Regulated organizations generate compliance documentation constantly — DORA filings, CMMC attestations, SEC incident disclosures, NIS2 evidence. None of it is independently verifiable. A log entry proves nothing. An internal timestamp proves nothing.
So I built an independent cryptographic notary authority.
You submit a statutory document. The engine hashes every field with SHA-384, constructs a binary Merkle tree, signs the Merkle root with RS256, and returns a compact JWS receipt. Zero retention — the document never touches storage. Only the cryptographic proof of its state is produced.
The receipt is independently verifiable forever against a published public key. Anyone can verify at jwt.io right now using the public key at:
https://statutoryregistry.com/.netlify/functions/public-key
Five live nodes:
nextgenrails.net — apex hub
cbomcompliance.com — CBOM receipts for CycloneDX/SPDX
20022validator.com — ISO 20022 financial message receipts
cuistandard.com — CUI scoping for CMMC Level 2
statutoryregistry.com — statutory compliance notary
Happy to answer questions about the architecture.