Thesmios

EU AI Act

Own-product AI governance, ready for review.

The pack makes Thesmios' own verification system reviewable: risk controls, logging, human oversight, deployer support, credential evidence and audit anchors in one place.

Open pack JSONSecurity posture

Classification

AI-assisted credential verification and compliance workflow support

Managed as a high-risk-adjacent employment and worker-management system because outputs can influence hiring, onboarding and workforce compliance decisions.

The system scores evidence and routes human review. Customers remain responsible for employment decisions, but Thesmios keeps Article 9-15 controls visible and auditable.

No automated adverse decision is taken by Thesmios. Low confidence, sanctions matches and expired evidence require human review.

Credential stack

Issuer DID
did:web:thesmios.com
Verification method
did:web:thesmios.com#issuer-ed25519-2026
W3C VC 2.0 JSON-LDVC-JWTSD-JWT VC readinessStatusList2021BBS+ selective-disclosure proof request

Control map

Ready
5
In progress
3
Needs owner
1

Article 9 · Security and compliance

Risk management system

Every verification decision carries a risk score, a reason, and a human-review path before an adverse employment decision can be made.

Ready
Multi-signal verifierAudit anchor

Article 10 · Privacy

Data governance and provenance

Sources, issuers, timestamps, redactions and recipient scopes are attached to every credential before it is shared.

In progress
Signed credential APISubprocessor register

Article 11 · Product and legal

Technical documentation

The pack maps product purpose, model inputs, output limits, human oversight, data retention and monitoring controls for procurement review.

In progress
EU AI Act packSecurity posture

Article 12 · Platform

Automatic logging

Credential checks, score changes, share views, export events and reviewer actions are written to an append-only audit trail.

Ready
Immutable audit evidence

Article 13 · Product

Transparency to deployers

Employer screens explain why evidence is verified, needs review or requires action, including confidence components and source labels.

Ready
Verification score endpoint

Article 14 · Compliance operations

Human oversight

Thesmios does not make final adverse employment decisions. Low confidence or risky matches route to a named human reviewer.

Ready
Reviewer workflow

Article 15 · Engineering and security

Accuracy, robustness and cybersecurity

Issuer trust, document authenticity, entity matching, freshness, cross-source corroboration and monitoring risk are scored separately.

In progress
Score breakdown APISecurity controls

Article 26 · Customer success

Deployer obligations support

Employer views surface scope, purpose, source, human review status and logs so deployers can use the system under their own governance.

Ready
Presentation definitions

Article 72 · Security and compliance

Post-market monitoring

Incident, drift, false-positive and reviewer-override reviews are defined; production monitoring needs an accountable owner before launch.

Needs owner
Status page