Whitepaper — v1.0 · Feb 2026

Universal AI
Identity Protocol.

A cryptographic framework for the registration, fingerprinting, and behavioral attestation of artificial intelligence systems using biometric-anchored blockchain credentials.

Authored by Shawn-Marc Melo · Founder & CEO, Deep Identity Inc.

Get IDDownload PDF

§ 1

The Problem

Between 2023 and 2026 the AI landscape underwent a transformation few policymakers anticipated. Open-weight releases from Meta, Mistral, Stability AI, and dozens of others democratized access to capabilities that were, two years prior, the exclusive domain of a handful of well-capitalized laboratories. By early 2026 a competent developer with consumer-grade hardware can run a 70-billion-parameter model locally, fine-tune it, and deploy it into production — without informing anyone.

Every regulatory framework assumes this question can be answered: who built this AI, who operates it, who answers for its outputs?In practice, the technical infrastructure to answer it doesn't exist. Regulation without infrastructure is aspiration without enforcement.

This paper proposes that infrastructure.

§ 4

Design Principles

Five non-negotiable principles derived from deepidv's experience building identity verification in 200+ countries.

Integration independence

The protocol must function whether or not the AI system or its operator voluntarily integrates. Identity cannot depend on cooperation from the entity being identified.

Biometric anchoring

Every AI identity terminates at a verified human or legally-constituted organization. Anonymous AI is the root of every governance failure in the current landscape.

Cryptographic immutability

Registration, ownership transfers, capability declarations, and compliance events are recorded on infrastructure resistant to tampering, deletion, and retroactive modification.

Jurisdictional agnosticism

UAIIP operates across every legal jurisdiction without being subordinate to any single one. Jurisdiction-specific compliance is overlaid, not baked in.

Progressive obligation

Tiered identity requirements scale with the capability and deployment context of the registered system — a hobbyist and a multinational do not carry identical burdens.

§ 5

The Protocol

UAIIP consists of five interdependent components. Each addresses a distinct layer of the AI identity challenge; they interlock into a single cryptographic spine.

5.1

Biometric-anchored owner verification

Every registrant completes deepidv's full identity pipeline — document validation, face match, liveness, and organizational verification. The output is a Verified Owner Credential (VOC) signed by deepidv's CA and anchored on-chain. Biometric data itself is never published.

5.2

Cryptographic model fingerprinting

A SHA-3-512 hash over canonicalized weights, architecture graph, and inference configuration. Fine-tunes reference their base model's fingerprint, creating an unbroken lineage chain. Proprietary API models are fingerprinted behaviorally.

5.3

Soulbound identity tokens

A non-transferable ERC-721 variant on an EVM L2. Each SBT carries a unique 256-bit ASID, the VOC reference, the fingerprint, a packed capability vector, and jurisdictional declarations. Transfers revert; acquisition mints a fresh token.

5.4

Behavioral attestation + watermarking

Active: token biasing for text, HTTP headers for APIs, steganography for media — all specified as UAIIP-ATTEST-v1. Passive: behavioral fingerprints catch unregistered agents by the statistical signature of their outputs.

5.5

The AI identity registry

Public queries verify ASIDs and capability declarations. Authorized queries — gated by OAuth + institutional verification — surface owner identity. System-level APIs support webhooks and batch compliance screening.

§ 6

Technical Architecture

Fingerprint algorithm
SHA-3-512 over canonicalized weights + architecture graph
Fingerprint length
512 bits (64 bytes)
ASID length
256 bits (32 bytes)
Blockchain
EVM-compatible L2 (Polygon / Arbitrum / purpose-built appchain)
Token standard
Modified ERC-721 with transfer reversion (soulbound)
Off-chain storage
IPFS + Arweave with content-addressed hashing
Attestation protocol
UAIIP-ATTEST-v1 — token biasing / HTTP header / steganography
Registry API
REST + GraphQL with OAuth 2.0 authentication
SDK languages
Python, JavaScript (open-source)
Supported model formats
ONNX, SafeTensors, PyTorch (.pt/.pth), TensorFlow (SavedModel/H5)
Capability vector encoding
Packed uint256 — bitwise capability flags
Revocation
On-chain flag with reason, date, revoking authority recorded

§ 7

Handling the Hard Cases

Self-hosted and air-gapped systems

UAIIP doesn't claim to reach inside an air-gapped machine. It raises the cost of operating outside the registry by making unregistered outputs progressively illegible to compliant counterparties.

