EU AI Act: August 2026.   10 weeks away.   Fine: 3% of global turnover per violation.
AILeash — AI Governance — sebbi.pro

Every AI decision.
Sealed. Proved. Unalterable.

When a regulator asks you to prove your AI treated someone fairly on a specific date, you have two choices. Cryptographic proof. Or nothing. AILeash gives you the proof. From 50p per device per month.

AILeash Engine v5.0.0 — Live Session Scan
ALLOW
Audit Hash — SHA-256 — Sealed — Immutable — EU AI Act Art.12
Get Free AILeash API Key → Watch The Demo
AILeash — 60 Second Demo

Watch what happens when
a regulator asks for proof.

Without AILeash you have nothing. With AILeash you have years of cryptographic proof.

What AILeash Does

Score. Decide. Seal.
Every AI decision. Every time.

Nine weighted signals. EWMA trust decay. SHA-256 Merkle chain. Plain-language explanations. Sub-20ms. Everything the EU AI Act requires.

9-Signal Scoring

Trust, velocity across three windows, transaction amount, device risk, anomaly score, country shift, safe country, trust floor. All weighted. All simultaneous. All under 1ms locally.

Sub-1ms local
🔗

SHA-256 Merkle Chain

Every decision sealed with the hash of the previous block. Alter any record and the chain breaks. Cryptographically impossible to hide. Not a log file. Mathematical proof.

Tamper-evident
💬

Plain-Language Reasons

Every BLOCK or CHALLENGE comes with a reasons array in plain English. velocity_spike. high_amount. country_shift. Article 13 satisfied automatically on every call.

Art.13 compliant
👥

EWMA Trust Decay

Each user builds a trust score across sessions. BLOCK events decay it fast. ALLOW events rebuild it slowly. Risk adapts in real time across the lifetime of the user.

Per-user learning
📋

Human Oversight

CHALLENGE tier creates a mandatory human review pathway. Article 14 satisfied. Every override is logged and sealed. Regulators can see the full decision trail including human interventions.

Art.14 compliant

Local Engine Option

SonicBoom gives you the Sebdog Engine running inside your own infrastructure. No data leaves your network. Sub-20ms. Licence validates on startup. Everything else is local.

Data sovereignty
Compliance Coverage

Every regulation.
One API call.

AILeash satisfies the full matrix of AI compliance requirements from a single POST request.

RegulationRequirementAILeash
EU AI Act Art.9Continuous risk management systemOK EWMA trust decay per user across all sessions
EU AI Act Art.12Tamper-evident audit loggingOK SHA-256 Merkle chain — mathematically unalterable
EU AI Act Art.13Explainable decisions in plain languageOK Reasons array on every decision automatically
EU AI Act Art.14Human oversight pathwayOK CHALLENGE tier — every override logged and sealed
Online Safety Act 2023Systematic auditable risk assessmentOK Full decision trail verifiable on demand by Ofcom
ICO Children's CodeProtection by defaultOK Guardian product — child safety scoring built in
Digital Services ActAlgorithmic transparencyOK Full chain verifiable by regulators at any time
FCA AI GuidanceExplainable auditable decisionsOK Signal breakdown on every BLOCK and CHALLENGE
Pricing

One price.
Everything included.

The compliance tooling enterprises pay £50,000 a year for. At 50p per device per month.

50p
per device per month — billed via stripe
9-signal EWMA weighted scoring engine
SHA-256 Merkle audit chain — every decision sealed forever
Plain-language reasons on every decision
EU AI Act Articles 9, 12, 13, 14 satisfied automatically
Human oversight pathway — CHALLENGE tier
Chain verification endpoint — regulator-ready on demand
100 free decisions — no card required to start
Referral code — earn 10p per device you refer forever
Get Free AILeash API Key →
Get Started

Free API key.
Running in 60 seconds.

No card. No contract. 100 free decisions. Your key in under a minute.

Your API Key — Save This Now
Your Referral Code
REF-XXXX-0000
Every device signed up using this code earns you 10p per month forever.
Redirecting to Stripe to set up billing…
100 free decisions active now.
Technical White Paper

The AILeash Technical White Paper.

