Pillar 04 — Regulatory Attribute Proof

Regulatory Attribute Proof.

Pass only the facts AI needs as proofs — never the personal data.

Send regulatory attributes — KYC, age, location — to AI without ever handing over the original. One of the four axes that make up Lemma's trust infrastructure.

Answering the demands that matter most right now
Use AI in your operations without handing it personal information
You need an audit trail for Japan's APPI and regulatory compliance
You need independent verifiability that goes beyond masking and anonymization
01 · What Regulatory Attribute Proof is

Keep the original in your hands — pass only the attributes to AI.

Extract the attributes you need and deliver them to AI together with a cryptographic proof. The original stays in-house.

Internal systems

Original data

Holds the full customer record (name, address, date of birth, transaction history, and more).

The original stays in-house
Lemma

Extract attributes,
attach a proof

1 Extract only the attributes needed
2 The issuer signs
3 Generate a ZK proof
Never touches the original data
AI
AI / business systems

Only attributes + proof arrive

jurisdictionJP
age_over18
aml_cleartrue
zk_proof
The original data never arrives

Think of it like a seal-registration certificate (inkan shōmeisho).

When you open a bank account, you submit a seal-registration certificate (inkan shōmeisho) rather than your entire family register — you may have done exactly this. It is a document that officially certifies only the facts that are needed. Lemma's Regulatory Attribute Proof works the same way: instead of handing your whole original data set to AI, you pass only the attributes that are needed, together with a proof.

What is disclosed

The attribute facts + proof

  • The attributes a regulation asks about, such as jurisdiction = JP
  • The cryptographic signature of the issuer (a KYC provider, a public agency, and so on)
  • A ZK proof that any third party can independently verify
Kept private

The original data

  • name
  • address
  • birth_date
  • Transaction history and every sensitive attribute
What this structure produces
AI sees only the attributes + proof — it can never access the original
The original data stays in-house and never reaches AI logs or model providers
The issuer of each attribute is fixed by a cryptographic signature
A third party can independently verify whether an attribute is true without ever seeing the original

Bring AI even into work that handles personal information.

AI adoption and personal-information protection hold together within the same structure
The "we can't use AI because we can't share the personal information" deadlock disappears
The compliance audit trail is recorded into the workflow itself
02 · How it differs from existing approaches

How it differs from masking, encryption, and monitoring.

Hiding, protecting, or observing alone can't deliver the attributes AI needs.

Approach
Can deliver attributes to AI
Original stays in-house
Independently verifiable
Cryptographic proof
Masking
Data encryption
Monitoring / detection
Lemma Regulatory Attribute Proof
03 · Where it sits in the trust infrastructure

P4 is one of the four axes that make up Lemma's trust infrastructure.

P1 Origin P2 AI P3 Authority P4 Attributes
See the full trust infrastructure →
04 · Putting it to work

Business scenarios that use this axis.

P4 · KYC
KYC/AML selective disclosure
18+
P4 · Age
Selective age verification
P4 · Location
Store-network compliance
P4 · Counterparty
Counterparty screening
P4 · Customer flag
Need-to-know customer flags
P4 · Eligibility
Benefit-eligibility proof
See all use cases →
05 · Technical reference

Prove only the attributes — with cryptography built in-house.

Selective disclosure

Disclose only the attributes that are needed and mathematically conceal the rest. Unlike masking, a third party can verify it independently.

Zero-knowledge proof

Prove "age 18 or over" without handing over the date of birth. Only the truth of the attribute reaches the verifier.

Issuer signature

Cryptographically fix the issuer of an attribute (a KYC provider, a public agency, an internal system). Who attested it can be verified after the fact.

// your.attribute.v1 — Lemma canonical schema
{
  "$schema": "your.attribute.v1",
  "jurisdiction": { "disclosed": "JP" },
  "age_over": { "disclosed": 18 },
  "aml_clear": { "disclosed": true },
  "name": { "hidden": true },
  "address": { "hidden": true },
  "birth_date": { "hidden": true },
  "issuer": "kyc-provider.jp",
  "zk_proof": "0x9c4f...e7d2"
}
Developer guides for implementing P4

Technical documentation related to this axis.

GUIDES Disclose Only What AI Needs
GUIDES Prove Facts with Zero Knowledge
GUIDES Query Verified Attributes
GUIDES Define Your Domain as a Schema
See all technical documentation →
06 · Next steps

See it for yourself with a business scenario.

For business teams

Discovery Call

We'll hear your business scenario in 30 minutes. No technical details, personal information, or confidential data required.

Get in touch →
For developers

Try the Schema

Try your.attribute.v1 in the Lemma Dashboard in 5 minutes. Read it alongside the SDK and Guides.

Dashboard →