Submission declined on 5 May 2026 by RangersRus (talk). This draft reads like an advertisement. Wikipedia is an encyclopedia, not a platform for promotion or marketing. Drafts that are exclusively promotional may be deleted without notice. Wikipedia articles must be written neutrally in a formal, impersonal, and dispassionate way. They should not read like a blog post, advertisement, or fan page. Rewrite the draft to remove: promotional language: see Words to watch; personal commentary: opinions or direct addresses to the reader; informal language. Instead, only summarize in your own words a range of independent, reliable, published sources that discuss the subject. If you have a conflict of interest (e.g. you are the subject, an employee, or a relative) or are being paid to edit, you must disclose this to comply with Wikipedia's Terms of Use. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by RangersRus 34 days ago. Last edited by RangersRus 34 days ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

• Comment: Submitted for review. Article concerns a legal-engineering methodology with two Bulgarian patent applications, four Zenodo deposits with DOIs, an ISSN-indexed conference paper, an institutional publication on the European Commission community platform, and direct comparison with three independently published academic frameworks (ZKMLOps, ZKAUDIT, IoA Audit). The author of the article (User:Sirrado) is the inventor of the method and has declared a conflict of interest on the user page. Sirrado (talk) 08:17, 5 May 2026 (UTC)

ZKAP (Zero-Knowledge Audit Protocol) is a legal-engineering methodology for cryptographic verification of regulatory compliance of artificial intelligence systems, introduced by Bulgarian jurist Radoslav Yordanov Radoslavov in the period 2025–2026, and the subject of two Bulgarian patent applications.^[1][2] The protocol applies zero-knowledge proofs to allow a regulator to obtain mathematical assurance that a given system satisfies a formally specified regulatory requirement, without disclosing the sensitive data, model parameters or internal state on which the assurance rests.

ZKAP in this sense is distinct from other cryptographic schemes that share the same acronym, in particular Zero-Knowledge Access Pass — an anonymous-authorisation token used in distributed-storage and blockchain systems. Both approaches are built on the mathematics of zero-knowledge proofs, but they address different problems: Zero-Knowledge Access Pass establishes a right of access without revealing the user's identity, whereas the Zero-Knowledge Audit Protocol establishes regulatory compliance without revealing the regulated data.

The concept was first presented in March 2026 at the XI International Scientific Conference "High Technologies. Business. Society" in Borovets, Bulgaria.^[1] A preprint with full cryptographic formalisation and a soundness theorem was deposited on Zenodo on 22 April 2026.^[3] Two further pieces appeared in the European Commission's Apply AI Alliance community-content platform (Futurium) on 2 April and 18 April 2026, presenting the method to a regulatory audience.^[4][5]

The conceptual core of the method is described in an earlier 2025 publication by Radoslavov in Industry 4.0 (Winter Session, vol. 2), where the dual-domain architecture and the idea of cryptographic verification of legal duties are introduced, but without specification of the full protocol.^[2]

ZKAP is a methodological response to a structural conflict between three regulatory regimes of the European Union:

• Regulation (EU) 2024/1689 (the AI Act) requires transparency of high-risk AI systems — explainability of decisions, traceability of training data, risk assessment, active human oversight, and immutable audit logs;
• The General Data Protection Regulation (GDPR; Regulation (EU) 2016/679) prohibits disclosure of personal data without a valid legal basis;
• Directive (EU) 2016/943 protects trade secrets and undisclosed know-how of model developers.^[4]

For cognitively opaque models — in particular large language models — the AI Act's transparency duties and the GDPR / trade-secret prohibitions enter into direct collision: full disclosure as required by the supervisor simultaneously violates the other two frameworks. The same conflict structure arises under the NIS2 Directive in respect of cybersecurity duties.^[5]

The protocol substitutes a duty of disclosure with a duty of cryptographic proof: the regulator receives a mathematical assurance that the system is compliant with a particular rule, without seeing the data, the model weights, or the internal state on which the rule operates.^[2][1] The proof is a zero-knowledge proof — a cryptographic construction known since the 1980s, which allows one party to prove the truth of a statement without revealing the underlying content.^[1]

The methodology partitions information in the system into two zones:

• R-Domain (Raw Domain) contains raw data — training sets, model weights, end-user personal data, internal policies. This zone never leaves the obligated party's infrastructure.
• C-Domain (Compliance Domain) contains the cryptographic proofs derived from the R-Domain. This zone is publicly visible to the regulator. The proofs do not disclose the contents of the R-Domain but mathematically attest to specific statements about it.^[1]

According to the publications, sensitive information consequently does not travel along the conventional chain "regulator → court → experts → opposing party", because such information does not exist outside the obligated party's perimeter.^[2]

The conceptual core of ZKAP is the so-called "polynomialisation of law" — the translation of formalised legal norms into mathematical constraints, which can be verified by means of zero-knowledge proofs (such as zk-SNARKs or zk-STARKs).^[1] An obligation expressed in legal language is transposed into an obligation expressed in the language of cryptography, so that verification becomes machine-executable and independent of human discretion.

