KYA requirements
The KYA ladder is the regulator answer to “who authorized this payment”. Each level demands a different piece of evidence.
Level matrix
| Level | Evidence | Stored where | Verifiable how |
|---|---|---|---|
| L0 Registered | Email + API key creation | oris_agent_profiles | Account record |
| L1 Verified | Developer KYB attestation | Sealed envelope + on-chain hash | KYB record on file with the developer |
| L2 Trusted | Ed25519 signature from human principal | Sealed envelope + on-chain hash | Signature against principal pubkey |
| L3 Autonomous | 30 days clean activity + Veris baseline signature | L7 audit log + L3 attestation | Replay log + Veris BLS verify |
| L4 Institutional | Offline contractual review + signed addendum | Sealed envelope + signed PDF | Quorum unseal + signature check |
L1 evidence: developer KYB
The developer attests that the agent is a legitimate operational artifact of their organization. The attestation references:
- The developer’s KYB record (corporate registration, beneficial ownership).
- A signed statement linking the agent to a business purpose.
- An Ed25519 signature over the agent id + purpose hash.
Oris does not perform the developer KYB; the developer’s provider (Turnkey, Fireblocks, Circle, etc.) does. Oris validates that the attestation is signed by a key registered to a KYB-verified developer.
L2 evidence: user delegation
A human principal signs an Ed25519 delegation that authorizes the agent to act within a stated scope. The delegation includes:
- agent id
- principal address (on-chain identity)
- permitted scope (payment categories, max delegated amount)
- expiration timestamp
The signature lives in the sealed envelope. On-chain anchor records the delegation hash. Revoking the delegation revokes the agent’s L2 status on the next evaluation cycle.
L3 evidence: behavioral baseline
The Veris engine captures the agent’s transaction shape over thirty days:
- typical counterparty cluster
- typical asset and chain mix
- typical hourly and daily volume
- transaction-size distribution
After thirty days with zero drift events, the engine emits a baseline signature (BLS12-377 by the Veris MPC ring). The signature is a public commitment to “this agent has demonstrated stable behavior”. L3 promotion is automatic on that signature.
L3 demotion is also automatic. Drift score above the policy threshold triggers a one-level demotion on the next evaluation.
L4 evidence: institutional review
L4 unlocks treasury-scale payments and the regulator-portal disclosure path. Oris does not auto-promote to L4. A compliance officer at the operator’s organization reviews:
- the L3 baseline,
- the operational history,
- the legal entity behind the agent (corporate, foundation, sovereign),
- the regulator relationship.
The result is a signed addendum to the master agreement. The addendum is stored in the sealed envelope; the hash is anchored on chain.
Where to go next
- KYA feature for the ladder operator view.
- L1 Identity for the cryptographic ground truth.
- Audit trail for how attestations are recorded.