The scan opened the file. The passport is what the system carries out of it.

Ripples — step 2 of 3

Issue the passport
the system carries.

A Ripple is the evidence passport for one AI system. Identity, data categories, legal basis, bias examination, oversight design, sealed diagnostics, and expiry — issued once, presented at every review.

Step 2 — the passportIssued once, accepted everywhereSealed Evidence Records attachedExpires by default
Ripple

Issued through AffectLog

LIMITED

Meridian Acuity Triage v3.1

Emergency patient triage · AI Act Annex III 5(d) · GDPR Art. 9

Monitoring activeExp 15 Nov 202614 receipts
84%
Evidence
raw_data: offraw_prompts: off
ALP-2026-MER-R3K9

A passport is presented. It is not asserted.

Scan the system. Issue the passport. Grant the visa. A Ripple is step two: the durable, portable evidence record an AI system carries — so that the hospital, the supervisory authority, the bank’s risk function, and the notified body are all reading the same document, and none of them is reading a claim.

Two sides of the desk

The same passport, read from both sides.

The reviewer asks

May this system operate against our patients, our applicants, our children?

The passport states the intended purpose the system was validated for. Where the deployment differs from it, the passport does not clear the system — a Droplet must be granted, or refused.

What personal data does it process, and on what basis?

Data categories, GDPR Art. 6 basis, Art. 9 special-category condition, Art. 8 where minors are involved, Art. 22 where the decision is automated, DPIA status under Art. 35, residency and transfer basis. Required fields, not optional ones.

Is the evidence complete enough to sign?

Completeness is tracked per section, against named articles. A reviewer sees precisely which of Art. 10, 12, 14, or 15 is unevidenced — before they are asked to put their name to a decision.

What happens when the vendor swaps the model?

A model swap invalidates the passport's accuracy and fairness evidence. Monitoring detects the change, the affected sections revert to unproven, and any Droplet granted on that evidence is suspended pending re-issue.

The issuer says

Every buyer sends a different questionnaire.

Issue one Ripple. It is the passport your system carries into every review — a competent authority, a hospital trust, a bank's third-party risk function, a notified body. Present it; do not rebuild it.

Our deals die in DPO review.

They die because the evidence arrives unstructured. A Ripple is built to be reviewed: legal basis, DPIA status, bias examination, oversight design, and sealed diagnostics, each mapped to the article the reviewer must satisfy.

We want a credential we can show publicly.

A system that has been issued a Ripple can display it: "Carries a Ripple" — Ripple-issued, verifiable, expiring. It is a credential the reviewer can check, not a logo they must trust.

We cannot expose model IP.

A passport records what is proven about a system, not how it is built. Diagnostics run inside your perimeter and export a signed Evidence Record — the result, never the weights, the corpus, or the prompts.

Inside the passport

Twelve sections. Each tied to an article.

Completeness is tracked per section, not as a headline score. A reviewer can see that the DPIA is missing, that Art. 10 bias examination was never run, or that accuracy evidence predates the current model — before signing anything.

Identity, provider, and intended purpose
Data categories — Art. 9, Art. 8, financial profiling
Model and provider stack — with swap detection
Legal basis — GDPR Art. 6, 9, 22 · DPIA under Art. 35
Security posture and egress boundary
Accuracy and robustness evidence — AI Act Art. 15
Subprocessors, hosting region, and transfer basis
Human oversight design — AI Act Art. 14
Data governance and bias examination — AI Act Art. 10
Event logging and traceability — AI Act Art. 12
Evidence Records — signed, immutable diagnostic results
Visas in force — which Droplets this passport carries

Completeness is a finding, not a percentage

Proven

Identity, data categories, Art. 6 and Art. 9 basis — evidenced and sealed.

Partial

Art. 35 DPIA started but unsigned. The gap is visible to the DPO before review, not after.

Unproven

Art. 10 bias examination never run. No Droplet may be granted on this passport.

The credential

A system that has been issued a Ripple can say so.

Not a badge of approval — a statement that a passport exists, is current, and can be checked. It carries an expiry date for the same reason a passport does.

Ripple-issued — the verifiable credential

A reviewer clicks through to the passport itself: sections, sealed Evidence Records, expiry, and any Droplets in force. Verification does not require trusting the claim — or contacting the vendor.

Evidence record. Not certification, conformity assessment, or regulatory approval.