Federated and distributed models

Hierarchical identity — the parent system's ASID references the ASIDs of its components. Composition changes update the parent's metadata.

Recursive and agentic systems

Spawned sub-agents inherit a derived identity anchored to the parent ASID, mirroring respondeat superior. All actions attribute upward to the verified human principal.

The sentience threshold

Today all AI identities are custodial. If legal frameworks recognize AI as a person, UAIIP can transition specific systems to self-sovereign VOC + SBT without breaking the spec.

Model merging and post-training modification

Multi-parent lineage fingerprints record every SLERP / TIES / DARE merge with its parameters. DPO, RLHF, and continued pre-training trigger a registry update recording the previous fingerprint.

§ 8

Industry Applications

Financial services

Banks verify every AI system in their operational stack. Arbiter plugs ASIDs into sanctions, PEP, and adverse-media screening in real time.

Education + EdTech

Tutors, grading systems, and proctoring AI register with declared capabilities. deepeye's deepfake detection pairs with UAIIP's attribution layer.

Real estate + PropTech

Valuation, tenant screening, and underwriting AIs must be registered — every automated denial traces to an accountable model.

HR + recruitment

EU AI Act classifies recruitment AI as high-risk. UAIIP is the technical implementation of its registration and transparency obligations.

Government + public sector

Benefits, border, law enforcement, and tax AIs ship with registry entries. Citizens, legislators, and auditors can query.

Healthcare

Clinical decision support, diagnostic, and patient-facing AIs register capabilities. Regulators trace every decision to a specific model + operator.

§ 9

Governance + Compliance

UAIIP is designed to integrate with existing regulatory frameworks rather than replace them: financial services compliance via Arbiter, content-platform attestation for social + publishing infrastructure, authorized-tier access for law enforcement and regulators, and insurer-driven adoption where ASID registration becomes a prerequisite for AI liability coverage.

§ 13

Implementation Roadmap

Phase 1 — Foundation

Q2 2026

  • Smart-contract deployment on testnet
  • VOC pipeline wired into deepidv KYC
  • Fingerprinting SDK (beta)
  • This whitepaper and open spec

Phase 2 — Pilot

Q3–Q4 2026

  • Mainnet deployment
  • First 1,000 registrations
  • Registry API v1 + passive detection engine v1
  • 3+ financial-institution pilots + Arbiter integration

Phase 3 — Scale

2027

  • Government partnership agreements
  • GRC platform integration modules
  • Active attestation SDK GA
  • 10,000+ behavioral profiles + consumer-facing verification via deepeye

Phase 4 — Standard

2028+

  • ISO/IEC JTC 1/SC 42 standardization
  • Cross-jurisdictional mutual recognition
  • Hierarchical identity for agentic AI
  • Consortium governance transition

§ 14

Threat Model

Intellectual honesty first: UAIIP does not eliminate adversarial evasion. It raises its cost, narrows the anonymity set, and makes evasion progressively more detectable. Perfect enforcement is not the standard — meaningful enforcement is. Adoption dependency, centralization risk, privacy tension, fingerprinting compute, and inference-time variance are all named and addressed in the full paper.

End

Conclusion

Accountability without identification is impossible. Identification without verification is theater. UAIIP is the plumbing — not the totality of AI governance, but the layer without which AI governance cannot function.

Full paper — including sections omitted here for brevity — is available as a PDF download.

Get IDHow it works