Evolkai  /  2026  /  Trust Infrastructure

Trust isn’t a feature. It’s an architecture.

Evolkai is independent, hardware-rooted trust infrastructure for the world's most consequential physical operations. We turn execution events into tamper-evident, independently verifiable evidence — sealed at the source, governed by a neutral standard, built so no single party (including us) can hold the system hostage.

Discuss a deployment Read the architecture
00 / The Problem

A structural asymmetry in physical operations.

In the world's most consequential physical operations, the evidence of what happened is produced and controlled by the same parties whose actions are being judged. Evolkai exists to replace that with forensic-grade evidence records built to survive courtroom and litigation scrutiny.

Operators document their own custody. Inspectors record their own conclusions. Carriers timestamp their own handoffs. The records that should resolve disputes are exactly the records under challenge — and counsel on the other side of the table knows exactly how to challenge them. Server-side timestamps are editable. Database entries can be backdated. CCTV chains of custody are reconstructable. ERP exports are filtered before they're shared. Under adversarial scrutiny, conventional records share a fatal flaw: they are self-generated, self-stored, and self-presented by the interested party. Their evidentiary weight collapses precisely when it matters.

Contested
Logistics
Damage and shortage claims contested for months because no one's documentation is independently verifiable.
Contested
Energy & Mining
Regulatory inspections and royalty calculations rely on records the operator produces and stores.
Contested
Pharma & Healthcare
Cold-chain integrity, sample chain-of-custody, and clinical event logs that must survive audit and litigation.
Contested
Public Sector
Customs, border processing, and procurement events whose evidentiary value depends on being independently provable.
01 / The Thesis

Separation of powers, applied to evidence.

Trust in physical operations cannot be a feature retrofitted onto operational software. It has to be an architecture — one in which execution, evidence generation, storage, governance, and verification are handled by structurally independent parties. If any one party controls more than one of those layers, sophisticated counterparties will challenge the evidence on exactly that basis. Evolkai exists to provide the evidence-generation layer, and to provide it independently of the parties whose work it documents.

— I
Execution
Operator's systems
The operational software that runs the port, the warehouse, the clinic, the wellhead — owned and controlled by the operator.
— II
Evidence
Evolkai infrastructure
Hardware-rooted sealing of execution events at the moment of action, structurally separate from the systems generating them.
— III
Storage
Operator's vault
Each Proof Artifact resides in the operator's own evidence vault. The party that generates the evidence does not also store it — Evolkai retains no copies, preserving data sovereignty and preventing the concentration that would invite challenge.
— IV
Governance
Evidence Protocol Foundation
A neutral standards body governs the artifact schema and verification protocol — controlled by neither operator nor Evolkai.
— V
Verification
Any third party
Counterparties, regulators, insurers, and courts can independently verify any artifact without trusting either the operator or Evolkai.
02 / The Architecture

Four components. Verifiable end-to-end.

The Evolkai stack is purpose-built for trust generation, not retrofitted from general-purpose cryptography services. Each layer has a single, narrow responsibility, and the chain between them is auditable.

The HSM

Hardware Security Module · On-premises

The cryptographic root deployed at each facility. Designed for FIPS 140-3 Level 3 — the certification standard required for evidence to survive adversarial scrutiny in regulated and litigated contexts. Owned and operated by Evolkai under a lease-and-service model so the operator never has physical control of the sealing device.

Edge Primitives

Trusted devices · Point of action

A catalog of trusted devices — biometric readers, weighbridge interfaces, inspection scanners, gate sensors, GPS-anchored handhelds — that sign raw measurements and authentication events at the source, before any operator system touches them. The signature happens where the event happens.

Proof Artifacts

Structured · Portable · Verifiable

The output: structured records of execution events that contain the event data, the signing identity, an independent timestamp, and a cryptographic chain back to the HSM and Edge Primitives that produced them. Verifiable by any party with the public schema — no Evolkai involvement required to validate.

Evidence Protocol Foundation

Neutral standards body

The schema governing artifact format, verification procedures, and accreditation of verification authorities is held by an independent foundation — not by Evolkai, not by any operator, not by any licensee. This neutrality is what allows artifacts to function as evidence across jurisdictions and counterparties.

