AI Principles

Why AI Accountability Belongs in the Protocol

AI tools are becoming pervasive in the same physical-world activities BE Authentic is designed to verify: practice, performance, instruction, certification, assessment, and credentialing. A practice session might be coached by an AI tutor. A performance might be transcribed by an AI listener. A skill credential might be assessed by an AI evaluator. A maintenance log might be generated by an AI diagnostic tool.

If the trust layer for physical objects doesn’t distinguish between human and AI contribution, it doesn’t actually answer the question it claims to answer. “This person practiced for 10,000 hours” means something different from “this person and an AI together produced 10,000 hours of practice records.” A credentialing body, a teacher, an employer, an insurer, a competition judge — they all need to know which is which.

So we built AI accountability into the BE Authentic protocol, alongside the cryptographic primitives that verify human interactions. Same architecture, same verifiability, same vendor-independence.

Our Commitments

1. Every AI engine is publicly registered

Every AI engine whose output is recorded against a BE Authentic account is registered in our public AI engine registry, available at be-authentic.me/wp-json/arcform/v1/ai-engines. The registry records, for each engine:

• A unique identifier;
• The version of the engine;
• The engine type (cloud-based, on-device, or hybrid);
• The engine’s public signing key, where applicable;
• The party operating the engine;
• The cryptographic attestation linking the engine to a verified provenance event.

There is no “off-the-books” AI participation. If something is AI-assisted, the engine is in the registry.

2. AI outputs are dual-signed

When an AI engine produces output that’s recorded against your account, the output is signed twice: once by the engine itself (using the engine’s signing key) and once by our verification server (using our Ed25519 key). Both signatures are recorded alongside the event.

This means anyone reading the Provenance Record can independently verify two things: that the AI output came from the engine it claims to be from, and that our system received and recorded it. Tampering with the chain requires forging both signatures, which is computationally infeasible.

3. You can always determine what an AI contributed

For any AI output associated with your account, the system records — and you can always inspect — the following:

• Which AI engine produced the output;
• The verified human interaction (NFC tap) that authorized the AI to act on your behalf;
• Whether the engine ran in the cloud or on a physical/embodied device;
• The exact input that was sent to the engine.

The chain of custody for AI-generated content is recorded with the same cryptographic rigor as for human-generated content. A teacher can see exactly what an AI tutor evaluated. A credentialing body can see exactly what an AI assessor measured. An insurer can verify that an AI didn’t fabricate a performance record.

4. Human review is always available

Where AI is used to assess your skill, performance, or credential, you may request human review of the assessment. We commit to providing a written response within a reasonable period. AI-assessed metadata is clearly distinguished in your credentials from cryptographically verified metrics — you always know which is which.

5. On-device AI preserves your inputs

Some AI features run on your device rather than on our servers. Where they do, your inputs and intermediate processing results are not transmitted to our servers; only the outputs you choose to save are recorded against your account.

The engine registry distinguishes cloud-based engines (where our servers see the input) from on-device engines (where they don’t). The distinction is recorded for every event, so the Provenance Record makes it visible.

6. The standard is vendor-independent

BE Authentic’s AI accountability framework doesn’t require trusting OpenAI, Anthropic, Google, Meta, or any other specific AI company. The registry attests to engines from any party. The signing protocol works with any engine that supports cryptographic signing. If a Licensee chooses to integrate a particular AI vendor, the vendor’s engine gets registered like any other.

This matters because AI watermarking efforts to date have largely been vendor-specific. Each major AI company has tried to embed identifying signals into the output of their own models, with mixed success. BE Authentic operates at a higher level: it doesn’t watermark AI output, it attributes AI participation through the same cryptographic mechanism that verifies the surrounding human interaction. The result is independent of which AI was used and works across AI vendors.

What This Does Not Promise

It’s worth being precise about what AI accountability in BE Authentic does and doesn’t claim.

It doesn’t claim AI outputs are correct. The protocol records what was produced, by which engine, in response to which input. It says nothing about whether the AI’s assessment is accurate. That’s a question for the AI engine’s quality, not for our verification system. A bad AI signed by us is still a bad AI; the signature just means we attest that the engine produced the output, not that the output is right.

It doesn’t claim AI participation is bad. Many of the most valuable BE Authentic uses involve AI assistance. AI tutors help students practice. AI transcribers help musicians review their work. AI evaluators provide instant feedback. The protocol exists so people can use AI tools while preserving the ability to know AI was used. Transparency, not prohibition.

It doesn’t claim every AI everywhere is registered. Only AI engines whose output is recorded against a BE Authentic account are in the registry. An AI you use privately, off-platform, with no BE Authentic touchpoint, leaves no trace in our system — as it should.

It doesn’t claim cryptographic guarantees are forever. Future advances in cryptanalysis or quantum computing may eventually weaken specific algorithms. Our architecture is designed to support algorithm migration when that becomes necessary, while preserving the integrity of records already signed.

Where This Is Going

AI provenance is at an early, contested moment. The Coalition for Content Provenance and Authenticity (C2PA), Content Credentials, watermarking standards, and various national-level proposals are all trying to address pieces of the problem. We are paying attention to those efforts.

BE Authentic’s stance is specific and limited: we attribute AI participation in interactions involving physical objects on our platform. That’s a narrower scope than “watermarking all AI output everywhere” — but within that scope, we want to be the cleanest implementation possible. Engine registry transparency, dual-signing, on-device attestation, vendor-independence, public verifiability. The pieces are infrastructure-grade.

If you’re working on AI accountability standards, building credentialing systems that need to distinguish human and AI work, or running a Licensee program where AI attribution matters, we’d like to hear from you. info@be-authentic.me.