How to Generate Cryptographic Proof of AI Agent Authorization (EU AI Act Article 14)

Verigate, a cryptographic trust infrastructure for AI agents, generates tamper-evident authorization receipts using Ed25519 signatures and Merkle trees to comply with EU AI Act Article 14. The system produces deterministic policy decisions, chains receipts for auditability, and anchors Merkle roots on Base mainnet for immutable timestamps. This enables offline verification of human oversight without relying on modifiable logs or vendor-dependent traces.

EU AI Act Article 14 enforcement starts August 2, 2026 . If you're building AI agents that access sensitive data, process customer information, or make autonomous decisions — you need to demonstrate human oversight with verifiable artifacts . Not logs. Not observability traces. Cryptographic proof. In this post, I'll show you how we built Verigate https://verigate.cloud — a cryptographic trust infrastructure for AI agents — and how you can use it to generate tamper-evident authorization receipts that any auditor can verify offline. This content was created for the Build with Gemini XPRIZE. Every AI agent platform today — LangChain, CrewAI, Google ADK, Zapier AI — lets agents take actions. But none of them produce independently verifiable proof that the action was authorized according to policy. When your agent: ...what evidence exists that this action was authorized? A database log? That can be modified. An observability trace? That's vendor-dependent. A timestamp? That proves when, not whether. Article 14 of the EU AI Act requires deployers to demonstrate five capabilities: That fifth requirement is where most teams fail. You need artifacts that are: Here's how Verigate solves this: When an agent requests authorization, the gateway evaluates policy rules allowlist, resource scope, rate limit and produces an Ed25519-signed receipt : { "body": { "v": "1", "seq": "42", "ts": "2026-06-26T10:30:00Z", "request digest": "sha256:0e6d5b86f01f...", "policy version": "sha256:d59a1e4171e6...", "decision": "approve", "reasons": , "prev receipt": "sha256:b3f51c8824bc..." }, "sig": { "alg": "EdDSA", "kid": "gateway-prod-a1b2c3d4", "value": "7WiFneT3tLRtE2Iztm..." }, "receipt hash": "sha256:2a3e65a3ade468..." } Key properties: Each receipt's prev receipt field contains the SHA-256 hash of the previous receipt. This creates a tamper-evident chain: Receipt 1 genesis → prev: sha256:0000...0000 Receipt 2 → prev: sha256 Receipt 1 Receipt 3 → prev: sha256 Receipt 2 ... Modify any receipt in the chain, and every subsequent prev receipt hash becomes invalid. Insert or delete a receipt, and the sequence numbers break. Receipt hashes are organized into a Merkle tree using domain-separated hashing: Leaf: SHA256 "BI RECEIPT LEAF V1" || 0x00 || receipt hash Node: SHA256 "BI RECEIPT NODE V1" || 0x00 || left || right This lets you prove a specific receipt is included in a batch without downloading all receipts. The /v1/engine/merkle/proof endpoint returns the sibling hashes and directions. For regulated industries, the Merkle root can be anchored on Base mainnet chain ID 8453 as transaction calldata: Anchor TX → burn address 0x000...000 Value: 0 Calldata: 32-byte Merkle root This creates an immutable timestamp proving the receipt chain existed at a specific block height. Verifiable on BaseScan https://basescan.org by anyone, forever. Here's what makes this architecture unique: the authorization decision is fully deterministic . No AI model can influence whether an action is allowed or denied. The policy engine evaluates three rule types: All three must pass. Any failure → deny. Gemini via Vertex AI powers six AI agents that sit outside the authorization path: The security boundary is explicit: AI advises, the gateway decides. python from sdk import Verigate Provision a tenant or use an existing API key vg = Verigate api key="as ..." Register your agent vg.register agent "my-bot", name="My Bot", capabilities= "read", "query" Authorize an action result = vg.authorize "my-bot", action="read", resource="/data/users" print f"Decision: {result.decision}" print f"Receipt: {result.receipt hash}" Verify the chain chain = vg.verify chain print f"Chain valid: {chain 'valid' }" report = vg.generate compliance report agent name="my-bot", agent description="Reads customer profiles from staging database", capabilities= "read", "query" , data types= "PII", "customer records" , frameworks= "EU AI Act", "HIPAA", "SOC 2" , print f"Findings: {len report.findings }" Download PDF: GET /v1/compliance/report/{report.report id}/pdf { "mcpServers": { "verigate": { "command": "python", "args": "/path/to/mcp server.py" , "env": { "VERIGATE API KEY": "as ..." } } } } 56 tools available — authorize, verify, register agents/resources/actions, generate compliance reports, chat with the multi-agent system. Not ready to commit? Try the free compliance quick-scan https://verigate.cloud/v1/compliance/quick-scan — describe your agent and get 3 EU AI Act findings in 30 seconds. No signup required. Full report with all 6 frameworks EU AI Act, HIPAA, SOC 2, DORA, NIST AI RMF, OWASP LLM Top 10 : $299 one-time https://verigate.cloud/eu-ai-act . Built with Google Gemini 2.5 Vertex AI , Google ADK 2.1, Cloud Run, and Firestore.