Full technical documentation. SHA-256 Merkle chain architecture, EWMA scoring model, regulatory compliance coverage, deployment architecture, and the future roadmap. Everything a CTO, compliance officer, or regulator needs to understand what is built and why.

Read The White Paper ↓
Section 01

Abstract

AILeash is a cryptographic AI governance infrastructure platform that provides tamper-evident audit chains, real-time risk scoring, and regulatory compliance tooling for organisations deploying AI systems that make decisions affecting people.

The platform is built on a SHA-256 Merkle chain architecture — the same cryptographic primitive that underpins Bitcoin and modern distributed ledger systems — applied to the domain of AI decision accountability. Every decision scored by the AILeash engine is immediately sealed into a block containing the event data, the decision outcome, the timestamp, and the cryptographic hash of the preceding block. This creates an append-only, mathematically verifiable audit trail that cannot be altered by any party, including the operator of the system.

The scoring engine uses a nine-signal weighted model with Exponentially Weighted Moving Average (EWMA) trust decay, providing per-user risk assessment that adapts in real time across all sessions and interactions. Decisions are deterministic — identical inputs always produce identical outputs — enabling full reproducibility for regulatory review.

The platform currently comprises four products: AILeash (AI governance and EU AI Act compliance), AILeash Guardian (child safety and grooming detection), AILeash Sentinel (fraud and anomaly monitoring), and SonicBoom (local engine deployment via the Sebdog Engine). All four products share the same underlying scoring and audit chain architecture.

Key Claim

AILeash provides the only commercially available AI compliance infrastructure that generates cryptographically verifiable, court-admissible proof of every AI decision at 50p per device per month — satisfying EU AI Act Articles 9, 12, 13 and 14 from a single API call.

Section 02

The Problem With AI Decision Accountability

AI systems are making consequential decisions about people at unprecedented scale. Loan approvals, insurance underwriting, content moderation, fraud detection, medical triage, hiring decisions, and credit scoring are all being automated or augmented by AI systems that operate faster than any human reviewer can assess.

When these decisions are challenged — by a regulator, a court, a legal team, a journalist, or the individual affected — organisations face a fundamental accountability gap. The typical response is to produce log files: timestamped database entries recording what the system decided. These logs have three critical weaknesses.

The Mutability Problem

Standard database logs are mutable. A database administrator with appropriate access can modify, delete, or insert records. Even with access controls, an organisation under regulatory scrutiny cannot prove to an external party that its logs have not been altered. The integrity of the evidence depends entirely on trust in the organisation — precisely the party under scrutiny.

The Explainability Problem

Most AI systems return a decision — approved, rejected, flagged — without a structured explanation of the reasoning. EU AI Act Article 13 requires that systems provide explanations in terms meaningful to the affected person. A binary outcome from a neural network satisfies neither this requirement nor the practical needs of a regulator attempting to assess whether a decision was fair.

The Continuity Problem

EU AI Act Article 9 requires continuous risk management — not an annual review or a static risk assessment, but an ongoing, adaptive system that monitors and responds to risk in real time. A log file is a record of what happened. It is not a risk management system.

Regulatory Reality

EU AI Act enforcement begins August 2026. The fine for non-compliance is up to 3% of global annual turnover or 15 million euros per violation — whichever is higher. Ofcom is already investigating UK platforms under the Online Safety Act 2023. The ICO fined TikTok £12.7 million for Children's Code violations. These are not future risks. They are present obligations.

AILeash addresses all three problems simultaneously. The SHA-256 Merkle chain eliminates the mutability problem. The reasons array satisfies the explainability requirement. The EWMA scoring model with velocity monitoring provides the continuous risk management that Article 9 demands.

Section 03

The SHA-256 Merkle Audit Chain

The AILeash audit chain is a SHA-256 Merkle structure in which each block cryptographically references its predecessor. This means the integrity of any individual record cannot be verified in isolation — it can only be verified in context of the entire chain, from genesis to tip.

Block Structure

Each audit block contains five fields: the timestamp, the user identifier, the event JSON (the full input), the result JSON (the full decision output), the hash of the preceding block, and the audit hash of the current block.

