The verifiable evidence layer for AI governance.
Every Australian AI governance framework ends at the same place: can you reconstruct what your AI did, and prove the record was not changed afterwards. Dynamic Feed turns the data your AI is given, and the decisions it drives, into Ed25519-signed, independently time-stamped, re-computable records. The evidence of accountable operation that auditors and regulators assume you can produce, captured automatically as it happens.
Australia governs AI through the rules you already carry.
Australia chose not to pass a single AI Act. Its National AI Plan (2 December 2025) governs AI through existing, technology-neutral obligations and sector regulators, which means those obligations bind your AI whether or not they mention it. Several are already live and enforceable, and one genuinely AI-specific duty has a fixed date on the calendar.
What these regimes have in common is an assumption the global frameworks make explicit: you can reconstruct what an AI system was given and what it did, and you can show the record has not been altered. That last part is where most logs fall short.
The Australian Government has gone further and written the demand down. Its National AI Centre published the Voluntary AI Safety Standard, ten guardrails for AI across the supply chain. Three of them describe this product: data governance (guardrail 3), AI supply-chain transparency (guardrail 8) and record-keeping (guardrail 9), keeping records so a third party can assess what a system did. The standard is voluntary, but the same demand is binding in law through APRA CPS 230 and CPS 234 and the Privacy Act transparency rule. You do not have to convince an Australian enterprise that verifiable evidence matters; their government and their regulators already did.
Mapped to the record you can actually produce.
The instruments an Australian enterprise answers to, and how a signed, tamper-evident record supports each. Dynamic Feed provides the verifiable record; it does not discharge the obligation, which stays with you.
| Instrument | Status | How verifiable evidence helps |
|---|---|---|
| APRA CPS 234 Information security | In force, 1 Jul 2019 | Control testing and material-incident records that surface effectiveness, not just existence, with tamper-evidence so the record holds up after the fact. |
| APRA CPS 230 Operational risk | In force, 1 Jul 2025 | An independent, signed record of the data a material third-party model or service fed your workflow, so the service-provider question can be answered with evidence rather than assertion. |
| Privacy Act Automated-decision transparency (APP 1.7) | Commences 10 Dec 2026 | A signed, dated trail of the data behind decisions that significantly affect people, supporting the lineage that transparency obligation assumes. |
| Voluntary AI Safety Standard Ten guardrails (National AI Centre) | 5 Sep 2024, upd. 2 Dec 2025 | Serves guardrails 3 (data governance), 8 (supply-chain transparency) and 9 (record-keeping) directly: a signed, sourced, tamper-evident record a third party can assess. |
| ISO/IEC 42001 AI management system | Published Dec 2023 | Produces the kind of objective, re-checkable evidence a certifiable management system needs for supplier oversight and lifecycle records. |
Dates per the regulators and primary instruments. This page is general information, not legal advice; confirm scope and applicability with your own advisors.
It is not only Australia.
The same requirement, reconstruct what an AI did and prove the record was not altered, now appears across the major markets. Dynamic Feed produces the one artefact that satisfies all of them.
- EU, AI Act Article 12 (Regulation (EU) 2024/1689). High-risk AI must keep automatic logs over its lifetime; full application 2 August 2026, with deployers retaining logs for at least six months. A signed, re-computable record is exactly that log, made independently verifiable.
- United States, NIST AI Risk Management Framework. Calls for audit logs, model cards and traceability across the AI lifecycle.
- International, ISO/IEC 42001 and the OECD AI Principles. ISO 42001 requires documented model-governance and monitoring records; the OECD principles place traceability under accountability, keeping records of data and process so outcomes can be reviewed.
Different jurisdictions, one demand. These are third-party regulatory instruments, cited for context; none endorses Dynamic Feed.
One signed record, three jobs.
- The data your AI was given. Every external datapoint we serve carries a provenance envelope, source, licence, exact measurement time, age and an Ed25519 signature, so you can show precisely what your system consumed and how fresh it was.
- A decision trail for what the system was told. A signed, contemporaneous record of the inputs and the go / caution / no-go signal a system was given before it acted, captured at the moment, not reconstructed later.
- Tamper-evidence on your own records, without us seeing them. Hash your decision log locally; we sign the hash and have it time-stamped by an accredited RFC 3161 authority. You prove it existed and was unaltered, and we never read or store the underlying content. Zero PII.
Don't take our word, verify a live record.
This fetches a live signed record from Dynamic Feed and verifies its Ed25519 signature in your browser, against the published key. Change one byte and verification fails. Tamper-evidence demonstrated, not asserted.
Built for the people who have to answer the regulator.
Defensible, not just defensible-looking
A signed, re-computable record of the critical external readings and decisions behind your AI, the artefact CPS 230, CPS 234 and the coming transparency rule assume you can produce.
An audit trail you don't have to trust
Wire signed provenance and a decision trail into your AI workflow. When an output is later questioned, you have a contemporaneous record anyone can re-check.
The evidence layer your framework calls for
Your framework specifies tamper-evident record-keeping; we provide it. Offer your clients a verifiable evidence component you can embed and they can independently check.
Automated. No human reads your data.
Dynamic Feed runs as software, not a services team. You call a keyless endpoint or point us at a source, and the system returns a signed, provenance-stamped record, with no person in the loop. Anything sensitive is proven by its hash and never leaves your systems. The record is verifiable by anyone against our published key, and can be time-stamped by an accredited RFC 3161 authority as proof it existed unchanged.
A valid signature shows Dynamic Feed reported this exact record at this time and that it has not been altered since. It is tamper-evident, not tamper-proof, and it proves provenance, not that a value is objectively true. Treat it as one independent, verifiable input into your governance, never the whole of it.
Fully automated. Run by AI, end to end.
No sales calls and no waiting. Mint a key and you are live in seconds, on any tier.