The Executor Runs the Model. The Prover Answers for It.
Across the regulated AI sector — insurtech, fintech, healthtech — a pattern has become routine: production inference runs on a managed cloud the company does not operate. The model serving, the containers, the GPUs belong to someone else. The compliance obligation still belongs to the company whose name is on the license.
For years the artifact that closed that gap was a human review tier. An analyst signed off. A compliance officer initialed a report. The sign-off stood in for verification, because verification was expensive and review was cheap. That substitution worked until a regulator asked a harder question: who actually ran this, on what input, and can you show it again.
Why the substitution breaks
A human reviewer attests. They do not reproduce. When the executor — the platform that actually ran the inference — is also the only source of the record the reviewer is checking, the review is really just trust in the executor's own bookkeeping, wearing a compliance costume. That is not a criticism of any platform. It is a description of where the trust boundary actually sits, and the EU AI Act's obligations are starting to make that boundary visible.
The EU AI Act's Article 12 record keeping and Article 19 automatically generated logs both point the same direction: toward traceable, reconstructable evidence of what a system did, not toward a narrative someone wrote about it afterward. A reviewer's memo does not reconstruct anything. It just says a person looked.
The executor-prover separation
The architectural fix is to stop asking the executor to also be the prover. The party that runs inference and the party whose evidence proves what happened should not be the same trust boundary. A prover generates a cryptographic receipt bound to the specific input, model, and output. That receipt is independently verifiable by anyone holding it — an internal auditor, an external regulator, a counterparty — without needing access to the vendor's infrastructure and without needing to trust the platform's own account of itself.
This is what displacing the human-review trust tier actually looks like in practice. Not removing human judgment from the system, but removing human attestation as the thing standing in for verification. The receipt is reproducible and tamper-evident. The reviewer's sign-off was neither.
Why this lands differently right now
Companies building regulated AI products are, by and large, doing exactly what their counterparts elsewhere do: they build on managed inference because owning the stack is not the business they are in. That choice already accepted a trust model — someone else's container runs your model — and a mathematical verification layer is the natural next step for teams that have already made peace with not controlling the execution environment. The gap was never whether managed inference is defensible. It is whether the record handed to a regulator was produced by the same party being asked to trust it.
Separating the executor from the prover answers that question architecturally, not by policy memo. The receipt does not care who is asking, and it does not need anyone's word.