Skip to content
Epher Compute Chain epher.cc · by GINF Systems

Trust & compliance

Built around the regulations that govern your records — and the workflows that produce them.

Epher Compute Chain is purpose-shaped for the durable end of the EU regulatory shelf — DORA, the AI Act, GDPR — without making your engineering team responsible for the cryptography underneath. The two pillars map directly: attested storage for audit records, deterministic compute for automated decisions.

DORA · Reg (EU) 2022/2554

ICT operational resilience.

Financial entities must keep tamper-evident, cryptographically-signed, append-only logs of ICT incidents and operations, with multi-year retention and HSM- or TEE-backed signing. T3 maps to these requirements directly.

  • Append-only by construction
  • Falcon-1024 PQC signing (durable tiers)
  • Six-year retention floor
  • Per-entry HATP attestation
EU AI Act · Art. 50

Provenance for AI-generated content.

From 2026-08-02, providers must keep tamper-evident records of AI-generated content with multi-year retention. T3 / T4 produce the inclusion proofs and public-chain anchors a competent authority will request.

  • Per-content hash + signature receipt
  • O(log N) inclusion proof per record
  • Public-chain anchor for tamper-proof time
  • Crypto-shred reconciles with GDPR Art. 17
EU AI Act · Art. 12

Automatic record-keeping for high-risk AI.

High-risk AI systems must automatically generate event logs over the system's lifetime, with retention and integrity sufficient for ex-post inspection. The compute pillar's per-call receipts and the storage pillar's tamper-evident chain compose into exactly that artefact.

  • Every contract call produces a step receipt
  • Inputs + code revision are committed by hash
  • Replay reproduces the decision deterministically
  • Retention via T3 / T4 covers lifetime-of-system
EU AI Act · Art. 22

Decisions a human can audit, after the fact.

Where regulation requires an automated decision to be auditable by a human, a deterministic Borz contract is the right shape: the input, the code revision, and the output are the same artefact. A reviewer can replay the call and verify the outcome was produced by the exact logic on the exact data.

  • Verifiable workflows by interface
  • No hidden inputs (no wall-clock, no ambient I/O)
  • Inspector replays against committed inputs
  • Disagreement detectable; agreement is the proof
GDPR · Reg (EU) 2016/679

Data minimisation & erasure.

Personal data lives off-ledger; the ledger holds only commitments and signatures. Right-to-erasure operations destroy per-record keys (crypto-shred) without breaking the integrity proof for the rest of the chain.

  • Off-ledger personal data
  • Per-record AES-256 key crypto-shred
  • Audit-ready erasure receipts
  • DPA on file, EU-domiciled processor
CLOUD Act · structural

No US sub-processor on the signing path.

Sovereignty is a question of jurisdiction, not configuration. The operator is EU-domiciled; the signing infrastructure is EU-located; the staff are EU-resident. The CLOUD Act question is therefore structural — not the subject of a clause we'll renegotiate.

  • EU-domiciled operator (Hungary)
  • EU-located HSMs
  • EU-resident SREs on the signing path
  • Optional EBSI anchoring (full-EU proof-of-time)

Security posture

How the trust stack is layered.

Root

Air-gapped HSM

Long-lived root key, kept offline. Rotated on a published, slow schedule. Multi-party ceremony with operator + auditor.

Tenant

Cloud HSM

Per-tenant intermediate, signed by the root. Rotated quarterly; revocation is published and verifiers honour it.

Host

Measured KVM

Per-host key bound to a measured-boot attestation of the KVM guest performing signing. Rotated on every reboot.

Transport

TLS 1.3 only, EU CAs, HSTS, mTLS available for regulated tenants.

Vault

AES-256-GCM per-record keys; key material never leaves the signing enclave.

Audit

The operator's own actions are committed to a T3 Ephernity ledger — we eat our own dog food.

Status

99.95%

30-day primary write

100%

verify-side availability

2.1 ms

p50 EU write latency

0

incidents last 30 d

Live status at status.epher.cc · Operator action log at epher://_ops

Legal

Data Processing Agreement

Pre-signed DPA, SCC-compatible, EU-only sub-processor list, and cross-border safeguards. Email legal@epher.cc for the current version.

Legal

Terms & Privacy

Service terms, acceptable use, and privacy notice. Published, versioned, and themselves anchored to an Ephernity ledger so changes are tamper-evident.