CERTavia Vault — litzki-systems.com

CERTavia Vault — Cryptographic Verification Record ID: cv_016b0d560dbdc378

CERTavia is an independent EU AI Act compliance audit standard for organizations deploying AI-adjacent systems. It evaluates infrastructure integrity, machine readability, identity consistency, transparency, agentic declarations, and AI governance across 6 clusters — producing a binary verdict of CERTIFIED or FAILED.

This is a read-only, time-stamped verification record anchored at time of audit completion. No rescan occurs on this page. The data reflects the state of litzki-systems.com at the moment of the CERTavia Compliance Audit. Record expires 90 days after issuance.

Audit Verdict

✓ CERTIFIED

EU AI Act · CERTavia v1.1

CES Score

94 /100

CERTavia Compliance Score

Valid Until

June 25, 2027

⇓ Download PDF Report

Technical Score Breakdown

CES

/100

CERTavia Compliance Score

EU AI Act Annex III

CERTavia Compliance Audit v1.1

Compliance Clusters A–F (click to expand)

Cluster A Digital Infrastructure

96/100 PASS ▶

Art.15 DORANIS2

1 Parameter nicht erfüllt: integration.sslGrade.

Technische Sicherheitsinfrastruktur erfüllt DORA- und NIS2-Anforderungen vollständig.

✓ SPF-Record NIS2 Art.21

✓ DMARC-Record NIS2 Art.21

✓ DMARC-Policy (Enforcement) NIS2 Art.21 / DORA Art.13

✓ CAA-Record NIS2 Art.21

✓ DNSSEC DORA Art.13 / NIS2 Art.21

✓ SPF-Permissivität (+all) NIS2 Art.21

✓ DMARC Reporting (rua=) NIS2 Art.21

✓ HSTS (Strict-Transport-Security) DORA Art.13 / NIS2 Art.21

✓ HSTS (max-age ≥ 1 Jahr + preload) DORA Art.13

✓ X-Content-Type-Options NIS2 Art.21

✓ Framing-Schutz (X-Frame-Options) NIS2 Art.21

✓ Referrer-Policy NIS2 Art.21

✓ Content-Security-Policy (CSP) DORA Art.13 / NIS2 Art.21

✓ Keine Server-Versioninfo NIS2 Art.21

✓ HTTP/2 (ALPN) DORA Art.13

✓ HTTP/3 (QUIC) —

✓ Nur HTTPS (kein HTTP) DORA Art.13 / NIS2 Art.21

✗ TLS-Grade (Ziel: A oder A+) DORA Art.13

TLS 1.0 und 1.1 deaktivieren. Empfohlene nginx-Konfiguration: ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:...; ssl_prefer_server_ciphers on;. Mit SSL Labs testen: ssllabs.com/ssltest

✓ Google Safe Browsing NIS2 Art.21

✓ sameAs-URLs erreichbar Art.13 EU AI Act

✓ Security-Header-Score NIS2 Art.21

✓ Kein Mixed Content NIS2 Art.21

✓ MX-Record (Mail-Server) —

Cluster B Data Protection & Consent

100/100 PASS ▶

Art.13Art.50

Alle Parameter erfüllt (100/100).

Inhalte maschinenlesbar aufbereitet. Art.13-Transparenzpflicht nachweisbar erfüllt.

