The OVERT standard for AI governance evidence

OVERT (Observable Verification Evidence for Runtime Trust) is an open, royalty-free standard for producing independently verifiable evidence that AI governance controls actually executed at runtime — not just that they were written down.

The normative text lives at overt.is

This page is an orientation. The normative standard, its fascicles, the crosswalks, and the machine-readable feeds are published at overt.is. Always cite overt.is for conformance language — these docs never republish the normative text.

The gap OVERT closes

Governance frameworks (NIST AI RMF, ISO 42001, the EU AI Act) tell you what controls should exist. They rarely make you prove that a control ran on a specific request. OVERT specifies the technical mechanism for that proof: cryptographic attestation produced as a byproduct of execution — “attestation by construction.”

The result is an attestation chain that is evidence, not documentation: a third party can check it without trusting the operator, and without ever seeing the underlying prompts or responses.

The six governance domains

OVERT organizes controls into six domains. A conformance claim names which domains and controls were enforced, recorded, or declared not enforced.

Domain	Question it answers
Govern	Are accountability structures and policies attested?
Identify	Is the system inventoried and risk-classified?
Protect	Are boundaries, egress, and sensitive data controlled?
Attest	Is each decision turned into signed, chained evidence?
Measure	Are safety claims quantified with statistical sampling?
Respond	Are failure modes, circuit breakers, and revocation in place?

Four Attestation Assurance Levels (AAL)

OVERT is tiered so organizations can adopt incrementally and so relying parties know exactly how much trust an attestation warrants.

Level	What it means
AAL-1	Operator self-attestation
AAL-2	Active runtime enforcement
AAL-3	Machine-generated, signed, operator-controlled attestation
AAL-4	Independent, third-party, tamper-evident proof

Levels are not interchangeable

“OVERT Level N” is a conformance-maturity axis. It is not the same as any vendor’s internal runtime tiers. A single operator-controlled notary caps a deployment at AAL-3; AAL-4 requires a notary operated outside the operator’s trust boundary.

Crosswalks to the frameworks you already report against

OVERT maps its controls to NIST AI RMF, ISO/IEC 42001, the EU AI Act, OWASP, NIST SP 800-53, and FedRAMP, so an OVERT evidence posture feeds the compliance work you already do. The crosswalk companion is published at overt.is.

Independence: who can attest, and who can assess

OVERT separates four roles — the standard, the runtime-control implementation, the attestation provider (IAP), and the qualified assessor — and imposes structural independence requirements between an assessor and the operator it assesses. This separation is what lets the standard be cited by regulators and standards bodies without endorsing any one vendor.

The conformance ladder How a deployment moves from self-attestation to independently verified proof.

Declare it as code Turn an OVERT policy into validated, version-controlled TOML.

Read the standard The normative OVERT v1.1 text, fascicles, and feeds.

Why documentation is not evidence The concept behind the whole standard.