The EU AI Act, Article 50, requires providers of generative AI to mark machine-generated content in a machine-readable, detectable way. Today's solutions are loose. C2PA metadata strips on re-upload. Statistical watermarks degrade through compression. Voluntary provider disclosures aren't auditable by anyone outside the provider.
A regulator who wants to enforce Article 50 needs three things at once: a verifiable record that a piece of content was AI-generated, an audit trail that's hard to fake, and a privacy posture that doesn't require storing the prompt or output anywhere. Ligate Chain provides exactly this primitive. This post walks through the actual chain-level flow.
The setup: EU AI Office becomes an attestor
The EU AI Office, or any designated national authority, runs a node on
Ligate Chain and registers an AttestorSet. An attestor set is a group
of independent signers who collectively co-sign attestations under a
threshold. In v0 this is federated: a fixed roster of trusted
organisations. In v1, attestor sets bond stake and are slashable for
fraudulent signatures (more on that below).
RegisterAttestorSet({
members: [
pubkey_eu_ai_office,
pubkey_german_bfai,
pubkey_french_cnil,
pubkey_irish_dpc,
pubkey_italian_garante,
pubkey_spanish_aepd,
pubkey_dutch_ap,
pubkey_polish_uodo,
pubkey_swedish_imy,
],
threshold: 5,
})
This costs 10 $LGT and produces an AttestorSetId with the Bech32
prefix las1. The set requires 5-of-9 signatures for any attestation
to be valid under it. The exact roster is illustrative, not
prescriptive: each member-state authority would publish its own pubkey
and the EU AI Office composes the set.
The schema: defining what an EU-compliant AI receipt looks like
Next, the EU AI Office registers a Schema for the kind of receipts
they want providers to submit. A schema defines the shape of every
attestation written under it, and binds to the attestor set authorised
to sign them.
RegisterSchema({
name: "eu.ai-content",
version: 1,
attestor_set: las1eu_aioffice_v1...,
fee_routing_bps: 3000, // 30% of fees route to schema owner
fee_routing_addr: lig1eu_treasury...,
payload_shape: {
model_id: ModelID, // openai/gpt-5, anthropic/claude-4.7, mistral/large
model_weights_hash: Hash, // exact model version hash
content_hash: Hash, // sha256 of the generated output
content_type: enum, // image | text | video | audio
generated_at: Timestamp,
consent_disclosed: bool, // was the end user told this is AI?
prompt_provided: bool, // user-initiated vs autonomous agent
redacted_payload: Hash, // privacy-preserving prompt fingerprint
provider_country: ISO3166,
},
})
This costs 100 $LGT and produces a SchemaId with the Bech32 prefix
lsc1. The payload_shape is descriptive: the chain enforces only
the hash and signature shape, not the field-level semantics. That
enforcement happens off-chain in the schema's reference SDK and in
audit tooling.
A few things worth calling out:
The schema binds to one attestor set, not many. This is a
deliberate design choice. Anyone verifying an attestation knows
exactly which signer roster authorized it, with no ambiguity about
"is this version of the set valid" or "which subset signed this
particular receipt." The cost of this clarity is that
multi-jurisdictional setups need to be expressed as separate schema
versions: eu.ai-content/v1 for the EU AttestorSet, us.ai-content/v1
for a US-led set, eu.ai-content/v2 if the EU expands its roster
later. Same flexibility, cleaner verification semantics. EAS on
Ethereum made the opposite choice (schemas are attestor-agnostic)
and clients ended up having to track who-signed-what externally to
make sense of attestations. Not a tradeoff worth inheriting.
The fee_routing_bps field lets the schema owner take up to 50% of
every attestation fee submitted under their schema. In this case, 30%
flows to the EU treasury and 70% to the chain's protocol treasury.
Funding mechanism for the regulator built directly into the protocol.
Submitting an attestation: what providers do at generation time
When OpenAI, Anthropic, Mistral, or any other provider generates content for an EU user, they sign and submit a payload that conforms to the schema. They don't need to hold $LGT or run a wallet themselves; in practice they integrate via a relayer (this is exactly what Iris does for AI agents).
SubmitAttestation({
schema_id: lsc1_eu_ai_content_v1...,
payload_hash: sha256(borsh_encode(payload_above)),
signatures: [
sig_eu_ai_office,
sig_german_bfai,
sig_french_cnil,
sig_irish_dpc,
sig_italian_garante,
// 5-of-9 threshold met
],
})
This costs 0.001 $LGT and writes a permanent record. The (schema_id, payload_hash) pair is the unique attestation identifier. The chain
enforces a write-once invariant on this pair: the same content under
the same schema cannot be re-attested, which gives you free replay
protection.
Critically: the chain stores the hash and the signatures only. It never sees the prompt or the output content. Privacy-preserving by design. A provider can publish receipts proving they followed disclosure rules without leaking what users asked the model.
Three real query patterns
Once attestations are flowing, three groups can query the chain.