03 / How a Proof Artifact is Sealed

From physical event to verifiable record.

The sealing flow is engineered so that the artifact's evidentiary chain begins at the physical event itself — not at the database write that records it.

— STEP 01
Event occurs
A custody-critical action takes place: a container is received, a sample is sealed, a meter is read, a gate is opened, an inspection is signed off.
— STEP 02
Edge Primitive captures and signs at source
A trusted device at the point of action records the raw measurement and the identity of the actor, then signs both with its own hardware-resident key — before the data enters any operator system.
— STEP 03
HSM seals the artifact
The on-premises Hardware Security Module assembles the artifact, applies the cryptographic seal, and produces a tamper-evident fingerprint. Keys never leave the HSM.
— STEP 04
Independent timestamp anchored
An RFC 3161 timestamp is obtained from an independent timestamping authority, eliminating any dispute about when the seal was applied.
— STEP 05
Artifact issued under neutral schema
The completed Proof Artifact is structured according to the Evidence Protocol Foundation's published schema and includes the public registry fingerprint required for third-party verification.
— STEP 06
Anyone authorized can verify
Counterparties, regulators, insurers, and arbitrators can independently verify any artifact they have been given access to — using the public certificate chain and Foundation registry, with no Evolkai involvement required. Verification is open; the records themselves are not. Each artifact resides in the operator's own evidence vault and is shared only with the parties the operator chooses.
04 / Where Evidence Has to Hold

Built for any sector where physical execution generates risk.

Trust infrastructure is industry-agnostic by design. Today, Evolkai's first commercial deployment is in logistics — under exclusive license to easyblox. The same architecture is available, on a non-exclusive basis, across every sector where physical events generate evidence that must survive scrutiny.

Exclusive · easyblox
— 01
Logistics & Trade
Proof engine demonstration Token required
Open
— 02
Energy & Utilities
Open
— 03
Mining & Resources
Open
— 04
Pharmaceuticals
Open
— 05
Healthcare
Open
— 06
Financial Services
Open
— 07
Government & Public Sector
Open
— 08
Manufacturing
Open
— 09
Construction
Open
— 10
Agriculture
— Proof point · In the field

First commercial deployment: logistics, with easyblox.

Evolkai's trust infrastructure is exclusively licensed to easyblox in the logistics, supply chain, and physical trade sectors. The Lagos corridor is the first commercial proof point — a deployment environment chosen specifically because logistics disputes are frequent, high-stakes, and adversarial. If the architecture holds there, it holds anywhere.

Inquire about non-exclusive sectors
5yr
Bounded fees, fixed structure
L3
FIPS 140-3 certification path
Artifact verifiability post-issuance
05 / Why Now

The conditions for hardware-rooted trust have arrived.

— 01 / Standard

FIPS 140-3 baseline shift

The successor standard to FIPS 140-2 is reshaping what counts as defensible cryptographic infrastructure. Regulated and litigated contexts are migrating their floor.

— 02 / AI

Synthetic evidence is cheap

Generative AI has collapsed the cost of producing fabricated photographs, documents, and signatures. The only durable defense is evidence that was tamper-evident from the moment of capture.

— 03 / Regulation

Audit and disclosure are tightening

Across jurisdictions, regulators are moving from periodic attestation toward continuous, machine-verifiable disclosure. Self-generated logs no longer clear the bar.

06 / Logs vs. Proof

Logs describe what happened. Proof demonstrates it.

Conventional records and forensic-grade artifacts occupy fundamentally different categories of evidence. One is testimony by the interested party. The other is an independently attested fact.

Conventional records

Logs, audit trails, ERP exports, CCTV, scans

Generated by the operator's own systems. Stored on the operator's servers. Presented by the operator as evidence of the operator's compliance.

  • Server-side timestamps editable by system administrators
  • Database entries modifiable — no cryptographic integrity guarantee
  • Records retrievable only with access to the operator's systems
  • Authenticity cannot be proven without trusting the presenting party
  • No independent attestation of time, identity, or authorization
  • Credibility ceiling under adversarial legal scrutiny
Evolkai Proof Artifacts

Sealed at the moment of action

Generated by controlled execution workflows. Sealed by independent trust infrastructure. Timestamped by a neutral authority. Governed by a standards body. Verifiable by any party without system access.