The publications describe the possibility of embedding basic formalised regulatory rules directly into hardware — at the level of the computational element, rather than as a subsequent software control layer. The implementation uses a specialised hardware element designated Provable Arithmetic Logic Unit (pALU), which secures determinism and resistance to algorithmic drift. This approach realises the principle of "safe by design": violation of a regulatory invariant cannot occur during execution, instead of being detected after the fact.^[1]

The protocol is presented as operating in several modes depending on the system's risk profile and regulatory context:^[1][5]

• Embedded mode (compliance-by-design) — a compliance proof is generated on every execution of the system, in real time.
• Retrospective mode — subsequent verification of past operations against retained logs.
• Parallel mode (shadow audit) — independent oversight in real time, without intrusion into the production environment.
• Hybrid mode — a staged combination, suited to administrative and judicial procedures.

ZKAP is the work of Bulgarian jurist Radoslav Yordanov Radoslavov (ORCID: 0009-0003-6868-8083). The methodology was developed independently in 2025–2026 on the basis of a dual practical engagement — in civil forfeiture practice and in legal regulation of artificial intelligence. Both fields share a common structural problem: a duty to disclose imposed by a supervising authority versus a prohibition against disclosure of sensitive material.^[2][1]

Between 2006 and 2023, Radoslavov served as a jurist in the Bulgarian anti-corruption commission (successively known as CECDPMI, KONPI, and the Commission for Counteracting Corruption and Forfeiture of Illegally Acquired Property) — the institutional context on which the conceptual foundations of ZKAP were later built.^[6]

The principal technical constructions of ZKAP are the subject of two Bulgarian patent applications:^[1]

• BG/P/2026/114317 — Bulgarian Patent Office, filed 30 March 2026. International Patent Classification (IPC): G06F 21/64; G06N 20/00; H04L 9/32.
• BG/P/2026/114328 (system identifier PTBG202600000316742) — Bulgarian Patent Office, filed 12 April 2026; partial priority from BG/P/2026/114317.

Both filings activate Paris Convention priority until 30 March 2027 and 12 April 2027, respectively, for international extension via the European Patent Office, the UK Intellectual Property Office, and the Patent Cooperation Treaty.

• Radoslavov, R. Y. (2025). "Management and Regulation of Artificial Intelligence Models: Concept for Transparency and Accountability in Administrative Activities". Industry 4.0, Winter Session, vol. 2, pp. 320–321. ISSN 2534-997X. DOI: 10.5281/zenodo.19614243.
• Radoslavov, R. Y. (2026). "Management and Regulation of AI Models in Public Administration: Cryptographic Transparency and Digitalization of Legal Norms". Artificial Intelligence Proceedings, vol. 2026, no. 1, pp. 75–78. ISSN 3033-2923 / 3134-1667. DOI: 10.5281/zenodo.19509511.

• Radoslavov, R. Y. (2026). "ZKAP: An Enforcement Protocol for Verifiable Regulatory Compliance of Machine-Learning Inference via Certified Stack Binding". Preprint, Zenodo, 22 April 2026 (under embargo until 31 March 2027). DOI: 10.5281/zenodo.19698949.

• "ZKAP: Zero-Knowledge Audit Protocol — Solving the Cognitive Barrier in AI Act & NIS2 Oversight". Apply AI Alliance Futurium, 2 April 2026.
• "After Mythos: Why Frontier AI Conformity Assessment Requires a Cryptographic Layer". Apply AI Alliance Futurium, 18 April 2026.

ZKAP forms part of a broader academic line which applies zero-knowledge cryptography to the auditing of machine learning. Related frameworks include:

• ZKMLOps (Scaramuzza et al., 2025) — an engineering framework for integrating zero-knowledge primitives into MLOps pipelines.^[7]
• ZKAUDIT (Waiwitlikhit et al., 2024) — a computation-focused framework for zero-knowledge audit of individual ML inference computations.
• Zero-Knowledge Audit for Internet of Agents (Jing & Qi, 2025) — application of zero-knowledge proofs to inter-agent communication.^[8]

ZKAP is distinguished from these by its focus on the legal-engineering layer — specific articles of the AI Act (Articles 12, 13, 14, 15, 27) and the architectural separation between R-Domain and C-Domain — rather than on individual engineering components.^[1]

• Zenodo community "zkap-ai-governance"
• GitHub repository
• ORCID profile of the inventor

Category:Artificial intelligence Category:Cryptography Category:Zero-knowledge proofs Category:Technology law Category:Artificial intelligence regulation Category:Bulgarian inventions