Standards & Certification
VAC Protocol is built on certified components and designed to align with global identity, security, and AI agent standards. Here's our alignment map and certification roadmap.
8
STANDARDS TRACKED
3
ALIGNED
2
IN PROGRESS
3
PLANNED
IDENTITY & BIOMETRICS
ALIGNED
ISO/IEC 30107-1 & -3
Biometric Presentation Attack Detection
Standard for detecting spoofing attacks against biometric systems — photos, masks, deepfakes, video replay. Certified component, in production today: VAC integrates Didit passive liveness, an independently certified PAD detector — iBeta Level 1 PAD under ISO/IEC 30107-3, with a 0% attack-success rate across 360 attempts (0% IAPAR), tested by iBeta Quality Assurance, a NIST/NVLAP-accredited lab (NVLAP code 200962), compliance letter dated 4 Feb 2026. Level 1 covers presentation attacks — print, screen, and replay.

On top of that, VAC's own 7-modality engine (face liveness, deepfake detection, speech match, lip-sync, challenge response, finger gesture, duress) adds cross-modal binding — face, voice, and gesture bound in a single act — as defence-in-depth, including against injection attacks that single-detector presentation-attack testing does not cover. VAC's own ISO 30107 certification is planned for Q4 2026 (see timeline below).
VAC relevance: Claims 1-15, 16-55 · Verification Engine
ALIGNED
ISO/IEC 29115:2013
Entity Authentication Assurance Levels
Defines four levels of authentication assurance (LoA 1-4). VAC's adaptive modality system is designed to map onto them: streamlined verification (inside trust graph) onto LoA 2, full 7-modality onto LoA 4. An assurance level is determined formally with your auditor against your deployment — not a value any vendor self-declares. Trust graph density dynamically drives the modality set.
VAC relevance: Claims 16-38 · Adaptive Modality Engine
IN PROGRESS
NIST AI 600-1
AI Agent Security Framework
NIST's emerging framework for AI agent identity, authorization, and accountability. VAC Protocol submitted to the RFI (March 2026) positioning cryptographic delegation chains and trust graphs as the architectural foundation for agent accountability.
VAC relevance: Claims 113-134 · Multi-Agent Coordination
IN PROGRESS
W3C Decentralised Identifiers (DID)
Decentralised Identity Foundation
Standard for self-sovereign identity and verifiable credentials. VAC's trust graph architecture aligns with DID's model of decentralised trust relationships. Verifiable Authority Tokens (VATs) implement the verifiable credential pattern with cryptographic delegation chains.
VAC relevance: Claims 272-285 · Trust Graph Network
SECURITY & COMPLIANCE
PLANNED
SOC 2 Type II
AICPA Service Organisation Controls
Industry-standard security audit covering data handling, availability, processing integrity, confidentiality, and privacy. Required by enterprise customers before procurement. Estimated cost: $50K-$150K per audit cycle. Planned post-revenue.
Timeline: Post-Series Seed · Estimated $100K
PLANNED
ETSI TS 119 461
Identity Proofing for Trust Services
European standard for identity verification in trust services, aligned with eIDAS regulation. Covers video identification, automated identification, and KYB verification. Required for EU market entry. Certification through accredited European bodies.
Timeline: Post-EU expansion · Estimated $50K+
PLANNED
FIDO2 / WebAuthn
FIDO Alliance
Passwordless authentication standard using biometrics and hardware keys. VAC's biometric verification can serve as a FIDO2 authenticator, enabling passkey-based authentication backed by the full VAC trust graph and delegation chain.
VAC relevance: Biometric Unlock · Claims 1-15
VAC PROTOCOL STANDARDS (INTERNAL)
DEFINED
VAC Trust Graph Density Thresholds
VAC Protocol Specification
VAC defines its own standards for trust graph verification economics: inside graph (streamlined — a single modality), outside graph (full verification — the complete modality set). Density thresholds determine when verification cost reduces. These standards are part of the protocol specification and white paper.
Patent claims: 272-285 · Trust Graph Economics
DEFINED
VAC Delegation Chain Constraints
VAC Protocol Specification
Monotonic narrowing: permissions can only restrict, never expand, without human re-verification. Maximum delegation depth, scope inheritance rules, and revocation propagation are defined in the protocol spec. These constraints are mathematically enforced, not policy-based.
Patent claims: 39-55 · Monotonic Narrowing
CERTIFICATION TIMELINE
MARCH 2026
NIST RFI submission — AI agent identity standards
MARCH 2026
LAUNCH Festival — live demo + investor outreach
Q2 2026
White paper publication — VAC Protocol specification with internal standards
Q4 2026
SOC 2 Type II — begin audit process (post-revenue)
Q4 2026
ISO 30107 — VAC's own PAD evaluation — VAC-entity, separate from the Didit-held Level 1 certificate
Q4 2026
ETSI TS 119 461 — EU identity-proofing conformity
USE OF FUNDS — CERTIFICATION BUDGET
Enterprise customers require certifications before procurement. The certification pipeline represents an estimated $200K-$500K investment across SOC 2 ($100K), ISO 30107 ($50K+), ETSI ($50K+), and ongoing compliance maintenance. This is a planned use of Series Seed funds — not a pre-revenue expense. VAC's patent portfolio (1028+ claims) provides defensibility while certifications are pursued.