◆ GOV-002 · VICCA ONE

The formal
determination.

When a regulator asks how you governed a decision, VICCA ONE is your answer. A cryptographically sealed, publicly verifiable determination of your governance defensibility.

The question regulators are now asking
"Can your governance posture withstand article-level inspection?"
Start Assessment See the Process
A
ANAX Standard · VICCA ONE
Governance Certificate
Global Determination
DEFENSIBLE
Certificate Reference
VC-2025-EUR-004471
Framework Determinations
DORA 2022 Defensible
EU AI Act 2024 Defensible
GDPR 2016/679 Defensible
ISO 27001:2022 Conditional
NIS2 2024 Defensible
Authority Hash · SHA-256
a3f8c1d2e9b4076f5a2c8d1e3b7f9a4c2d6e8f1b3c5a7d9e2f4b6c8d0e2f4a6
Issued: 13 April 2025 · Valid 12 months
verify.anaxstandard.com →

What VICCA ONE Is

A formal authority
assessment. Not a
compliance tool.

VICCA ONE evaluates an organisation's decision-making posture against regulatory control frameworks and produces a cryptographically sealed, publicly verifiable determination of defensibility.

The kind that stands up in front of a National Competent Authority. That satisfies board-level due diligence requirements. That provides the sealed evidence counterparties and investors increasingly demand before engaging with regulated AI systems.

What It Is Not

Not a compliance checklist. Checklists document intent. VICCA ONE determines defensibility.
Not a gap analysis tool. Gap analyses identify problems. VICCA ONE produces a sealed formal determination.
Not a report generator. Reports describe. The Governance Defensibility Certificate constitutes legal proof.
Not an annual audit. ISO checks your policies once a year. VICCA ONE certifies how your decisions behave.

The Process

Five steps to a sealed
determination

01
Client Context
LOCK

The organisation's identity is established and locked. System name, system type, deployment model, jurisdictions, data categories. This becomes the immutable reference frame for the entire assessment. Once locked, it cannot be changed.

Identity Lock Jurisdiction Map System Classification
02
Operational Intelligence Layer
OIL

Structured evidence collection. The organisation provides documentary evidence against each regulatory control. VICCA ONE classifies each input as MATURE — fully implemented, documented, operational; PARTIAL — in development or inconsistent; or ABSENT — not in place.

Mature Partial Absent
03
Authority Determination
DETERMINATION

VICCA ONE evaluates every applicable control and produces a Statement of Applicability — a control-by-control determination. Each control receives one of four statuses: DEFENSIBLE, CONDITIONALLY DEFENSIBLE, NOT DEFENSIBLE, or REFUSED where insufficient information exists.

Statement of Applicability Control-by-Control
04
Global Outcome
POSTURE

The aggregate of all control determinations produces a single global governance posture. DEFENSIBLE — the organisation can defend its posture. CONDITIONALLY DEFENSIBLE — defensible with stated conditions. NOT DEFENSIBLE — material governance gaps exist requiring remediation.

Global Posture Remediation Plan
05
Sealed Certificate
CERTIFICATE

The determination is cryptographically sealed and a Governance Defensibility Certificate is issued. The certificate contains a reference number, assessment date, framework results, SHA-256 authority hash, and a QR verification code linked to verify.anaxstandard.com. The certificate is not a document. It is a sealed evidence record.

SHA-256 Sealed QR Verification Public Registry

Determination Outcomes

Three possible verdicts.
One sealed record.

Defensible

Your governance posture can withstand regulatory scrutiny

All evaluated controls meet the required standard of evidence. The organisation can defend its decision-making posture under article-level inspection. A Governance Defensibility Certificate is issued immediately.

Conditionally Defensible

Posture is defensible with stated conditions

The majority of controls are satisfied, but specific conditions apply. The certificate is issued with conditions clearly stated. A remediation path is provided. The organisation can typically achieve full defensibility within 60–90 days.

