New Open Standard ACTIS Takes Aim at AI Agent Evidence Tampering

A new open standard wants to answer a question that gets more uncomfortable as AI agents take on more real-world work: if an agent says it completed a transaction, how do you actually check?

ACTIS — Autonomous Coordination & Transaction Integrity Standard — is published at actis.world under an Apache 2.0 license with a patent non-assert commitment. Version 1.0 defines the cryptographic mechanics for verifying whether evidence produced by an agentic session has been altered: SHA-256 hash-chain verification, deterministic replay algorithms, and Ed25519 signature schemes. The output is a canonical verification report with one of three statuses — ACTIS_COMPATIBLE, ACTIS_PARTIAL, or ACTIS_NONCOMPLIANT — generated from a bundle that packages transcripts in a ZIP file with a manifest and checksums.

The spec's threat model is built around distrust. Evidence bundles, it assumes, may pass between parties with no reason to trust each other — parties who may be motivated to modify bundles, reorder transcript rounds, or swap out files. ACTIS verification is designed to catch those specific moves through schema validation, hash-chain recomputation, and checksum validation.

The standard is explicit about what it does not do: adjudicate disputes, assign fault, score reputations, handle settlement or payment, or verify identity beyond what's needed for signature checking. That narrow scope is deliberate — ACTIS positions itself as an integrity layer underneath whatever dispute resolution or compliance process a platform builds on top.

Two reference implementations — actis-verifier-rust and actis-verifier-ts — have been tested against a conformance corpus of 11 test vectors (tv-001 through tv-011), both passing all 11 without sharing code. The independent derivation from a single normative spec is a reasonable signal that the standard is implementable as written. The corpus covers schema validation, hash chain integrity, signature verification, replay consistency, and bundle security edge cases including path traversal and duplicate entries.

The specification repository cites alignment with the EU AI Act and the NIST AI Risk Management Framework. Whether ACTIS gains real-world traction will depend on adoption — the spec's contributors and any existing deployments have not been publicly named.