We published an IETF Internet-Draft, draft-marques-asqav-compliance-receipts , that profiles the upstream draft-farley-acta-signed-receipts envelope for EU AI Act and DORA bindings. This post explains what the profile does and why each piece is there. What the profile does The upstream draft specifies a generic signed receipt envelope for AI agent actions: a wire format, a canonicalization rule, a signature suite, and an optional hash chain. It is intentionally regulation-agnostic. The Asqav profile takes that envelope as-is and adds four things on top of it. It tightens fields that the upstream draft marks OPTIONAL into REQUIRED for any receipt that claims the profile, including payload_digest , action_ref , and policy_digest . It sets a retention floor tied to the underlying regulation: six months for high-risk AI Act receipts, five years for DORA receipts. It mandates dual-anchoring. Every receipt carries an RFC 3161 timestamp and an OpenTimestamps witness.…