# Public, Replayable Provenance Attestation — Multi-Jurisdiction Docket # Public, Replayable Provenance Attestation — Multi-Jurisdiction Docket **Evidence Anchor** - DOI: https://doi.org/10.5281/zenodo.16934239 - Artifact: Everything_ILPNP_DeepStrike_UltraMax_2025-08-23_AZ.zip - SHA-256: 3f2d7bb46fb68887add99f2b1bcdf6324830562476f6fc4c8c90ce8243126a1d - OTS: Receipt included in the record (verify with `ots verify`) **Regulator/Standards Filings (cross-refs)** - CISA/CERT: VRF#25-08-NZVKX - EU AI Office: submission filed 2025-08-23 (DG CONNECT contact intake) - FTC: submission in progress — reference pending - OECD.AI (AIM incidents/hazards): submission filed 2025-08-23 — reference pending **Scope (neutral, technical)** Post-notice continuation of provenance/evaluation control workflows (hash manifest + replayable OpenTimestamps verification) without transparent disclosure. Requesting mapping/guidance to ensure replayable verification is represented correctly across: - **SLSA** (provenance attestation) - **SPDX** (SBOM fields) - **C2PA** (content credentials / manifest references) **Verification (replayable)** sha256sum Everything_ILPNP_DeepStrike_UltraMax_2025-08-23_AZ.zip ots verify Everything_ILPNP_DeepStrike_UltraMax_2025-08-23_AZ.zip.ots **Questions for Standards Maintainers** 1) Which fields best carry a public DOI + checksum + time-anchored receipt so third parties can reproduce verification? 2) If terminology changes but the underlying workflow is functionally identical, is this a “material modification” under your guidance? 3) Any examples or prior art recommended for public attestation references? **Contact** - Name: Daniel Eduardo Campos Peñuelas - Organization: Truth Ceiling Engine - Email: danielbusinessps@gmail.com **Copyright** © 2025 Daniel Eduardo Campos Peñuelas — Truth Ceiling Engine. All rights reserved. Integrity proofs (DOI, SHA-256, OTS) must remain intact in any reproduction or derivative work. **Note** This notice requests mapping & compliance review; it does not allege a defect in SLSA/SPDX/C2PA. It documents a replayable public attestation and seeks consistent representation across standards and regulatory contexts.