ResEthiq is India’s first and only data veracity infrastructure. We make trust in AI measurable, cryptographic, and machine-verifiable - transforming datasets into proof-bearing assets that endure audit, regulation, and time.
Regulators, auditors, and courts are asking questions most organizations can't answer. Where did the data come from? Was it altered? Can you prove what your model was trained on — exactly?
Clinical AI trained on unvalidated data carries direct risk to human life. Integrity is a prerequisite, not a feature.
FDA, EMA, and EU AI Act require data provenance, traceability, and reproducibility. Most pipelines cannot demonstrate this.
Courts require a chain of evidence for AI-driven decisions. Without it, exposure is unlimited and indefensible.
Without a sealed, signed dataset record, results cannot be reproduced — making scientific claims indefensible.
Seals the exact dataset version into a cryptographic Merkle root — deterministic across every platform. Any modification, even a single character, is instantly detectable.
→ Immutable fingerprintForensic investigation: duplicate records, train/test leakage, suspiciously perfect patterns, domain anomalies, and hidden preprocessing artifacts.
→ Structured findingsApplies versioned domain-specific policy rules — separation, provenance, independence. Every failure recorded as a clear, defensible assertion.
→ Policy complianceOutputs Approved / Restricted / Rejected — packaged as an Ed25519-signed Policy Object with full audit trail, independently verifiable offline by anyone.
→ Signed proof objectWithout Resethiq, the training dataset, the checks run, and the policy applied are not retrievable in a legally defensible form. With Resethiq, the sealed evidence pack — frozen at pipeline approval — answers every question an auditor or court will ask.
Resethiq freezes data at collection, signs it, and generates an audit-ready evidence pack that travels with every regulatory submission — independently verifiable without system access.
Resethiq gives startups the compliance evidence layer that unlocks enterprise deals — transforming a procurement checkbox into a verifiable, trust-building asset.
Walk through what Resethiq actually does at the critical decision points in high-stakes AI pipelines.
A healthcare AI team has prepared a 2.3M-row dataset from three hospital systems. Before training begins, Resethiq runs as a mandatory pipeline gate.
The Trust Kernel freezes the dataset — computing a Merkle root across every row and column. Any modification, even a single character, produces a different root and will be detected at verification time.
Forensic examination checks for duplicates across sources, train/test leakage, policy-defined medical domain constraints, and provenance violations. All rules pass. Training is authorized. The signed SPO is archived.
The team can demonstrate, at any future point, exactly what data was used, under which policy, and that it passed every check at the time.
During a routine audit, a compliance officer asks to verify the training dataset against the archived SPO. The file appears identical — same filename, size, and metadata.
But Resethiq recomputes the Merkle root from raw bytes and compares against the signed root. They do not match.
This is not a warning. It is a hard, signed, verifiable fact — the dataset was modified after the signing event. Resethiq exits code 2 (Mismatch). The evidence is preserved in the Evidence Ledger permanently.
The compliance team has cryptographic proof of post-signing modification, enabling precise investigation.
A pharma company submitting a companion diagnostic AI to the FDA is asked to provide data integrity evidence. The reviewer wants a provenance chain — independently verifiable without accessing company systems.
The company retrieves the Resethiq Audit Bundle: a PDF summary, signed SPO, evidence pack ZIP, and public key — all self-contained.
The reviewer runs the Verifier CLI offline. No system access. No API. No trust required. The root recomputes identically. Signature validates. Submission complete.
Cryptographic data integrity demonstrated to the regulator — independently verifiable, without sharing system access.
Enterprise procurement evaluates an AI diagnostic vendor. The questionnaire asks: "Can you provide data integrity evidence that our team can independently verify?"
Previously, vendors answered with attestations and SOC 2 reports — none independently verifiable at the data level. Resethiq changes the answer entirely.
The vendor shares their Audit Bundle. The security officer runs the Verifier CLI in under 5 minutes. Cryptographic evidence is clear. Vendor approved.
Resethiq becomes the integrity layer that unlocks enterprise deals, transforming compliance into a verifiable trust asset.
High-risk AI systems must demonstrate data governance and traceability. Why dashboards won't be enough — and what will.
Read more →The design decisions behind Resethiq's Trust Kernel — and why deterministic canonicalization across platforms is harder than it sounds.
Read more →A plain-English breakdown of the FDA's PCCP framework and what "good machine learning practice" means for data integrity evidence.
Read more →Request a demo and see what Resethiq proves about your data — before a regulator asks first. We work with you through a structured 12-week pilot sprint.
We review every request. Resethiq pilots are for healthcare AI, pharma, and regulated AI teams. We'll respond within 2 business days.
