πOrbit
Observability, traceability, lineage, integrity, monitoring, documentation
with AI Act compliance as the first killer use case.
Orbit is AI System Audit Trail Infrastructure. We provide the logging standard, integrity service, and compliance workflows that enable observability, traceability, and regulatory documentation. AI Act compliance is the first killer use case, not the only value.
Not just compliance documentation
β AI System Audit Trail Infrastructure
Orbit provides observability, traceability, lineage, integrity, monitoring, and documentation for AI systems. AI Act compliance is the first killer use case, enabling vendors to sell to banks faster. But the value extends beyond compliance to operational excellence and risk management.
The Problem (2025β2027)
Modern data systems face four converging pressures that existing infrastructure cannot address
No Verifiable Audit Trail
Organisations can claim anything about how they use your data. Users can only trust, but never verify. Regulators can only investigate after the fact.
AI Act + Global Regulation
EU AI Act (August 2026), UK DPDI, and US state laws require demonstrable traceability: consent frameworks, proof of lawful processing, verifiable decision-making audit trails.
High-Risk AI Systems Need Provable Data Lineage
KYC, healthcare, hiring, credit decisions, and insurance systems must prove what data was used, under what consent, who accessed it, and when.
Missing Declarations, Not Missing Storage
Everyone already has the data. The problem: nobody is required to declare what they actually did. If they lie, omit, or fail to record, users can't detect it.
Orbit's Solution
What Orbit stores (and what it doesn't)
- βPointers to where data already lives (off-ledger)
- βHashes proving data integrity at specific timestamps
- βSigned declarations from organisations about their actions
- βUser consent state (granted/revoked scopes)
- βAccess/share/update events with full attribution
- βNever stores PII β all sensitive data stays off-ledger
Cryptographically-Verifiable Event Ledger
Tamper-evident audit trail that sits around existing systems. Never stores PIIβonly pointers, hashes, signatures, and declarations.
Off-Ledger Snapshots
Data stays where it is. Orbit stores pointers and cryptographic hashes proving integrity at specific timestamps.
Signed Declarations
Organisations declare their actions with cryptographic signatures: profile updates, data usage, sharing events, consent changes.
Consent State Tracking
User consent state (granted/revoked scopes) tracked per organisation. Soft enforcement flags violations without blocking.
Verification Routing
Routes verification requests between organisations without touching raw PII. Records verification outcomes in the ledger.
Undeclared-Event Detection
Policy engine detects usage without consent, unknown recipients, hash mismatches, and anomalous access patterns.
How Orbit Fits
The audit infrastructure layer around existing systems
Upstream: Organisations Declare Possession
"We hold data about this user. Here's the snapshot pointer + hash proof."
Downstream: Organisations Declare Usage
"We used fields X/Y/Z under scope A for purpose B, at timestamp T, signed by our system."
Orbit becomes the proof layer between organisations and users
Event Types (Ledger Schema)
Org registers initial user profile snapshot
Org updates user profile snapshot
User/system grants consent for a scope
User/system revokes consent for a scope
Org declares usage of user data for a purpose
Org declares sharing data with another org
Requestor asks Orbit to route a verification claim
Verifier responds to a routed verification
Why This Matters Now
AI Act Compliance
Deadline: August 2026
High-risk AI systems must demonstrate risk management, technical documentation, automatic event logging, transparency, and human oversight.
Penalties: up to β¬35M or 7% of global turnover
Data Act
Effective: September 2025
Organisations must enable users to access and share data generated by connected devices and services. Orbit tracks consent and sharing events.
Cheaper Than Fines
Cost Comparison
AI Act penalties: up to β¬35M or 7% of turnover
Data protection: up to β¬20M or 4% of turnover
Orbit subscription: a rounding error
Revenue Streams
B2B: Compliance Infrastructure
Per-event or per-seat pricing for organisations to write signed declarations
Pricing:
$0.001β0.01 per event | $50β500/month per org
B2B: KYC Integration Layer
Primary GTM. Integrates with KYC providers to create reusable identity attestations. 40β60% cost reduction for financial institutions.
Pricing:
Platform fees + attestation requests (60β80% margins)
B2B: RegTech Audit Dashboards
Real-time compliance reporting, data lineage visualisation, risk scoring for banks, fintechs, healthcare providers
Pricing:
Enterprise tier: $50Kβ500K/year
Technical Infrastructure
Phase 1 (2025β2026)
Centralised Audit-Log-as-a-Service
- β’ Single-environment deployment
- β’ Ledger schema + snapshot model
- β’ Consent model + policy engine
- β’ Verification routing service
- β’ Web UI for timeline & integrity checks
Phase 2 (2027+)
Federated Consortium Governance
- β’ Multi-region infrastructure
- β’ Consortium governance model
- β’ Cross-border compliance
- β’ Enterprise-grade cryptography
- β’ Advanced anomaly detection
Orbit transforms regulatory compliance into shared infrastructure
Orbit is the missing infrastructure layer of the digital identity stack. A cryptographically-verifiable record of who did what with a user's data.
Go-To-Market Strategy
2025: Build + validate with KYC vendors
2026: Scale before AI Act deadline
2027: Enterprise + cross-border expansion
Try Orbit PoC
Proof-of-concept for AI providers: Logging SDK, Compliance Workflows, and Technical Documentation Generation
AI Act Technical Documentation
Compliance documentation as a service for AI providers. Generate Annex IV, VIII, and XI technical documentation using the Orbit Logging SDK, Integrity Service, and Compliance Workflows.