✓ API-Katalog (OpenAPI/JSON) Art.13 EU AI Act

✓ JSON-LD SoftwareApplication Art.13 EU AI Act

✓ Link-Header (RFC 8288) RFC 8288

✓ LLMS strukturiert (Sektionen) Art.13 EU AI Act

✓ LLMS Inhaltabdeckung Art.13 EU AI Act

✓ LLMS/Sitemap-Konsistenz Art.13 EU AI Act

✓ /llms.txt Art.13 EU AI Act

✓ /llms-full.txt Art.13 EU AI Act

✓ /.well-known/sovp-identity.json SOVP RFC draft-03

✓ Knowledge-Cluster (JSON-LD) Art.13 EU AI Act

✓ /agents.md RFC 9727 / Art.13 EU AI Act

✓ D2.agentsMdStructured

✓ llms.txt (Agentic-Lesbarkeit) Art.13 EU AI Act

✓ Web-Corpus-Indexierung Art.13 EU AI Act

✓ AI Citability Art.13 EU AI Act

✓ Speakable (schema.org) —

✓ sameAs Autorität (Wikidata/Wikipedia) Art.13 EU AI Act

✓ DefinedTerm (JSON-LD) Art.13 EU AI Act

✓ DefinedTerm (reichhaltig) Art.13 EU AI Act

✓ Markdown-Seiten erreichbar Art.13 EU AI Act

Cluster C Legal Compliance

83/100 PASS ▶

Art.13

3 Parameter nicht erfüllt: rcc.dnsTxt, D4.wikipedia, D4.wikidata.

Unternehmensidentität konsistent über alle Quellen. Identitätsnachweis erbracht.

✓ RCC llms.txt-Richtlinien SOVP RCC / Art.13 EU AI Act

✓ RCC JSON-LD Compliance SOVP RCC

✗ RCC DNS-TXT Deklaration SOVP RCC

DNS-TXT-Record für SOVP-Deklaration anlegen: "_sovp.example.com" TXT "v=SOVP1; ai=opt-in; contact=compliance@example.com".

✓ JSON-LD vorhanden Art.13 EU AI Act

✓ Organization-Schema Art.13 EU AI Act

✓ Person-Schema (Verantwortliche) Art.13 EU AI Act

✓ FAQ-Schema —

✓ Datum (datePublished) Art.13 EU AI Act

✓ sameAs (Identitätsnachweise) Art.13 EU AI Act

✓ Canonical-URL —

✓ Sprach-Attribut (lang=) DSGVO / Barrierefreiheit

✓ Robots-Meta (korrekt) Art.13 EU AI Act

✓ Interne Links erreichbar —

✓ DefinedTerm im Schema Art.13 EU AI Act

✓ Semantisches HTML —

✗ Wikipedia-Eintrag Art.13 EU AI Act

Wikipedia-Eintrag anlegen (sofern Relevanz-Kriterien erfüllt) oder bestehenden Eintrag auf Aktualität prüfen. sameAs im JSON-LD auf Wikipedia-Artikel verlinken.

✗ Wikidata-Eintrag Art.13 EU AI Act

Wikidata-Eintrag unter wikidata.org anlegen: P856 (offizielle Website), P17 (Land), P452 (Branche) ausfüllen. ID in JSON-LD sameAs eintragen.

Cluster D Transparency

75/100 PASS ▶

Art.50

2 Parameter nicht erfüllt: consent.consistency, consent.granularity.

Consent-Management und Bot-Zugangspolitik dokumentiert und konform nach Art.50.

✗ Consent-Abdeckung DSGVO / Art.50 EU AI Act

Cookie-Consent-Banner auf allen Seiten der Domain aktivieren. Plattformen: Cookiebot, OneTrust, Usercentrics oder eigene IAB-TCF-konforme Implementierung.

✗ Consent-Konsistenz DSGVO / Art.50 EU AI Act

Consent-Banner einheitlich auf allen Subdomains und Seiten einbinden. Inkonsistenzen zwischen Subdomains (www. vs. ohne) beseitigen.

✗ Consent-Granularität DSGVO Art.7 / Art.50 EU AI Act

Consent nach Kategorien aufschlüsseln: Notwendig / Statistik / Marketing / KI-Personalisierung. Nutzer müssen kategoriespezifisch zustimmen oder ablehnen können.

✓ KI-Crawler: GPTBot (OpenAI) Art.53 EU AI Act

✓ KI-Crawler: ClaudeBot (Anthropic) Art.53 EU AI Act

✓ KI-Crawler: PerplexityBot Art.53 EU AI Act

✓ KI-Crawler: OAI-SearchBot (OpenAI) Art.53 EU AI Act

✓ KI-Crawler: Google-Extended (Bard/Gemini) Art.53 EU AI Act

✓ KI-Crawler: anthropic-ai Art.53 EU AI Act

✓ KI-Crawler: CCBot (Common Crawl) Art.53 EU AI Act

Cluster E Agentic Readiness

100/100 PASS ▶

Art.13Art.50

Alle Parameter erfüllt (100/100).