Resethiq's research team publishes on the regulatory landscape, technical architecture, and real-world implications of data integrity enforcement for high-stakes AI.
Annex III of the EU AI Act creates mandatory data governance obligations for high-risk AI. We break down what "data provenance" means in practice, why existing monitoring tools fall short, and what verifiable integrity evidence actually looks like.
Resethiq's Trust Kernel uses a Merkle tree over canonicalized row bytes. We explain the design decisions: why canonicalization is harder than it looks, how determinism across macOS arm64 and Linux x86_64 is enforced, and why content-addressing enables offline verification.
A plain-English breakdown of the FDA's PCCP (Predetermined Change Control Plan) framework, the GMLP guidance, and what "good machine learning practice" means for data integrity evidence in medical device submissions under 21 CFR 820.
Data quality tools observe and alert. Data integrity enforcement decides and proves. This piece maps the conceptual and practical gap between the two — and explains why organizations relying on dashboards will not survive regulatory review.
A technical walkthrough of Resethiq's cryptographic signing layer: the choice of Ed25519 over RSA, the canonical encoding invariant, KMS abstraction design, and how offline verification works without trusting Resethiq's servers.
Resethiq exists because high-stakes AI has crossed a threshold. The systems we help certify touch patient lives, clinical decisions, regulatory submissions, and legal accountability. Our commitment is to the integrity of those systems — above all else.
Our Verifier CLI works 100% offline. We do not want you to trust us — we want you to verify independently. This is an architectural commitment, not a marketing claim. The math doesn't lie, even when humans do.
Every integrity decision is stored as a content-addressed, cryptographically sealed object. Resethiq cannot alter historical records. Neither can our customers. The ledger is the truth.
We deliberately start in healthcare and pharma — the domains where the cost of integrity failure is measured in human harm. We would rather do this right in one domain than do it carelessly across many.
Resethiq does not surface alerts for humans to interpret later. It makes enforceable decisions — Approved, Restricted, or Rejected — backed by verifiable proof. Vagueness is a form of negligence we refuse to practice.
These invariants are enforced in CI/CD and architectural reviews. They cannot be bypassed — not by customers, not by Resethiq engineers, not by anyone.
Resethiq is a data integrity enforcement layer for high-stakes AI pipelines. It acts as a security checkpoint for data before it enters any sensitive workflow — training, validation, clinical studies, or regulated approval.
Before data is allowed to train an AI model, support a clinical claim, or be deployed into regulated production, Resethiq performs four fundamental operations: it freezes the dataset, examines it forensically, applies strict policy rules, and produces a signed, enforceable outcome.
"Resethiq makes sure only trustworthy data is allowed to power high-stakes AI — and proves it beyond doubt."
The core insight is that existing tools observe and warn; Resethiq enforces and proves. A dashboard can tell you something looks wrong. Resethiq can prove what was right, under which policy, at a specific point in time — in a form that survives legal and regulatory scrutiny.
Resethiq seals the dataset so everyone knows exactly which version was checked. This prevents silent updates, last-minute swapping, and post-hoc manipulation.
Technically, the Trust Kernel transforms raw data (CSV, Parquet, or Arrow format) into a canonical byte representation — a deterministic encoding that produces identical output on macOS arm64 and Linux x86_64. From these canonical bytes, it computes a Merkle root: the dataset's unique cryptographic fingerprint.
"Think of this as sealing evidence in a legal case, or notarizing a document so nobody can claim it was different later. Except the Merkle root is mathematically verifiable by anyone."
Once frozen, any change to the dataset — even a single character in a single field — produces a completely different Merkle root. This mismatch is detectable instantly at verification time, even years later, without access to Resethiq's systems.
Resethiq looks for signals that the dataset may be unreliable or unsafe. This is not a data quality score or a prettified dashboard. It is a forensic investigation with a precise question: can this dataset be trusted for this purpose under this policy?
The examination detects:
Duplicated or recycled records across sources — common when datasets are assembled from multiple hospitals or trial sites without deduplication controls.
Suspiciously perfect patterns often seen in synthetic or fabricated data — statistical signatures that no naturally-collected dataset would exhibit.
Train/test leakage — records appearing in both training and test splits, which inflates model performance metrics without any real-world validity.
Distribution anomalies and schema inconsistencies — unexpected shifts in value distributions, mismatched column types, or implausible values indicating hidden preprocessing.
Every detected issue is recorded as a clear, structured assertion — not a vague warning — so that the policy enforcement step can make a precise, defensible decision.
Resethiq converts integrity requirements into explicit, testable constraints encoded in a versioned policy spec (YAML or JSON). These rules are domain-specific, not generic best practices.