Carries a Ripple

Ripple-issued · verifiable · expires

Ripple — evidence passportCleared with Limits

Acuity Triage Model v3.1

Emergency triage · Annex III 5(d)

Evidence84%
Expiry15 Nov 2026
Raw data exportoff
ALP-2026-MER-R3K9
Ripple — evidence passportReview Needed

Creditworthiness Model CW-2.1

Consumer credit · Annex III 5(b) · GDPR Art. 22

Evidence57%
Expiry02 Sep 2026
Raw data exportoff
ALP-2026-CRD-B4T1
Ripple — evidence passportBlocked

Companion Recommender (U16)

Reachable by minors · Art. 5(1)(f) boundary · DSA Art. 28

Evidence38%
Expiry
Raw data exportoff
ALP-2026-MIN-K2W7

Evidence Records

The passport is stamped by diagnostics, not by assertions.

An Evidence Record is a cryptographically signed, immutable diagnostic result — the finding, never the data behind it. Diagnostics execute where the data lives; only the sealed record crosses the boundary. Raw export is off by default and cannot be enabled from the browser.

Special-category exposure

Detects Art. 9 health and biometric data reaching the model — record only

raw: off

Group disparity analysis

Bias examination under AI Act Art. 10 — including proxy reconstruction

raw: off

Retrieval grounding

RAG faithfulness and corpus integrity — injected-instruction detection

raw: off

Accuracy under shift

Art. 15 robustness re-tested against the current population, not the validation set

raw: off
DPO Review
CISO Review
Procurement

Retail Credit Scorecard v7 · Art. 6(2) + Annex III(5)(b) creditworthiness

Art. 6 routeAnnex III(5)(b) — scoring, not fraud detection
Art. 10 bias examNo proxy test: postcode, device, income correlates
Art. 12 loggingActor, input hash, override — 6-month retention
Art. 14 oversightNo named human with authority to reverse a refusal
GDPR Art. 22Human intervention on refusal · CCD (EU) 2023/2225
2 gaps block the visa — Art. 10 bias examination, Art. 14 oversightReview Required

What a passport is not

Not a conformity assessment or CE marking
Not a notified-body decision under the EU AI Act
Not a regulatory approval or a legal opinion
Not clearance to operate — that is a Droplet
Not permanent — every passport expires

Passport lifecycle

Issue. Seal. Present. Re-issue.

01

Issue

The scan's open file becomes a passport: identity, purpose, data categories, legal basis, oversight design.

02

Seal

Diagnostics run where the data lives and attach signed Evidence Records — bias, accuracy, grounding, exposure.

03

Present

A Wake carries a stamped, sealed export to the reviewer: DPO, CISO, authority, or notified body.

04

Re-issue

A model swap, a drift alert, or an expiry reverts the affected sections to unproven. Passports do not renew silently.

The shift

Evidence, before and after the passport.

Without a Ripple

  • Evidence rebuilt from scratch for every reviewer
  • Legal basis asserted in prose, not recorded as a field
  • Bias examination under Art. 10 never run, only described
  • Diagnostic results unsigned — unverifiable after the fact
  • A model swap silently invalidates the file, and no one is told
  • Approvals that never expire, on evidence that already has

With a Ripple

  • One passport, issued once, presented at every review
  • Art. 6 / 9 / 22 basis and Art. 35 DPIA as required fields
  • Group disparity and proxy reconstruction tested, sealed, attached
  • Every result an immutable Evidence Record, verifiable offline
  • Model change detected — affected sections revert to unproven
  • Expiry by default; a lapsed passport clears nothing

Addressed

Ripples — the four objections we hear.

We hold SOC 2 and ISO 27001.

Those attest to how you run your company. A Ripple attests to what is true of one AI system: which special-category data it touches, whether it trains on it, how bias was examined under Art. 10, how oversight is designed under Art. 14, and whether accuracy has held under Art. 15 since the day it was validated. A management-system certificate answers none of those.

This is more paperwork.

It is the paperwork, issued once. A passport is durable and portable by design: complete it, and it is presented at every subsequent review rather than rebuilt for each one. The cost is front-loaded precisely so that it stops recurring.

We are not in a regulated sector.

Your deployers may be. A model sold into clinical triage inherits MDR and GDPR Art. 9. Sold into credit or insurance, it inherits Art. 22 and DORA. Sold into any service a minor can reach, it inherits GDPR Art. 8 and DSA Art. 28. The obligation follows the context, not your sector label.

Is a Ripple a certification?

No. It is not a conformity assessment, a CE mark, or a regulatory approval, and it does not substitute for a notified body. It is a structured, signed, verifiable evidence record that a human reviewer uses to reach a decision — and that a reviewer can be held to afterwards.

Step 2 — the passport

Issue your first Ripple.
One passport. Every review.

Scan the system. Issue the passport. Grant the visa. A Ripple is the record an AI system carries — and the only thing a Droplet can be granted against.

AffectLog provides technical evidence to support AI access, supplier-risk, security, privacy, and governance review. Not legal advice, certification, notified-body conformity assessment, or regulatory approval.