The evidence is a byproduct of the work.
The reason to read a finetune is the threat: a poisoned open model is a supply-chain attack, and safety-stripped finetunes ship in minutes on cards that say nothing of it. The work Protora does — detect, attest, excise — leaves behind, as a byproduct, exactly the evaluation, documentation, provenance, incident, and corrective-action evidence the regimes reward: the EU AI Act’s GPAI obligations (enforcement powers from August 2026) and NIST’s generative-AI guidance on measurement, provenance, and pre-deployment testing.
Protora produces evidence and assurance — not legal advice, not a certification, not a guarantee of compliance. Obligations and dates should be confirmed with counsel.
See how the evidence maps →
THE OBLIGATION ASKS FORPROTORA LEAVES BEHIND
Technical documentationThe audit dossier — witnessed, ceiling stamped
Model evaluation, incl. adversarial testingDETECT, incl. undisclosed / backdoor behavior — witnessed, abstains on the record
Corrective actionThe Corrective Patch — attested to coverage, reversible