Agentic-Schnittstellen vollständig deklariert. Maschinelle Interoperabilität nachweisbar.

✓ MCP-Endpoint (/.well-known/mcp.json) SOVP RFC draft-03

✓ API-Katalog (OpenAPI/JSON) Art.13 EU AI Act

✓ /agents.md RFC 9727 / Art.13 EU AI Act

✓ Link-Header (RFC 8288) RFC 8288

✓ /llms.txt Art.13 EU AI Act

Cluster F AI Governance

100/100 PASS ▶

Art.14Art.50DORA 19

AI-Governance: 100/100 (120/120 Rohpunkte)

KI-Governance-Deklaration vollständig. Kernnachweis für CERTIFIED erfolgreich erbracht.

✓ AI-System-Offenlegung (ai-disclosure.json) Art.13 EU AI Act25/25pts

✓ Menschliche Aufsicht (Art.14) Art.14 EU AI Act20/20pts

✓ Annex-III-Klassifikation Annex III EU AI Act20/20pts

✓ Daten-Governance (Art.10) Art.10 EU AI Act20/20pts

✓ Technische Dokumentation (Art.11) Art.11 EU AI Act20/20pts

✓ incidentReporting Art.73 / DORA 1915/15pts

Cryptographic Attestation

CERTaviaAttestation ✓ Cryptographically Signed

Subject Domain litzki-systems.com

Verdict CERTIFIED

CES Score 94

Issued by certavia.org

Framework CERTAVIA_V1

Signed Jun 25, 2026, 07:07 PM

Expires —

Public Key Ref dns:txt:_sovp.certavia.org

Signature (Ed25519) IKpsB/Tf6OpkXQmzSjyn4+IW0DtnT08+9ajR0UGQRjhlvXyS…

Full Attestation Document (JSON)

{
  "@context": "https://litzki-systems.com/protocol/v1.5",
  "@type": "CERTaviaAttestation",
  "attestation": {
    "ces_score": 94,
    "compliance_framework": "CERTAVIA_V1",
    "issued_by": "certavia.org",
    "scanned_at": "2026-06-25T19:07:54.428Z",
    "valid_until": "permanent",
    "vault_hash": "016b0d560dbdc378",
    "verdict": "CERTIFIED"
  },
  "subject": {
    "canonical_url": "https://litzki-systems.com",
    "domain": "litzki-systems.com"
  },
  "integrity_proof": {
    "signature": "IKpsB/Tf6OpkXQmzSjyn4+IW0DtnT08+9ajR0UGQRjhlvXyS8UBGvi2siCaBfk2FodgyLcwZb+QkEseSaDuUCA==",
    "created": "2026-06-25T19:07:54.431Z",
    "public_key_ref": "dns:txt:_sovp.certavia.org",
    "nonce": "1d4e9fdd-8743-4720-948f-47f985ba6d82"
  }
}

Embed This Certificate

Paste this snippet on your website to display a verifiable link to this certificate.

<a href="https://vault.litzki-systems.org/c/016b0d560dbdc378" target="_blank" rel="noopener noreferrer"
   title="CERTavia CERTIFIED — litzki-systems.com — CES 94/100">CERTavia CERTIFIED — CES 94/100</a>

Independent Verification

1
Fetch the machine-readable record via API Query the public verify endpoint to retrieve signed attestation data: GET https://vault.litzki-systems.org/verify/c/016b0d560dbdc378
2
Retrieve the Ed25519 public key via DNS The signing key is published in the DNS TXT record of the issuer: dig TXT _sovp.certavia.org
3
Verify the signature with any Ed25519 library Use the full attestation JSON from the section above. The signed payload covers: domain, verdict, CES score, timestamp.

Who stands behind the standard?

CERTavia is an auditing standard developed and operated by Litzki Systems LLC (Florida, USA). The scoring methodology is the Sovereign Validation Protocol (SOVP), submitted to the IETF as draft-litzki-sovp-03. Protected by U.S. Provisional Patent Application No. 64/005,737.

Thorsten Litzki, inventor of SOVP and founder of Litzki Systems LLC, is responsible for the design and integrity of the CERTavia scoring framework.

certavia.org litzki-systems.com draft-litzki-sovp-03 Lookup API