Why ACF exists in 90 seconds
Written for executive committees, not architects. The question your auditor will ask on December 2, 2027, the three possible answers, and the trust infrastructure that puts you at Level 3 by construction.
This is not hypothetical: EU AI Act high-risk enforcement begins December 2, 2027.
Two snapshots on December 2, 2027
Without ACF
Without ACF, on December 2, 2027
- At 3:14 AM, your credit-scoring agent refuses 847 loans in cascade, and no one can reconstruct the decision the next day.
- The customer service agent promised a 4,200 euros refund, then the redeploy wiped any trace of the commitment.
- Your procurement agent just signed a 540,000 euros contract with an EU-sanctioned supplier, with no documented pre-screening.
- When the auditor asks who bears civil liability, the answer loops between IT, the model vendor, and the business unit.
- No trace exists to demonstrate the decision complied with the AI Act, ISO 42001, or your sector's obligations.
With ACF
With ACF, on the same December 2, 2027
- The 3:14 AM decision carries an Ed25519 signature, a chained SHA-256 hash, and the name of the DDAO who bears civil liability.
- The refund commitment triggers the level 2 kill switch, mapped to card ACF-11, archived before any redeploy.
- The supplier contract is classified N1 not N3, making the ACF-09 sanctions-screening card mandatory before signature.
- The auditor receives a signed PDF in 30 seconds, mapped to EU AI Act, ISO 42001, NIST AI RMF, GDPR, and COBIT.
- Your ACF Sovereignty Score™ moves from 34 to 78 in six months, and every agentic decision remains opposable years later.
Three possible answers
The auditor asks. You have three possible answers, in increasing order of defensibility — and three matching financial consequences.
Level 1 — Silence
“We'll check with the engineering team and get back to you.”
Consequence
Regulatory investigation opened, exposure to an AI Act sanction of up to 35 million euros or 7 percent of global turnover, executive accountability triggered, prolonged legal uncertainty.
Level 2 — Application logs
“We have application logs, we can export them for you.”
Consequence
Logs deemed non-probative under article 1366 of the French Civil Code, external forensic audit imposed, multi-month adversarial process, defense reconstructed after the fact.
Level 3 — Cryptographic proof
“Here is the Ed25519-signed PDF, you can verify it independently with the public key.”
Consequence
Opposable trace produced immediately, verifiable by the auditor independently of your systems, compliance demonstrated across five frameworks (AI Act, ISO 42001, NIST AI RMF, GDPR, COBIT).
The flow of an agentic decision
Without a governance frame, an agentic decision flows straight from the agent to the action. With ACF, two steps are inserted upstream — governance and signature — and one is added downstream: replicable verification, years later. Three extra boxes are enough to make the decision opposable.
Without ACF
With ACF
ACF is a Decision Trust Infrastructure
ACF is not a framework you deploy. It is a trust infrastructure you join, the way TLS exists for the web or SWIFT for interbank settlement. The standard does not live in your servers; it lives in any third party's ability to verify, years later, that an agentic decision occurred, who carried it, and under which doctrine.
01
Signed identity
Every agentic decision is Ed25519-signed and carries the name of the DDAO who bears civil liability; no anonymous autonomy is permitted by the standard.
02
Replicable verification
The SHA-256 hash chain and the 34 signed acf-mcp resources let a third party, years later, replay the verification without depending on you.
03
Opposable trace
The 17 by 5 mapping across EU AI Act, ISO 42001, NIST AI RMF, GDPR, and COBIT turns the trace into an opposable legal proof, not a mere technical log.
The real question
The question is no longer whether AI agents will make decisions.
The question is whether those decisions will still be defensible years later.
ACF® is the infrastructure that answers yes to that second question, by construction and not by luck — from the day the decision is made to the day a third party challenges it.