Not Defensible

Material governance gaps exist

One or more critical controls cannot be defended under regulatory scrutiny. No certificate is issued. A detailed remediation plan is provided with a prioritised action sequence. Reassessment is available once remediation is complete.

Regulatory Frameworks

Every framework evaluated.
Simultaneously.

DORA
Digital Operational Resilience Act 2022
29 controls
EU AI Act
Artificial Intelligence Act 2024
41 controls
GDPR
General Data Protection Regulation
24 controls
ISO 27001
Information Security Management 2022
93 controls
NIS2
Network & Information Security Directive 2
21 controls

Assessment Tiers

Three tiers of
formal determination

Choose the tier that matches your regulatory exposure and the level of scrutiny your institution faces.

I
Deterministic Defensibility
€35,000
Single framework · Delivery 1–2 days
Single framework assessment — DORA or EU AI Act
Full control-by-control determination
Sealed Governance Defensibility Certificate
SHA-256 authority hash
QR-linked public verification
Ideal for initial posture assessment before NCA inspection or board review.
Request Assessment
II
Dual Framework Determination
€60,000
DORA + EU AI Act · Delivery 2–3 days
DORA + EU AI Act simultaneous evaluation
Cross-framework conflict analysis
Full control-by-control determination
Sealed Governance Defensibility Certificate
SHA-256 authority hash + QR verification
Remediation roadmap if required
Recommended for financial entities deploying AI systems facing obligations under both frameworks simultaneously.
Request Assessment
III
Audit-Ready Verified
€85,000
Operator-verified · Delivery 5–7 days
All Tier II inclusions
Operator-verified inputs
Evidence sampling and validation
Independent governance verification
NCA submission-ready documentation
Full audit trail with chain of custody
Required when counterparty due diligence, regulatory submission, or NCA inspection demands independently verified inputs.
Request Assessment

Ongoing Governance

Continuous defensibility
on retainer

Governance posture is not a point-in-time event. Regulations change. Your systems evolve. Your retainer keeps your determination current.

Essential Retainer
€8,000
per month
Two formal assessments per quarter
Regulatory monitoring
Priority scheduling
Ongoing defensibility tracking
Professional Retainer
€15,000
per month
Unlimited formal assessments
Dedicated VICCA ONE operator
Monthly governance posture report
Board pack included
Regulatory change monitoring with impact assessment
Institutional Retainer
€25,000+
per month
Full stack coverage across all frameworks
ANASSA executive intelligence sessions
NCA liaison support
White-glove service
Annual AGC certification journey managed end-to-end

Public Verification

Every Certificate is
publicly verifiable.

Every Governance Defensibility Certificate issued by VICCA ONE is permanently registered in a public verification registry. Any counterparty, regulator, or board member can verify its authenticity in seconds — without contacting you.

verify.anaxstandard.com Live Registry
Enter Certificate Reference to verify
ANAX-2025-GBR-004471-T2
Verify
Certificate Valid · DEFENSIBLE
Reference: ANAX-2025-GBR-004471-T2
Issued: 13 Apr 2025 · Valid: 12 months
Tier: II — Dual Framework
Frameworks: DORA · EU AI Act
Hash: a3f8c1d2e9b4076f5a2c8...
Open Verification Portal →

Who Uses Verification

01 National Competent Authorities — Regulators can independently verify that a formal governance determination was conducted, sealed, and issued — before any inspection begins.
02 Counterparties & Investors — Before engaging with your institution, counterparties verify your governance certificate directly. No PDFs exchanged. No calls scheduled. Instant trust.
03 Board & Audit Committees — Internal governance bodies can verify that the certificate displayed in board packs is authentic — sealed, timestamped, and unaltered.
04 Courts & Legal Proceedings — The sealed certificate record constitutes verifiable evidence of governance defensibility — a timestamped, cryptographically sealed determination made prior to the event in question.

Begin Your Determination

Your governance posture
is either defensible
or it is not.

Request a VICCA ONE assessment. Our team will scope your regulatory exposure, confirm the appropriate tier, and begin your formal determination within five business days.

Start Assessment Explore Canal