Two competent people, verified live — at the moment of the decision.
VAC proves each is competent (authority), genuinely present (live biometric), and that both were there (an immutable audit) — a two-person control built on logins can prove none of that.
The core value for a firm: narrow, bounded delegation of authority to an AI agent, and a tamper-evident audit of exactly what it did within that scope — professional accountability and an evidentiary trail. The live biometric is the high-assurance step-up at the moment that matters most: the high-stakes seal. Every matter on this page turns on a question a court or a tribunal may have to answer years later: did the right person authorise this — or validly delegate it — and can anyone check, independently, that the record has not been altered since?
AI agents made the gap impossible to ignore. In a March 2026 preliminary injunction — Amazon v. Perplexity — a US federal court found Amazon likely to succeed on the claim that an AI shopping agent's access was "unauthorised" as a matter of law even though the user had expressly authorised it: the user's permission did not settle the question. That injunction is now stayed pending a Ninth Circuit appeal, argued June 2026 — the law is unsettled in both directions, which sharpens the point rather than softening it. A principle the market is converging on — liability follows authorisation — holds whichever way the appeal lands: the party that cannot produce the authority trail is the one left exposed.
Australian law reached the same point first, from the other direction. In Pintarich v Deputy Commissioner of Taxation [2018] FCAFC 79, the Full Federal Court held that a computer-generated output was not a valid decision at all: a decision in law requires a human's actual mental process of reaching a conclusion, bound to an objective manifestation of it — the failure Robodebt later made infamous. Every seal on this page is that binding made provable: a verified person, a deliberate act, a signed record that can answer for itself years later.
But the same gap has sat quietly in legal practice for years. A will, a power of attorney, a rental bond — each rests on paper and a witness, relied on long after the signer can confirm anything. The agent cases did not create the problem; they put a clock on it.
The six matters below are the legal vertical: ordinary NSW trust & tribunal work, walked through on VAC rails. The same two primitives reach well past law — that is where this page ends. Pick a matter to walk through it.
Verified Human Root ties every agent action to an accountable human. Being advanced toward IETF standardisation.
In a live deployment the baseline human presence can ride on the firm's existing sign-on (Okta, Entra, FaceID) — VAC integrates rather than replaces it. This bespoke biometric is the high-assurance step-up reserved for the high-stakes seal: face liveness, deepfake scan, and a cross-modal gesture and spoken-number challenge, run live against the VAC production backend. The cross-modal binding is being hardened, so it is shown here as a live capability rather than the gate that mints the credential — either try it, or continue straight to the matters.
The VAC identity model mints a credential that is yours and reusable: evidence that a specific, living person — not a bot, not a recording — was present and verified. The cryptographic signing, authority chain and liveness are live in production; the cross-modal gesture binding is being hardened (we don't yet stake the credential on it). Every matter below builds on this verified-human root.
This credential can also be delegated with constraints — bounded to a purpose, an amount, a counterparty, a time. That is exactly what the matters below demonstrate, each producing a sealed, independently-checkable receipt.
Choose a matter type
The rail beneath every matter · identity-bound data release
Every matter above ends in a sealed receipt — but the same rail does something the matters only hint at: it can govern who may open a document, and under what conditions. Not "share a file with a password." A file or message that opens only for a verified, living recipient — confirmed by face, voice and liveness at the moment of viewing — optionally bound to a location and to the recipient actually attending the screen, with every open recorded.
Why this isn't document DRM. Existing tools — secure data rooms and PDF DRM (Digital Rights Management: the software that locks a file so only an approved device or account can open it) — bind access to a device, an account, or an email link, so anyone holding that device opens the file. VAC binds to a verified living person, checked biometrically at the instant of opening. That is the one thing a DRM vendor cannot copy without a liveness-and-anti-deepfake pipeline — and it is the same rail that signs the receipts in the matters above.
Honest status. The data-release capability — biometric, geo and attention gates — runs today as a working two-party prototype. It is not yet session-continuous with this walkthrough, so it is shown here as a capability of the rail rather than a wired step in the demo; the location and attention gates are best-effort and tamper-evident (every open is logged and any circumvention is detectable), not a cryptographic guarantee — which is the honest, and we think the right, claim for legal release conditions. Full integration is the next build with the Law Society.
A short, plain-language brief on the standards and intellectual-property decision behind VAC — non-technical, four specific questions I'd value your read on. Separate from the matters above; no need to act on our call, just a read beforehand.
Open the Standards & IP note →The full rail, end to end
The identity step you just saw is one link in a chain. In a live deployment a firm sets up its organisation and connects its existing sign-on, delegates bounded authority to its people and agents, and every authority decision lands in a single accountability record it can audit.
Create the organisation and connect your existing single sign-on (Okta, Microsoft Entra, or similar) — VAC rides on the identity you already run, it doesn't replace it. Then invite your people.
Where every authority decision lands: the signed record of who authorised what, under which rules, and when — plus every refusal. A live, tamper-evident audit trail an auditor or a tribunal can read. Shows real records from the backend.
The same primitives as a developer API — issue scoped authority tokens, authenticate via API key, your SSO, or biometric, delegate human-to-agent, and pull the signed audit record. Ed25519-signed tokens anyone can verify.
The same protocol, other high-stakes domains
Verified human authority, policy that travels with the work, and a sealed, auditable decision trail are not specific to legal trusts. The same primitives apply wherever who authorised what, under which rules has to be provable after the fact.