# Block structure { "id": 14392, "ts": 1719999999.123, "user_id": "user_123", "event_json": '{"user_id":"user_123","action":"purchase","amount":299.00,...}', "result_json": '{"decision":"ALLOW","score":0.1842,"trust":0.7341,"reasons":[],...}', "prev_hash": "a3f9b2c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1", "audit_hash": "b7d2e4f1a9c3d5e7f9a1b3c5d7e9f1a3b5c7d9e1f3a5b7c9d1e3f5a7b9c1d3e5" }

Hash Generation

The audit hash for each block is computed as the SHA-256 digest of a JSON-serialised payload containing the previous hash, the timestamp, the event, and the result. The use of sort_keys=True in serialisation is critical — it ensures deterministic output regardless of dictionary insertion order, which is essential for reproducibility.

# Hash generation — Python implementation def sha(payload): return hashlib.sha256( json.dumps(payload, sort_keys=True).encode() ).hexdigest() def seal(event, result, ts): prev = chain_tip() # "GENESIS" if first block payload = { "prev_hash": prev, "ts": ts, "event": event, "result": result } h = sha(payload) db.execute( "INSERT INTO audit_log(ts,user_id,event_json,result_json,prev_hash,audit_hash)" " VALUES(?,?,?,?,?,?)", (ts, event["user_id"], json.dumps(event), json.dumps(result), prev, h) ) return h

Tamper Detection

Because each block's hash incorporates the previous block's hash, any modification to any historical record produces a cascade of hash mismatches from the altered block to the chain tip. The verification function detects this in O(n) time by recomputing every hash from genesis and comparing against the stored values.

# Chain verification — detects any alteration def verify_chain(): rows = db.execute( "SELECT event_json, result_json, prev_hash, audit_hash, ts" " FROM audit_log ORDER BY id ASC" ).fetchall() prev = "GENESIS" for i, row in enumerate(rows): payload = { "prev_hash": row[2], "ts": row[4], "event": json.loads(row[0]), "result": json.loads(row[1]) } if sha(json.dumps(payload, sort_keys=True).encode()) != row[3]: return {"valid": False, "broken_at": i} if row[2] != prev: return {"valid": False, "broken_at": i} prev = row[3] return {"valid": True, "blocks": len(rows), "tip": rows[-1][3]}
Legal Significance

A SHA-256 hash is a one-way function: given the hash, it is computationally infeasible to reconstruct the original data. Given the data, the hash is deterministic and reproducible by any party. This means any third party — a regulator, a court, an auditor — can independently verify the integrity of the chain without requiring access to the AILeash system. The evidence is self-verifying.

Database Implementation

The audit chain is stored in SQLite with WAL (Write-Ahead Logging) mode enabled. WAL allows concurrent reads during write operations, essential for maintaining sub-20ms response times under load. A UNIQUE constraint on the audit_hash column provides an additional database-level guarantee against duplicate or colliding hashes. All write operations are serialised through a threading.Lock to prevent race conditions in the concurrent request environment.

Section 04

The 9-Signal EWMA Scoring Engine

The scoring engine evaluates nine weighted signals simultaneously per event and produces a composite risk score between 0.0 and 1.0. The model uses Exponentially Weighted Moving Average (EWMA) trust decay, meaning each user's risk profile evolves continuously across all their sessions and interactions.

Signal Architecture

SignalWeightCalculationFlags
Trust Score (EWMA)0.30(1 - trust) * 0.30low_trust if trust < 0.4
Velocity 60s0.15min(v60/20, 1) * 0.15velocity_spike if v60 > 10
Velocity 5m0.10min(v5m/50, 1) * 0.10
Velocity 1h0.10min(v1h/200, 1) * 0.10
Transaction Amount0.15min(log1p(amt)/log1p(10000), 1) * 0.15high_amount if amt > 500
Device Risk0.10device_risk * 0.10risky_device if dr > 0.5
Anomaly Score0.10anomaly * 0.10behaviour_anomaly if an > 0.5
Country Shift0.10+0.10 if last_country ≠ countrycountry_shift
Unsafe Country0.10+0.10 if country not in SAFE setunsafe_country

EWMA Trust Decay

The trust score is the highest-weighted signal at 30% because it represents accumulated behavioural history. Unlike static risk scores, EWMA trust decay means a user's risk assessment incorporates every previous interaction with the platform — not just the current event.

