicable AI procedures produce verdicts from live inference data
  2. The auditor portal displays accurate, real-time witness evidence
  3. At least one export package (Compliance Passport, OSCAL AR, or conformity checklist) is reviewed by the assessment team
  4. The NB assessment team can articulate how SWT3 evidence strengthens their conformity assessment process

8. Data Sovereignty

All data remains within the NB's tenant boundary. TeNova does not access, inspect, or retain prompt content, model outputs, or business data. Only cryptographic hashes (SHA-256, truncated) and numeric compliance factors cross the network boundary. The clearing protocol provides four levels of data protection (0-3), configurable per deployment.

Raw prompts and responses never leave the deployment infrastructure.

9. Transition Path

10. Contact

To schedule a pilot or request a 20-minute walkthrough:

80
AI Procedures
5
SDK Languages
6
Registries
16
Frameworks
This guide is provided for informational purposes only and does not constitute legal, regulatory, or compliance advice. Regulatory mappings and crosswalk interpretations reflect the publisher's analysis and may not address all obligations applicable to your organization. Consult qualified legal counsel before making compliance decisions based on this content.