A citizen verifying an image
A user sees an image online and wants to know if it's AI-generated. They run a verification tool that takes the image, hashes it, and queries the chain.
verify_content(sha256(suspicious_image))
→ {
schema: eu.ai-content/v1,
attestor_set: las1eu_aioffice_v1...,
generated_at: 2026-04-26T10:23:00Z,
model: openai/gpt-5,
consent: true,
provider: USA,
}
If an attestation exists, the tool says "AI-generated by OpenAI's GPT-5 on April 26 2026, with user consent disclosed." If no attestation exists, the tool says "no compliant attestation found; this content may be human-made or generated by a non-compliant provider." The absence of an attestation becomes a useful signal in itself.
A regulator running an audit
The EU AI Office wants to know how many GPT-5 attestations OpenAI submitted in March 2026, and whether the consent disclosure rate matches what OpenAI self-reported in their compliance filing.
list_attestations(
schema: eu.ai-content/v1,
filters: { model_id: "openai/gpt-5", generated_at: 2026-03-* }
)
→ 47,318,201 attestations
→ consent_disclosed: true on 47,294,003 (99.95%)
If OpenAI reported 50 million GPT-5 sessions but only 47 million were attested, the gap is now an enforcement question. The regulator has a ground-truth count to compare provider self-reports against.
A court reconstructing a forensics chain
A defamation case turns on whether a specific image was AI-generated on a specific date. The plaintiff shows the image; the defendant claims it's authentic. The court hashes the image and queries the chain.
verify_attestation(
schema_id: lsc1_eu_ai_content_v1...,
payload_hash: sha256(image)
)
→ attestation exists, signed at 2026-04-26T10:23:00Z
→ 5 of 9 EU AttestorSet members signed
→ payload includes model: openai/gpt-5, weights_hash: 0x7a3f...
The court has cryptographic evidence that the image was attested as AI-generated on a specific date by a specific model. Not "we trust OpenAI's logs." A signed and timestamped record co-attested by five independent EU national authorities.
What makes this design specifically work for regulatory use
Four things, in priority order.
The schema owner sets the trust model, not the protocol. The EU authority decides which agencies sit in the attestor set and what threshold is required. Ligate doesn't gatekeep. China can register their own schema with a different attestor set and a different disclosure policy, and the same protocol carries both without anyone's permission. This matters because no global authority can credibly enforce content-attribution rules across jurisdictions.
Privacy is the default. Hashes and signatures only. The chain becomes auditable infrastructure without becoming surveillance infrastructure. This is necessary for any serious regulator: GDPR forbids the kind of plaintext logging that would be required for naive on-chain content storage.
Fees scale to AI volume. At 0.001 $LGT per attestation, even a billion attestations per year is a million $LGT in protocol fees. Stripe's per-transaction floor is roughly $0.30. Ethereum's gas at AI inference volume is structurally infeasible. Sovereign rollups on Celestia DA are the only stack that makes AI-scale attestation volumes economically viable today.
Enforcement is pluggable. A regulator can bring up an attestor set without changing the protocol. A standards body can define a schema without asking anyone. Existing AI providers can integrate via Iris in ten lines. Audit firms can run attestor sets independently. The design is built for a market of compliance regimes, not a single top-down standard.
What v1 adds: stake-backed accountability
Everything above runs on the v0 chain. v0 ships with federated attestor sets, which means the trust model is "the agencies in this roster signed the attestation, and you trust them collectively." This is sufficient for regulator-led adoption (the EU AI Office isn't going to misbehave at the protocol level), but it's not sufficient for contested settings where a private attestor's economic incentive needs to be aligned with honest signing.
v1 introduces two new modules:
- A
stakingmodule that lets anyone bond $LGT against an attestor set. The bond is forfeitable. - A
disputesmodule that allows challengers to submit fraud proofs against attestations. A successful challenge slashes the attestor set's bond and rewards the challenger.
In a regulatory context, this means: if a member-state agency in the EU attestor set were ever to sign a fraudulent attestation, an auditor or counterparty could publish proof, slash the agency's bond, and earn the recovery. The economic asymmetry shifts: attestors lose money for being wrong, not just reputation.
This isn't shipped yet. v1 lands after v0 has design partners and Iris hits its first paying operators. We earn each version on the previous version's traction; we don't pre-spend belief.
What's actually live
To be precise about what's built today versus what's planned:
- ✓ Schema registration (
RegisterSchema, 100 $LGT, schema IDlsc1...) - ✓ AttestorSet registration (
RegisterAttestorSet, 10 $LGT, set IDlas1...) - ✓ Attestation submission (
SubmitAttestation, 0.001 $LGT, write-once on(schema_id, payload_hash)) - ✓ Hash-only storage; chain never sees plaintext
- ✓ Bech32 IDs (
lsc1schemas,las1attestor sets,lpk1pubkeys,lph1payload hashes) - ⏳
lat1Bech32 wrapper for compound attestation IDs (small UX cleanup, planned pre-mainnet; today the ID renders aslsc1...:lph1...) - ✓ Schema owner fee routing up to 50%
- ✓ Replay prevention via write-once invariant
- ⏳
stakingmodule (v1, planned) - ⏳
disputesmodule with slashing (v1, planned) - ⏳ Public devnet (Q2 2026 target, late-2026 realistic for production-ready)
If you're a regulator, an audit firm, an AI provider, or a standards body and you'd like to talk about how this maps to a specific compliance regime you're working on, hello@ligate.io.