Trust update after ALLOW: trust += (1 - trust) * 0.01 Trust update after CHALLENGE: trust -= trust * 0.02 Trust update after BLOCK: trust -= trust * 0.08 Trust bounds: [0.05, 1.0] Initial trust (new user): 0.5

The asymmetric decay rates are deliberate. Trust is hard to build and easy to lose — the same asymmetry that characterises genuine trust in human relationships. A single BLOCK event reduces trust significantly, while many ALLOW events are required to rebuild it. This means a bad actor cannot reset their risk profile simply by performing a few legitimate interactions.

Log-Scaled Amount Scoring

Transaction amount is scored using a logarithmic scale rather than a linear one. This is a critical design decision: a linear scale would penalise high-value legitimate transactions disproportionately. The log1p transform compresses the upper range, meaning the difference in risk contribution between a £100 and a £1,000 transaction is much smaller than the raw numbers suggest.

amount_score = min(log1p(amount) / log1p(10000), 1) * 0.15 Examples: £0 → score contribution: 0.000 £100 → score contribution: 0.075 £500 → score contribution: 0.096 (+flags: high_amount) £1,000 → score contribution: 0.105 £10,000 → score contribution: 0.150 (maximum)

Velocity Windows

Three velocity windows are maintained in memory per user_id using Python deque structures with automatic expiry. Events outside the window boundary are dropped from the deque on each access, meaning the windows are always current without requiring a scheduled cleanup process.

# Velocity tracking — three windows per user W60 = defaultdict(deque) # 60-second window W5M = defaultdict(deque) # 5-minute window W1H = defaultdict(deque) # 1-hour window def upd_vel(uid): t = now() for q in [W60[uid], W5M[uid], W1H[uid]]: q.append(t) c = now() W60[uid] = deque(x for x in W60[uid] if x >= c - 60) W5M[uid] = deque(x for x in W5M[uid] if x >= c - 300) W1H[uid] = deque(x for x in W1H[uid] if x >= c - 3600)
Section 05

Decision Architecture — ALLOW, CHALLENGE, BLOCK

The engine produces one of three deterministic decisions based on the composite risk score. The thresholds are fixed and do not vary by context or configuration — this determinism is essential for the audit chain to be meaningful.

score < 0.35 → ALLOW (proceed normally) score < 0.70 → CHALLENGE (require additional verification) score ≥ 0.70 → BLOCK (prevent the action) Trust update: ALLOW: trust += (1 - trust) * 0.01 (slow rebuild) CHALLENGE: trust -= trust * 0.02 (mild decay) BLOCK: trust -= trust * 0.08 (significant decay)

The CHALLENGE tier is a critical component of EU AI Act Article 14 compliance. It creates a mandatory human oversight pathway — a decision that the system cannot resolve with confidence is escalated to a human reviewer. Every CHALLENGE decision and every subsequent human override is logged and sealed into the audit chain, creating a complete record of both automated and human decision-making.

Article 14 Compliance

EU AI Act Article 14 requires that high-risk AI systems allow for human oversight and the ability to override automated decisions. The CHALLENGE tier implements this requirement at the engine level — it is not a post-hoc addition but a core architectural component. Every CHALLENGE that results in a human override is sealed into the audit chain with a timestamp, creating an immutable record that humans were involved in the decision-making process.

Section 06

The Four Products

All four AILeash products share the same underlying scoring engine and audit chain architecture. They differ in their signal weighting, threshold configuration, and the additional domain-specific logic applied on top of the core engine.

AILeash
AI Governance
EU AI Act compliance. Standard 9-signal scoring.
Guardian
Child Safety
Grooming detection. CSAM hard block. CEOP evidence.
Sentinel
Fraud Detection
Velocity monitoring. ATO detection. FCA evidence chain.
SonicBoom
Local Engine
Sebdog Engine. Runs in client infrastructure. Sub-20ms.

AILeash Guardian — Child Safety

Guardian applies domain-specific child safety signals on top of the core scoring engine. Grooming pattern detection uses linguistic and behavioural signals — isolation attempts, secrecy requests, love bombing patterns, and age-inappropriate contact. CSAM signals trigger an automatic BLOCK regardless of the composite risk score: this is a hard override that cannot be suppressed by any other signal.