  • Hardware-rooted cryptographic seal (ECDSA-P384 inside an HSM)
  • Tamper-evident — any modification breaks the fingerprint match
  • Independent RFC 3161 timestamp from a neutral authority
  • Identity-bound to the operator, device, and authorization chain
  • Verifiable by any party via public endpoints — no system access required
  • Court-admissible grade under recognized international standards
07 / Standards & Admissibility

Built to survive the courtroom.

Every layer of the proof artifact aligns with recognized international standards for cryptography, evidence handling, data protection, and electronic-signature law. Each entry below is a click — open it to see the role it plays in the architecture.

Cryptographic & Security Standards 06
FIPS 140-3 Level 3
Hardware Security Module certification
US government standard for cryptographic modules. Requires tamper-evident enclosure, identity-based authentication, and key zeroization on breach. The Evolkai HSM targets Level 3 — the standard for commercial hardware security used by financial institutions and government agencies.
RFC 3161
Trusted timestamping protocol
The international standard for trusted timestamps. Independently operated timestamp authorities provide verifiable time attestation recognized by courts and arbitration bodies worldwide. The neutrality of the timestamper is what makes the timestamp evidentially robust.
eIDAS 910/2014
EU qualified signatures & seals
The EU regulation on electronic identification and trust services. QTSP evaluation for EU-connected trade lanes enables artifact recognition across 27 EU member states and provides the highest legal weight for electronic evidence in European jurisdictions.
Common Criteria EAL4+
IT security evaluation (ISO 15408)
International standard for IT security evaluation, recognized by 31 countries under the Common Criteria Recognition Arrangement. EAL4+ is the standard for commercial HSMs and complements FIPS 140-3 for European and Gulf institutional requirements.
ISO/IEC 27001
Information security management
The internationally recognized standard for information security management systems. Governs how Evolkai operates security policies, access controls, incident response, and continuous improvement of the security posture supporting the Proof Engine.
NIST SP 800 series
US cryptographic & security standards
NIST Special Publications governing cryptographic algorithms, key management, and identity authentication. The Proof Engine uses only NIST-approved algorithms (ECDSA-P384, SHA-384) — no proprietary or non-standard cryptography is introduced anywhere in the seal pipeline.
Legal & Operational Frameworks 10
ISO/IEC 27037
Digital evidence handling
The international standard for identification, collection, acquisition, and preservation of digital evidence. Proof artifacts are designed from inception to satisfy ISO 27037 principles: integrity is preserved through hardware-rooted sealing, chain of custody is inherent to the artifact structure, and every action is attributable to an identified actor.
ICC Arbitration Rules
International commercial arbitration
The ICC Rules of Arbitration allow tribunals to accept electronic records provided they are authentic, reliable, and relevant. Proof artifacts meet all three thresholds: authenticity through cryptographic seal, reliability through immutability, and relevance through the structured event payload.
IBA Rules on Evidence
International arbitration evidentiary standard
The IBA Rules on the Taking of Evidence in International Arbitration explicitly address electronic documents. The separation of powers between execution, sealing, and verification directly answers the most common challenge to electronic evidence: that it was generated and controlled by the presenting party.
Nigeria Evidence Act §84
Electronic evidence admissibility
Section 84 establishes conditions for admissibility of computer-generated evidence in Nigerian courts. Proof artifacts exceed these requirements through cryptographic sealing, independent timestamping, and a verifiable chain of custody that cannot be reconstructed by the presenting party.
GDPR
EU General Data Protection Regulation
Alignment with GDPR is essential for EU-connected trade. Privacy-by-design is intrinsic: timestamp authorities see only hashes (not operational data), operator-controlled vaults ensure data sovereignty, and biometric processing follows strict purpose-limitation principles.
NDPA 2023
Nigeria Data Protection Act
Nigeria's primary data protection law, governing lawful processing of personal data including biometric identifiers used in operator authentication. Privacy notices, consent frameworks, and Data Protection Impact Assessments are built into the deployment workflow.
UAE PDPL
UAE Personal Data Protection Law
The federal data protection framework governing personal data processing in the UAE, critical for Gulf corridor deployments (Jebel Ali, Khalifa Port). Artifact architecture supports PDPL requirements through data localization controls and explicit consent mechanisms.
ISO 28000
Supply chain security management
International standard for security management systems in the supply chain. Provides the operational-security framework within which proof artifacts are generated, covering facility security, personnel vetting, and transport chain integrity.
IMO ISPS Code
International Ship & Port Facility Security
The International Maritime Organization's security framework for port facilities and vessels engaged in international trade. Credential verification, facility access, and security incident artifacts align with ISPS reporting and documentation requirements.
Hague Convention
Cross-border evidence (Apostille)
The framework for cross-border legal recognition of public documents. Proof artifacts produced under EU eIDAS or other recognized regimes can be apostilled and admitted in foreign jurisdictions — a structural advantage in international disputes that cross multiple legal systems.
08 / Structural Commitments

