EU AI Act · Article 12 · AI Liability

Prove what your AI did.
Before a regulator asks.

EPI creates a tamper-evident case file for every consequential AI decision — cryptographically signed, portable, and independently verifiable. When a regulator, auditor, or court asks "show us the record," you answer in 30 seconds.

Book a 20-minute demo View on GitHub

Open-source core · No vendor lock-in · Works with OpenAI, Anthropic, any LLM

The problem

Your AI is making decisions.
You can't prove what it decided.

⚖️

Regulatory exposure

The EU AI Act, CFPB guidance, and FCA rules require documented evidence of AI decisions affecting people. Logs in a vendor dashboard don't count.

🔍

Fragmented audit trails

LLM call in one tool. Business logic in another. Human review in a third. When regulators ask, engineers spend weeks reconstructing what happened.

🚨

No tamper evidence

Even if you find the logs, you can't prove they weren't altered. Screenshots and exports are inadmissible. You need cryptographic proof of integrity.

August 2, 2026 — EU AI Act provisions for high-risk AI systems take full effect. Loan decisions, HR screening, and insurance underwriting require documented decision records. That's 4 months away.

How it works

Three lines of code.
A defensible record forever.

01

Capture

Point your existing AI SDK at the EPI gateway. Every LLM call, tool invocation, and decision is captured automatically — zero code changes.

OPENAI_BASE_URL=http://localhost:8787/v1
python my_agent.py
02

Record

EPI packages the full decision trail into a portable .epi artifact — a signed, append-only case file containing every step, prompt, response, and human review.

epi gateway export --case-id loan-4821
→ loan-4821.epi (signed, 6 files verified)
03

Verify

Anyone — a regulator, auditor, or opposing counsel — can verify the artifact hasn't been tampered with. No EPI account required.

epi verify loan-4821.epi
→ VERIFIED ✓ Trust Level: HIGH
→ Ed25519 · 6 files · SHA-256

Case study

How Acme Fintech answered a regulator
in 30 seconds.

Scenario

Acme Fintech uses an AI model to assist loan officers with approval decisions. In Q1, it processed 12,400 applications. The CFPB received 340 complaints from denied applicants alleging discriminatory scoring. The regulator sent a formal request:

"Provide the complete input data, model output, and decision rationale for each denied application, along with evidence that records have not been altered since the time of decision."
Without EPI
Week 1–2: Engineers reconstruct decisions from 4 separate systems (LLM vendor, app DB, log aggregator, review tool)
Week 3: Legal flags that exported logs have no integrity proof — a forensics firm is engaged at $15k
Week 5: 23 cases have gaps. Engineers admit they can't fully reconstruct the model's reasoning for those decisions
Week 8: Regulator issues a notice of potential violation. Legal fees exceed $180k
With EPI
Day 1, 9:00 AM: Compliance team runs epi gateway export-all --status resolved
Day 1, 9:30 AM: 340 signed .epi artifacts produced — each containing the exact prompt, model output, policy applied, and reviewer decision
Day 1, 10:00 AM: Legal runs epi verify on all 340 files. Each prints VERIFIED ✓ Trust Level: HIGH
Day 1, 11:00 AM: Package delivered to CFPB. Regulator can independently verify every artifact — no EPI account required
8 weeks without EPI
2 hours with EPI
$180k+ legal exposure avoided

What EPI captures

Everything in one artifact. Signed at the moment of decision.

🧾

Full decision trail

Every LLM prompt and response, tool call and result, agent step, and business logic outcome — in order, timestamped.

🔐

Ed25519 signature

The artifact is cryptographically signed at creation. Any modification — even a single byte — invalidates the signature.

👤

Human review record

Who reviewed the decision, what they decided, when, and why — embedded in the same signed artifact.

📋

Policy applied

Which epi_policy.json was in effect at the time of the decision, and whether the AI's behaviour complied.

🌐

Works with any LLM

OpenAI, Anthropic, Google, Mistral, or any OpenAI-compatible API. Zero code changes — just point your SDK at the EPI gateway.

📦

Portable forever

A .epi file is a self-contained ZIP. No EPI account needed to verify it — today, or in 10 years.

Pricing

Start free. Pay when you need the team.

All plans include the open-source core. No credit card required to start.

Open Source
Free forever
For individual developers and researchers exploring AI governance.
  • ✓ Up to 1,000 decisions / month
  • ✓ Local recorder + viewer
  • ✓ Ed25519 signing + verification
  • epi verify CLI
  • .epi export
  • ✓ MIT licensed
Get started on GitHub
Most popular
Team
$199 / month
For AI teams that need a shared capture gateway and human review workflow.
  • ✓ Up to 50,000 decisions / month
  • ✓ Shared capture gateway
  • ✓ Up to 10 reviewers
  • ✓ Case inbox + review workflow
  • ✓ Slack / Teams webhook alerts
  • ✓ Automated backup
  • ✓ Bulk export for compliance
  • ✓ Email support
Book a demo
Enterprise
Custom
For regulated organisations that need audit-grade evidence at scale.
  • ✓ Unlimited decisions
  • ✓ Unlimited reviewers
  • ✓ SSO (SAML / OIDC)
  • ✓ Private deployment (VPC / on-prem)
  • ✓ Retention policies + search
  • ✓ Compliance report exports
  • ✓ SLA + dedicated support
  • ✓ EU AI Act readiness package
Talk to us

See EPI answer a regulator in 30 seconds.

In a 20-minute call, we'll walk through a live scenario — your industry, your AI stack — and show you exactly what your audit response would look like today.

Book a 20-minute demo →

Or email directly: mohdibrahim@epilabs.org