Every BLOCK decision in Guardian generates a structured law enforcement evidence package containing the full event data, the signal breakdown, the audit hash, and a timestamp. This package is formatted for submission to Action Fraud and CEOP and is sealed into the audit chain at the moment of generation.

AILeash Sentinel — Fraud Detection

Sentinel weights velocity signals more heavily than the standard AILeash configuration. The 60-second window is the primary fraud detection signal — burst attacks, credential stuffing, and bot floods all produce characteristic velocity spikes that the 60-second window catches immediately. The 5-minute and 1-hour windows catch slower, more sophisticated attacks that attempt to evade per-minute thresholds.

Account takeover detection is a primary Sentinel use case. The country shift signal — a user appearing in a different country from their previous session — is one of the strongest ATO indicators. Combined with device fingerprint changes and behavioural anomaly scores from the calling platform, Sentinel can identify account takeovers with high confidence before significant damage occurs.

Section 07

Regulatory Compliance Coverage

AILeash was designed from the ground up to satisfy the specific technical requirements of the EU AI Act, Online Safety Act 2023, ICO Children's Code, and FCA AI guidance. Compliance is not a feature layer added on top of the system — it is the architecture.

EU AI Act 2024/1689

The EU AI Act classifies AI systems by risk level and imposes increasingly stringent requirements on higher-risk systems. Article 6 and Annex III define high-risk categories including AI used in critical infrastructure, employment, education, law enforcement, migration, and administration of justice. For high-risk systems, Articles 9 through 15 impose specific technical obligations.

Article-by-Article Coverage

Article 9 — Risk Management: Satisfied by the EWMA trust decay model, which provides continuous, adaptive risk assessment across all sessions. The system is always monitoring — not reviewing on a schedule.

Article 12 — Record Keeping: Satisfied by the SHA-256 Merkle chain. The requirement is for tamper-evident logging of all outputs that can affect natural persons. The audit chain is mathematically tamper-evident — not policy-tamper-evident.

Article 13 — Transparency: Satisfied by the reasons array returned with every decision. Every BLOCK or CHALLENGE includes a plain-language list of the signals that contributed to the decision.

Article 14 — Human Oversight: Satisfied by the CHALLENGE tier, which creates a mandatory human review pathway for borderline decisions. Every human override is logged and sealed.

Online Safety Act 2023 (UK)

The Online Safety Act creates a duty of care for platforms hosting user-generated content, with particular obligations around child safety. Ofcom has enforcement powers including fines of up to 10% of global annual turnover and the ability to require service providers to use accredited technology to identify and remove illegal content.

AILeash Guardian satisfies the Online Safety Act's technical requirements by providing systematic, documented, auditable child safety risk assessment. The audit chain provides the Ofcom-required evidence trail for every moderation decision. The real-time nature of the detection system satisfies the requirement for proactive rather than reactive safety measures.

ICO Children's Code (UK)

The ICO's Age Appropriate Design Code (Children's Code) applies to any online service likely to be accessed by children. It requires best interests of the child by default, data minimisation, no profiling unless strictly necessary, and high privacy settings by default. AILeash Guardian implements child-specific scoring that applies stricter thresholds and different signal weights when child users are identified, satisfying the Code's requirement for age-appropriate design at the infrastructure level.

Section 08

Infrastructure and Deployment Architecture

The AILeash platform is built entirely on Python standard library components — no external dependencies are required for the core engine. This was a deliberate architectural decision that eliminates dependency management complexity, reduces attack surface, and ensures the engine can run on any system with a Python runtime.

Server Architecture

The HTTP server uses Python's built-in http.server.BaseHTTPRequestHandler combined with socketserver.ThreadingMixIn. This provides one thread per request, enabling concurrent handling without the overhead of an external WSGI server or application framework. The ThreadingMixIn approach is well-suited to the I/O-bound nature of the workload, where most request time is spent on database writes rather than computation.

