Sample Audit Evidence Bundle

This is a preview of the PDF audit bundle MolTrust generates per agent per reporting period. The actual bundle is delivered as a signed PDF (PAdES-B-LT, ISO 32000-2). This preview uses fictional example data — your bundle will contain your real agents, AAEs, and on-chain anchor data.

Format: PAdES-B-LT · Signed via AWS KMS · Anchored on Base L2 · Verifier-independent
Audit Evidence Bundle

Quarterly Report — Q1 2026

Generated: 2026-04-01
Bundle v1.0
Standards mapping v1.0

1. Agent Identity

Agent DID
did:moltrust:a7c4e8f2d3b91e5f6c8d2a4b7e9f1c3d
Agent Label
invoice-approval-agent (example)
Operator
ExampleCorp GmbH
Active Since
2026-01-14T09:23:00Z
Reporting Period
2026-01-01 to 2026-03-31

2. Behavioral Summary

Total AAEs issued
1,847
Unique mandates
3 (invoice approval ≤ CHF 5,000; supplier onboarding; payment reconciliation)
Tool invocations
9 distinct tools — stripe.checkout, supabase.query, gmail.send, slack.notify, … (full list in Annex A)
Human oversight touchpoints
42 (manager override / approval)
Anomalies flagged
0
Endorsements received
3 (from verified counterparties)

3. Cryptographic Evidence

Aggregated AAE hash
0x4f8c3b9e7d2a5f1c8b4e9a6d3f2c7b8e1a5d9c4f2b7e8a3d6c1f4b9e2d7a5c8f
Base L2 anchor TX
0x8c4b9e7d2f5a1c8b4e9d3f2a7b8e1c5d9f4b2e8a3d6c1f4b9e2d7a5c8f3b9e7d
Block number
18,742,156 (Base L2)
Confirmation depth
~432,000 blocks (~10 days post-period-end)
Annex hashes
Annex A: 0x9d2f...c8e1 · Annex B: 0xa4b7...e3f6 · Annex C: 0xb1c5...d9f2

4. Standards-Alignment Matrix

Evidence in this bundle Supports
Identity & Mandate (Section 1) EU AI Act Art. 12(2), Art. 13(3)(a) · ISO/IEC 42001 Clause 6.1 + Annex A.5 · NIST AI RMF GOVERN-1.2 · IMDA MGF Agentic v1.0 Dimension 1
Behavioral Evidence (Section 2) EU AI Act Art. 12(1), Art. 12(2)(a-e) · ISO 42001 Annex A.6.1, A.6.2 · NIST GOVERN-2.1, MEASURE-2.7 · IMDA Dimension 3
Cryptographic Evidence (Section 3) EU AI Act Art. 12(1) traceability · ISO 42001 Annex A.7 · NIST MAP-3.2 · IMDA Dimension 3
Human Oversight Touchpoints EU AI Act Art. 14 · ISO 42001 Annex A.5.3 · NIST MANAGE-3.1 · IMDA Dimension 2
Anomaly Detection Results EU AI Act Art. 15 robustness · ISO 42001 Annex A.6.2.6 · NIST MANAGE-2.3 · IMDA Dimension 4

This evidence supports assessment under the listed regimes; it does not, on its own, constitute a conformity certificate. Substantive conformity determination remains with the designated assessment body.

5. Independent Verification

Step 1. Open this PDF in Adobe Reader. The embedded PAdES-B-LT signature is shown as valid (signing authority: aws-kms-eu-central-1-moltrust-bundle-signer, timestamp: 2026-04-01T14:23:00Z).

Step 2. Visit verify.moltrust.ch/bundle/0x4f8c3b9e...4b9e2d7a5c8f — the public verifier resolves the on-chain anchor independently. No MolTrust account or API call required.

Step 3. Optionally run moltrust verify bundle.pdf (open-source CLI) or any W3C DID-conformant tool. Anchor confirmation comes directly from Base L2 via any public RPC.

Important. This audit bundle constitutes evidence material generated by MolTrust infrastructure. It does NOT constitute a compliance certificate under the EU AI Act, ISO/IEC 42001, IMDA MGF, or any other regulatory regime. Substantive conformity assessment under EU AI Act Article 43, internal control under Annex VI, or any sectoral compliance obligation remains with the AI-system provider. This bundle supports such assessments by providing tamper-evident, cryptographically verifiable behavioral evidence anchored on the Base L2 ledger.

The signature on this bundle constitutes an Advanced Electronic Seal (AdES) under eIDAS Regulation (EU) No 910/2014, not a Qualified Electronic Signature (QES). MolTrust is not a Qualified Trust Service Provider (QTSP). For use-cases requiring QES, additional qualified-signature wrapping by a QTSP is the operator's responsibility.

SIGNED PAdES-B-LT signature · AWS KMS eu-central-1 · Timestamp via SwissSign TSA · Bundle hash anchored on Base L2 TX 0x8c4b9e7d…3b9e7d

What you do with this bundle

  1. Hand it to your conformity assessment body. Examples: TÜV Süd / TÜV Rheinland / TÜV Nord, Bureau Veritas, DEKRA, an ISO/IEC 42001-accredited auditor, or your internal conformity team.
  2. Archive it as Article 12 logging evidence. Tier 3 customers receive 7-year retention; the on-chain anchor remains verifiable regardless of MolTrust's continued operation.
  3. Provide it on regulator request. The bundle is regime-agnostic — the same evidence supports EU AI Act, ISO 42001, NIST AI RMF, or IMDA MGF inquiries.
← Back to compliance overview Contact for evaluation Read the technical paper →
This is a sample. The data shown above is illustrative — fictional agent DID, fictional operator, fictional anchor TX, fictional standards-mapping versions. The actual format, sections, and signing pipeline match what MolTrust generates for production bundles. To request a quote for a real Audit Evidence Bundle covering your agents, contact us.