Examples of policy rules Resethiq enforces:
Separation rules: training and test data must not share any records. Domain rules: medical values must stay within physiologically plausible ranges. Independence rules: clinical trial groups must satisfy statistical independence constraints. Provenance rules: forbidden or unlicensed data sources must not appear anywhere in the provenance chain.
"If a rule is broken, the failure is recorded as a clear, defensible assertion — not a vague warning. Vagueness is a form of negligence we refuse to practice."
Crucially, every SPO (Signed Policy Object) is bound to the exact policy digest that governed it. The rules that applied are permanently recorded alongside the outcome. An auditor can always see what rules were checked — and which version of those rules was in effect at the time.
Resethiq produces one of three outcomes: Approved (safe to use), Restricted (use with constraints and monitoring), or Rejected (not permitted). This is not a recommendation — it is an enforceable gate wired directly into your CI/CD pipeline.
The outcome is packaged as a Signed Policy Object (SPO): a cryptographically signed, content-addressed record stored in the Evidence Ledger. The SPO contains the Merkle root, the policy digest, the Ed25519 signature, a timestamp, and the full audit trail.
This object can be shared with auditors, regulators, partners, or courts as verifiable proof — independently checkable offline by anyone with the Verifier CLI, without trusting any of Resethiq's infrastructure. That is the zero-server-trust guarantee.
Resethiq is built around four core components:
Trust Kernel (rk) — Rust: The core proof generation engine. Written in Rust for determinism and performance. Handles spec parsing, canonical transformation (CSV/Parquet → Arrow → Bytes), Merkle root computation with range/inclusion proofs, and Ed25519 signing with KMS abstractions. Processes 5M+ row datasets in streaming mode.
Verifier CLI (resethiq-verify): The independent credibility anchor. Functions 100% offline. Can recompute the Merkle root from raw data, validate Ed25519 signatures, and verify the complete evidence chain from a bundle ZIP. Exit codes: 0 (Pass), 2 (Mismatch), 3 (Invalid Signature), 4 (Version Mismatch).
Evidence Ledger: Postgres-indexed, content-addressed object store. Objects stored at path objects/<hash_prefix>/<hash>.cbor. The index is rebuildable from object storage alone — no single point of failure.
Audit Bundle Generator: Produces PDF audit reports and signed evidence pack ZIPs. Every output is bound to a versioned policy digest and includes everything needed for independent verification.
Resethiq is built for organizations where data mistakes are unacceptable.
Primary users (high urgency, high stakes): Healthcare AI teams and hospitals deploying clinical decision support. Pharmaceutical companies and CROs running clinical trials. Regulated AI startups in diagnostics, risk scoring, and medical decision support. Data science teams working under compliance and audit requirements.
Secondary users (control and oversight): Internal and external auditors who need clear evidence chains. Risk, legal, and compliance teams who sign off on AI systems. Regulators and assessment bodies. Enterprise procurement committees evaluating AI risk.
"These buyers are not paying for better charts. They are paying for risk prevention and defensible proof."
Expansion markets: Finance and insurance risk models. Government datasets and policy decision pipelines. Large-scale enterprise AI training pipelines. Data marketplaces and model-sharing ecosystems where trust between parties is required.
We are opening our 12-week structured pilot programme to healthcare AI teams, clinical AI companies, and regulated AI startups. The pilot includes full Trust Kernel access, Verifier CLI, Evidence Ledger, and hands-on integrity engineering support. Applications are now open.
Our Rust-based Trust Kernel now achieves verified identical Merkle roots across macOS arm64 and Linux x86_64 for datasets of 5M+ rows in streaming mode, passing all L0–L6 test layers.
A technical perspective on the architectural patterns, cryptographic choices, and design trade-offs that make a data integrity enforcement system defensible in regulated environments.
Resethiq was founded with a clear mission: make data integrity in AI pipelines verifiable, enforceable, and defensible. We're starting with healthcare and pharma, where the cost of getting it wrong is measured in human harm.
Pulse is our hands-on pilot programme for healthcare AI teams, pharma companies, and regulated AI startups. We work with you through a structured 12-week integrity engineering sprint.
Resethiq's Rust-based proof engine on your actual datasets
Offline-capable verification and content-addressed storage
Healthcare, pharma, or finance rules crafted for your context
Live demonstration of detection and evidence packaging
Structured onboarding from specs to security-hardened deployment
We review every application. Resethiq pilots are for organizations where data mistakes have serious consequences. We'll respond within 2 business days.
Thank you for your interest in ResEthiq Pulse. We review every application carefully and will respond within 2 business days to discuss your specific use case and pilot structure.
In the meantime, explore our and to deepen your understanding of how Resethiq works.