# Server configuration class ThreadedServer(ThreadingMixIn, HTTPServer): allow_reuse_address = True daemon_threads = True # Load shedding — 503 above 200 RPS def track_request(): t = time.time() with _load_lock: _req_times.append(t) while _req_times and _req_times[0] < t - 1.0: _req_times.popleft() rps = len(_req_times) if rps > 200 and not _overloaded: _overloaded = True # triggers HTTP 503

Database Configuration

SQLite is used with WAL (Write-Ahead Logging) journal mode and NORMAL synchronisation. WAL mode allows concurrent reads during write operations — critical for maintaining low latency on read queries (health checks, chain verification) while audit writes are in progress. NORMAL synchronisation provides a balance between durability and performance; the occasional risk of a lost transaction in the event of a power failure is acceptable given that the audit chain's integrity can be verified after recovery.

Concurrency and Locking

Three global locks manage concurrent access to shared state. The _db_lock serialises all SQLite write operations. The _key_lock manages per-API-key rate limiting data structures. The _load_lock manages the sliding RPS window used for load shedding. These locks are held for the minimum duration necessary to avoid deadlocks while maintaining data integrity.

Section 09

The Sebdog Engine — Local Deployment

The Sebdog Engine is a standalone, distributable version of the AILeash scoring and audit chain engine that runs entirely inside the client's own infrastructure. It implements the identical scoring algorithm and Merkle chain architecture as the hosted platform, with the addition of licence validation against sebbi.pro on startup and at 24-hour intervals.

Deployment Model

Clients download sebdog_engine.py via the authenticated /download/engine endpoint. The file is a complete, self-contained Python script requiring no external dependencies — it runs on any system with Python 3.6 or later. The engine validates its licence against the sebbi.pro API on startup, then operates entirely locally for all subsequent decisions.

# Sebdog Engine startup sequence python sebdog_engine.py --key al_live_xxxx --port 9090 # Output: [SEBDOG] Sebdog Engine v1.0.0 starting... [SEBDOG] Validating licence with sebbi.pro... [SEBDOG] Licence valid. Plan:paid Devices:5000 [SEBDOG] Engine running on port 9090 [SEBDOG] All decisions are local. No data leaves your network.

Data Sovereignty Architecture

The Sebdog Engine implements a data sovereignty architecture in which user event data never leaves the client's network on the decision hot path. The only external communication is the licence validation ping to sebbi.pro — which contains no user data — occurring on startup and every 24 hours. A 24-hour grace period applies if connectivity to sebbi.pro is unavailable, enabling the engine to continue operating through network outages.

Data Sovereignty Guarantee

When deployed via SonicBoom, user event data is processed entirely within the client's infrastructure. No decision data, no user identifiers, no event parameters, and no audit chain content is transmitted to Monop Content or sebbi.pro. The audit chain is stored in a SQLite database on the client's own systems. The client owns the evidence trail completely.

Section 10

Performance Characteristics

The AILeash scoring engine is designed for sub-millisecond decision times in local deployment and sub-20ms decision times in the hosted API configuration. These targets reflect the latency requirements of real-time decision systems where adding compliance infrastructure should not introduce perceptible delay.

Decision Latency

The core scoring computation — nine signal evaluations, trust update, and decision determination — completes in well under 1 millisecond on modern hardware. The primary latency contributor in the hosted API is the SQLite write operation for the audit chain seal, which typically adds 1-5ms depending on disk I/O performance.

In the Sebdog Engine local deployment, round-trip latency is typically under 2ms on localhost, comprising the HTTP overhead, scoring computation, and local SQLite write. Network latency to the hosted API from a UK-based client is typically 15-25ms including all processing time.

Throughput

The ThreadingMixIn architecture provides linear throughput scaling up to the load-shedding threshold of 200 requests per second. At this level, the server has been observed processing approximately 17 million decisions per day on a single Railway deployment. The SQLite WAL mode database handles this workload without contention at the write lock level.

Load Shedding

Above 200 requests per second the server returns HTTP 503 for non-critical endpoints. The /api/govern endpoint is not subject to load shedding — it continues to process decisions at all load levels. This design ensures that compliance decisions are never dropped due to load, while non-essential endpoints degrade gracefully under peak traffic.

Section 11

Future Development Roadmap

The current AILeash platform represents the first generation of cryptographic AI governance infrastructure. The architecture is deliberately extensible — the Merkle chain and scoring engine are designed to accommodate significantly more sophisticated signal sources, decision models, and deployment configurations without breaking existing audit trail integrity.

