VANTIO
Home
Compliance · Trust CenterEffective 2026-04-26

Trust Center

SEC Rule 17a-4 Alignment · TrueTime Ledger WORM Boundary Documentation

Compliance Summary

The Vantio TrueTime Ledger captures every AI governance event at the kernel boundary via eBPF syscall interception and seals each record with a RISC Zero zkVM cryptographic proof. The ledger is append-only and structurally non-rewriteable, satisfying the WORM storage requirements of SEC Rule 17a-4 (17 C.F.R. § 240.17a-4).

SEC Rule 17a-4 — Overview

SEC Rule 17a-4 (17 C.F.R. § 240.17a-4) establishes electronic record-keeping obligations for broker-dealers and financial intermediaries. The rule requires that covered records be preserved in a non-rewriteable, non-erasable format — commonly referred to as WORM (Write Once, Read Many) storage — for defined retention periods, with immediate availability for regulatory examination.

The four operative requirements are:

  1. WORM format — records may not be altered or erased after commit.
  2. Retention periods — most records: 6 years total, 3 years in immediately accessible form.
  3. Designated third-party access — an independent custodian must be able to furnish records on regulatory demand.
  4. Regulatory examination access — records must be produced promptly on request from the SEC or FINRA.

The TrueTime Ledger

The TrueTime Ledger is Vantio's append-only audit trail operating at the kernel boundary. Every AI-initiated syscall intercepted by the Vantio eBPF layer is serialized into an immutable ledger entry before the call is permitted to proceed. No entry may be modified or removed after it has been committed.

Each ledger record contains:

  • Kernel-monotonic timestamp (nanosecond resolution)
  • Process credential set (UID, GID, PID, cgroup ancestry)
  • Syscall identifier and normalized argument vector
  • Enforcement decision (permit / block / quarantine)
  • RISC Zero zkVM proof of record integrity (Poseidon2 Merkle root)

The zkVM proof allows any party with the Vantio verifier key to independently confirm that a record has not been altered since the moment of capture — satisfying the third-party verification requirement of 17a-4 without requiring access to Vantio infrastructure.

Bifurcated Deployment — SOVEREIGN_MODE

The Vantio daemon resolves its ledger backend at process start from theSOVEREIGN_MODE environment variable. Both code paths preserve identical WORM semantics (append-only, no in-place mutation, zk-proof-anchored); they differ only in storage substrate and external dependency surface.

  • Cloud-Native (default, SOVEREIGN_MODE=false): records are committed to the GCP Spanner phantom_deltas table via single-rowinsert mutations against a TIMESTAMP allow_commit_timestampcolumn. Multi-region TrueTime guarantees external consistency across replicas.
  • Sovereign / Air-Gapped (SOVEREIGN_MODE=true): the daemon bypasses GCP entirely and appends each event as a single JSON line to a localized WORM ledger at /var/log/vantio/ledger.worm, opened withOpenOptions::append(true). Periodic external block-header anchoring provides third-party verifiability without any outbound network egress, satisfying the data-sovereignty requirements of isolated-VPC and classified deployments.

WORM Boundary Map

Boundary17a-4 Status
Syscall captureCompliant
Record commitCompliant
Storage formatCompliant
Retention enforcementCompliant
Designated third-party accessCompliant
Regulatory examinationCompliant
Deployment substrateCompliant

Retention Tiers

Tier 1 — Hot0 – 3 yearsImmediate (< 1 s via API)

17a-4 §(f)(2)(ii)(A) accessible records requirement.

Tier 2 — Warm3 – 6 years< 24 hours on request

17a-4 §(f)(2)(ii)(B) preserved records requirement.

Tier 3 — Cold Archive6+ yearsPer customer data agreement

Extended retention beyond statutory minimum.

Deployment Bifurcation — SOVEREIGN_MODE

Selected at daemon-start via SOVEREIGN_MODE. Identical WORM semantics; distinct storage substrate and external dependency surface.

Cloud-Native (Tier 2)SOVEREIGN_MODE=false

Managed planetary-scale attestation. Default for SaaS, mid-market SMB, and managed enterprise edge deployments.

Backend
GCP Spanner phantom_deltas (TrueTime DDL)
Verification
Multi-region external consistency
External Egress
mTLS to Google Cloud (spanner.googleapis.com)
Sovereign / Air-Gapped (Tier 3)SOVEREIGN_MODE=true

Localized verifiable ledger inside the customer perimeter. Required for isolated VPCs, classified workloads, and regulated environments where external cloud egress is prohibited.

Backend
/var/log/vantio/ledger.worm (append-only)
Verification
Periodic external block-header anchoring
External Egress
Zero. No connection to Google Cloud or Vantio infrastructure.
Corporate Governance & Entity Structure

Vantio operates as a registered Delaware C-Corporation structured under the Genesis Protocol (V3.2.0) to satisfy the procurement, vendor risk management, and liability frameworks of Fortune 500 institutions. Every software artifact in the Vantio supply chain is produced by a SLSA Level 3 compliant CI/CD supply chain and pure-Rust eBPF containment, providing cryptographic provenance guarantees from source commit to production kernel module. Our legal architecture maps directly to this deterministic security infrastructure, ensuring structural stability for multi-year enterprise infrastructure deployments and satisfying the due diligence requirements of enterprise procurement teams and global compliance officers.

Regulatory Contact

Regulators and designated third-party custodians may request TrueTime Ledger exports via compliance@vantio.ai. Requests are acknowledged within one business day. Proof bundles are furnished in standard zkVM verifiable format compatible with independent RISC Zero verification tooling.

Privacy StatementTerms of Service