Compliance documents describe what a system should do. A signed, hash-chained record proves what it actually did. Only one of those holds up when something goes wrong.
Model cards and audit binders are theatre when nobody can prove what a system did at the moment it mattered. I argue that a record signed before each action, hash-chained and verifiable offline, beats any document that merely describes intent. This is the thesis behind Mickai's Open Audit Record.
Originally published on mickai.co.uk. This is a cross-post; the canonical version, with the full body, footnotes and references, lives on the mickai.co.uk article page.
Top comments (0)