Provenance answers the question "where did this come from?" — but until now, only for content. Decision provenance extends it to the one thing generative AI never explained: why it produced a given output.
Two mature families of trust technology already exist. Content provenance (the C2PA standard) proves where a media artifact came from and whether it was edited. Log integrity (hash-chained audit logs) proves that a stored record has not been altered. Both are valuable. Neither answers the question a regulator, a court, or an auditor now asks of an AI system: why did it decide this?
A faithful log of an unexplained decision is still an unexplained decision — faithfully logged. The missing layer is the provenance of the decision itself: the configuration of control that produced this output rather than another.
A Causal Seal is a small, verifiable record attached to a single AI output. It cryptographically binds together three things: the output, the causal parameters that governed its generation (who answered, with what model, under which constraints, seeing what context, when), and the moment of emission. Anyone can verify a seal's integrity — with no access to the model, its weights, or any private system.
The causality criterion. A parameter belongs in a seal only if it is genuinely causal: had it held a different value at generation time, the output could have been different. Descriptive statistics computed after the fact (word counts, readability scores) are excluded by definition. This single rule is what separates decision provenance from decoration.
Each output is accompanied by a compact record whose fields describe the decision. That record is condensed into a fingerprint (a SHA-256 hash) — a short string that changes completely if any field is altered. To verify, anyone recomputes the fingerprint and compares: a match proves the record is intact and bound to that exact output. An optional signature proves which emitter produced it. You can try this yourself, in your browser, on the verifier page — nothing is sent anywhere.
A seal proves binding, not virtue. It makes an emitter's claims about its own decision fixed and auditable; it does not, by itself, prove those claims are wise or correct. Trust is anchored the way web security anchors it: the padlock proves the channel, not the honesty of the merchant. Genuine trust is built on top — through public parameter dictionaries, cooperative audits, runtime attestation, and certification.
Decision provenance is only meaningful when there is a decision to seal. The pattern assumes a system that governs generation deterministically — that computes an explicit control state before the model writes, rather than leaving the model to be judge and author at once. Where that governance exists, the causal state is small, explicit, and worth sealing. The format is open and model-agnostic: it works over any underlying model, from any vendor.
→ How this maps to the EU AI Act · Read the full specification