AI Use Case Inventory Certification (AIUC-1)
AIUC-1 is the industry certification for AI use case inventory, governance, and tamper-evident audit trails. Ledgix customers pursuing AIUC-1 can produce a single signed evidence pack that covers the inventory, risk-scoring, and audit-trail components end-to-end.
Status: Full — every control resolves to a signed artifact Ledgix produces today, including the quarterly/annual attestation packet.
Scope
AIUC-1 requires a documented inventory of AI use cases, per-decision risk scoring, a cryptographically verifiable audit trail, and a periodic attestation that summarises drift, incidents, and policy changes. Ledgix's ledger plus the Phase 8 attestation records cover every clause that can be satisfied with technical evidence.
Controls covered
| Field | Type | Required | Description |
|---|---|---|---|
| AIUC1-GOV-01 | policy_snapshots / events_jsonl | AI Governance — Policy Approval Chain | Evidence that AI actions are governed by versioned, approved policies. |
| AIUC1-INV-01 | events_jsonl | AI Tool Inventory | Catalog of all AI-invoked tools within the audit window. |
| AIUC1-RISK-01 | events_jsonl | Risk Assessment — Confidence Scoring | Evidence of per-decision risk scoring and denial rates. |
| AIUC1-AUDIT-01 | checkpoint_chain / key_history / signatures | Tamper-Evident Audit Trail | Cryptographically signed, append-only ledger of all AI actions. |
| AIUC1-TRACK-01 | proof_index | Event Traceability Index | Lightweight index linking each event to its Merkle leaf position. |
| AIUC1-ATTEST-01 | attestations / signatures | Quarterly AIUC-1 Attestation Packet | Signed quarterly/annual attestation summarising AI inventory, drift, incidents, and policy changes. |
Evidence types referenced
- policy_snapshots — versioned, signed policy files for every policy active in the window.
- events_jsonl — per-day JSONL containing every accepted decision with its risk score.
- checkpoint_chain — Merkle checkpoint sequence proving the ledger is append-only.
- key_history — signing key lifecycle with attestation payloads.
- signatures — Ed25519 manifest signature over the pack.
- proof_index — per-event Merkle inclusion index.
- attestations — signed AIUC-1 quarterly/annual attestation records.
Known gaps (if any)
None — every control resolves to an artifact Ledgix produces today.
Audit pack workflow
Export an evidence ZIP for this framework from the admin console's Evidence Exports panel by selecting AI Use Case Inventory Certification (AIUC-1) and a time window. Each control's evidence_locators[] in the included framework_mapping.json points to the corresponding file in the ZIP.
References
- Framework mapping JSON:
vault/internal/compliance/frameworks/aiuc1.json