Near Term — Q3 2026

Academic Validation

Formal peer review of the EWMA scoring methodology and Merkle chain architecture in partnership with UK academic institutions. Published performance benchmarks under controlled conditions. Independent audit of the tamper-evidence properties.

Near Term — Q4 2026

Public Chain Explorer

A public, real-time dashboard of aggregated, anonymised chain statistics — decision rates, trust score distributions, signal frequency analysis across all participating platforms. The first public AI trust index derived from real decision data at scale.

Medium Term — 2027

Multi-Signal Federation

A federated signal network enabling participating platforms to contribute anonymised signal data to a shared trust intelligence layer. Platforms that have seen a bad actor can contribute a signal that benefits all other participants, without sharing identifying information.

Medium Term — 2027

Regulator API

A dedicated regulator-facing API enabling Ofcom, the ICO, the FCA, and EU AI Act enforcement bodies to verify audit chains for regulated platforms directly. Cryptographic verification without requiring access to the platform's own systems.

Long Term — 2028

Cross-Chain Verification

Inter-platform audit chain verification enabling a decision made on one platform to reference and verify decisions from another. Particularly relevant for the financial services sector where a single user may interact with multiple regulated platforms.

Long Term — 2028

AI Model Provenance

Extension of the Merkle chain architecture to cover not just AI decisions but AI model provenance — sealing model versions, training data hashes, and configuration parameters into the chain alongside decision outputs. Complete end-to-end AI accountability from training to deployment to decision.

The Broader Vision

The long-term trajectory of AILeash is toward becoming the standard infrastructure layer for AI accountability — in the same way that SSL/TLS became the standard infrastructure layer for web security. Just as no serious website operates without HTTPS, the expectation is that no serious AI system will operate without a cryptographic audit trail.

The regulatory environment is accelerating this transition. The EU AI Act, the Online Safety Act, the ICO Children's Code, FCA guidance, and DSA requirements are collectively creating a compliance obligation that every organisation deploying AI must address. AILeash provides the technical infrastructure to satisfy these obligations while the regulatory landscape continues to develop.

The unique position of AILeash is that it addresses compliance not as a reporting obligation but as a mathematical property of the system. Compliance is not demonstrated through documentation — it is proved through cryptography. This is a fundamentally different approach to AI governance, and it is one that regulators, courts, and affected individuals can verify independently.

The Core Thesis

The organisations that build AILeash into their AI infrastructure now will have years of verified, cryptographically sealed compliance history when regulators come knocking. The organisations that wait will have nothing. A compliance history that starts in June 2026 is worth more than one that starts in August 2026 — and infinitely more than one that does not exist at all.

Section 12

Conclusion

AILeash represents a novel approach to AI governance infrastructure: treating compliance not as a reporting obligation to be satisfied through documentation, but as a mathematical property to be proved through cryptography.

The SHA-256 Merkle chain architecture provides tamper-evidence that is independently verifiable by any party — regulators, courts, auditors, or affected individuals — without requiring access to or trust in the operating organisation. The nine-signal EWMA scoring engine provides continuous, adaptive risk management that satisfies the EU AI Act's requirement for ongoing risk assessment rather than periodic review. The three-tier decision architecture creates a mandatory human oversight pathway that satisfies Article 14 at the system level.

The platform is built entirely on Python standard library components, requires no external dependencies, and deploys as a single file in local configurations. It processes decisions in under 20 milliseconds and scales to hundreds of requests per second on a single deployment. It costs 50p per device per month.

The EU AI Act begins enforcement in August 2026. The Online Safety Act is already in force. The ICO is already fining. The FCA is already scrutinising AI decision-making in financial services. The compliance obligation is not approaching — it has arrived.

AILeash provides the infrastructure to satisfy it.

About the Author

Justin Antony Dobson is the founder of Monop Content, based in Blyth, Northumberland, UK. AILeash was designed, built, and deployed entirely on an Android phone during evenings and weekends alongside a full-time decorating business. The platform is live at sebbi.pro.

Contact: justin@monopcontent.com · 07908 269428 · sebbi.pro