Our position

Provenance proves how an artefact was built, not who decided it.

Build provenance (SLSA) attests where and how an artefact was produced; it does not attribute the decision. Accountability needs a decision-and-attribution trail engineered above the pipeline.

Everyone says

Build provenance (SLSA) gives us an audit trail.

We think

Provenance proves how; attribution proves who — the decision trail is a separate, engineered layer.

What we’ve observed

EU AI Act Articles 12 and 14 make a queryable decision log and human oversight a requirement for high-risk systems.

slsa.dev/spec/v1.0-rc1/provenance
artificialintelligenceact.eu/article/12

Confidence: Observed

Built on

Provenance Engineering Governance-to-Value Ratio

Where this shows up

The Audit Trail for Agentic Deliveryinsight
Provenance Engineering: Reconstructing Who Decided What When Humans, Agents and Models All Contributedinsight