Built so nobody — including us — can hold the system hostage.

Evolkai's value to a licensee depends on the licensee being able to trust that we cannot, will not, and structurally do not have the leverage to behave opportunistically. These commitments aren't marketing. They're built into the agreements that govern our relationships.

— C1

Independent provider

Evolkai does not operate in any of the industries it serves. We sell trust infrastructure; we do not compete with the businesses we equip. This separation is structural, not promised.

— C2

Lease-and-service hardware

Evolkai retains continuous title to all HSMs and Edge Primitives we install. Operators have right of use, never ownership. If an operator owned the sealing hardware, defense counsel could argue the operator could have manipulated it. Title resolves that argument by design.

— C3

Neutral standard governance

The artifact schema is held by the Evidence Protocol Foundation, an independent body. Neither Evolkai nor any licensee can change the rules of verification unilaterally.

— C4

Continuity guaranteed

If Evolkai ceases operations, title to deployed hardware transfers automatically to the licensee — preserving operational continuity. Existing Proof Artifacts remain verifiable indefinitely. The system survives us.

— C5

Bounded, benchmarked pricing

Licensee fees are individually capped, fixed for five-year windows, with annual benchmarking against published Cloud HSM pricing. No surprise fee categories. No discretionary surcharges.

— C6

Irrevocable license rights

Where exclusivity is granted, the license cannot be terminated, suspended, or modified except for uncured material breach. Licensees can build long-term businesses on top of Evolkai infrastructure with confidence in the foundation.

09 / From the Founder

Evolkai exists because the trust layer for physical operations had to be built right — and could not be built inside any of the companies that need it.

I have spent years building product across multiple industries, and the same problem appears in each one: the most consequential events generate evidence that the parties to the events produce, store, and present. The asymmetry isn't a software bug. It's an architectural choice that nobody had revisited.

So we revisited it. Hardware-rooted sealing at the source. Independent timestamping. A neutral schema body. Lease-and-service hardware so the operator never has physical control of the device that signs against them. The point isn't to make trust louder. It's to make it structural.

If you operate in a sector where evidence has to survive scrutiny — and you've been quietly aware that your current documentation wouldn't — we should talk.

— Mohamad Yakteen
Founder & CEO
Evolkai
10 / Begin a Conversation

Tell us what your evidence has to survive.

Every deployment begins with a specific question: where in your operation does an event need to become evidence that holds up to scrutiny? Tell us that, and we'll tell you how the architecture maps to it.

— A · Licensing inquiry

For non-exclusive sectors

Energy, mining, pharmaceuticals, healthcare, financial services, government, manufacturing, construction, agriculture, and other sectors outside logistics. Discuss licensing terms, deployment requirements, and timelines.

licensing@evolkai.com
— B · Technical conversation

For architects, CISOs, and integrators

Discuss the architecture document (EVO-ARCH-2026-001), Edge Primitive catalog, integration patterns, certification status, and verification protocols. NDA available on request.

hello@evolkai.com

— Or see how it all comes together end-to-end.

Open the proof engine demonstration Token required