Skip to main content

Compliance Certificates

What is a compliance certificate?

A comply54 compliance certificate is a structured JSON document that captures the full outcome of a policy evaluation in a format suitable for regulatory audit files, export-control logs, and internal compliance records.

Unlike a signed receipt, which is a compact JWT for machine verification, a certificate is human-readable and designed to be handed to auditors, filed with regulators, or stored in a document management system.

Every certificate includes:

FieldTypeDescription
certificate_idstringUnique identifier, prefixed cert_
audit_idstringMatches ComplianceResult.audit_id — links back to the raw result
issued_atdatetimeUTC timestamp of the evaluation
sector_packstringName of the sector pack that produced the result
jurisdictionslist[str]ISO country codes covered (e.g. ["NG", "KE"])
regulationslist[str]Human-readable regulation names evaluated
overallstringFinal decision: allow, deny, escalate, or audit
passedbooltrue if overall is allow or audit
violationslist[dict]Each violation with pack, regulation, messages, and citations
packs_evaluatedlist[str]Every policy pack included in the evaluation
integrity_hashstringSHA-256 fingerprint of the decision set — tamper-evident

Generating a certificate

From a sector compliance object

The fastest path — runs the check and returns a certificate in one call:

from comply54 import NigeriaFintechCompliance

compliance = NigeriaFintechCompliance()

cert = compliance.certificate(
action="transfer_funds",
params={"amount": 5_000_000, "currency": "NGN"},
)

print(cert.overall) # "deny"
print(cert.passed) # False
print(cert.certificate_id) # "cert_a3f9e12b8c01"
print(cert.integrity_hash) # SHA-256 hex string

From a ComplianceResult

If you already have a result from .check(), convert it directly:

result = compliance.check(
action="transfer_funds",
params={"amount": 5_000_000, "currency": "NGN"},
)

cert = result.to_certificate(
sector_pack="Nigeria Fintech Compliance",
jurisdictions=["NG"],
)

Exporting

# Pretty-printed JSON string — ready to write to a file or send to an API
json_str = cert.to_json()
print(json_str)

Example output:

{
"certificate_id": "cert_a3f9e12b8c01",
"issued_at": "2026-07-09T08:15:32.441Z",
"sector_pack": "Nigeria Fintech Compliance",
"jurisdictions": ["NG"],
"regulations": [
"Nigeria Data Protection Act 2023",
"CBN Consumer Protection Framework 2022",
"NFIU / MLPPA 2022"
],
"overall": "deny",
"passed": false,
"packs_evaluated": [
"nigeria/cbn",
"nigeria/ndpa",
"nigeria/nfiu-aml",
"universal/pii-leakage"
],
"violations": [
{
"pack": "nigeria/nfiu-aml",
"regulation": "NFIU / MLPPA 2022",
"jurisdiction": "NG",
"action": "deny",
"messages": ["Transaction exceeds ₦5,000,000 single-transaction threshold (CTR required)"],
"citations": [{ "article": "Section 9", "text": "Currency Transaction Report..." }]
}
],
"audit_id": "aud_7c2d4e9f1a",
"integrity_hash": "b3a7f2c...e91d"
}

Verifying integrity

The integrity_hash is a SHA-256 fingerprint of the evaluation's audit_id, overall decision, violations, and packs evaluated — computed at generation time.

Two certificates generated from the same ComplianceResult will always produce the same hash. If the hash changes, the certificate has been modified.

# Verify a certificate hasn't been tampered with after the fact
import hashlib, json

def verify_certificate(cert_dict: dict) -> bool:
payload = json.dumps(
{
"audit_id": cert_dict["audit_id"],
"overall": cert_dict["overall"],
"violations": cert_dict["violations"],
"packs": cert_dict["packs_evaluated"],
},
sort_keys=True,
)
expected = hashlib.sha256(payload.encode()).hexdigest()
return expected == cert_dict["integrity_hash"]

data = cert.to_dict()
assert verify_certificate(data)

Combining with signed receipts

Certificates and receipts serve different purposes and complement each other:

CertificateSigned receipt
FormatJSONJWT
AudienceAuditors, regulatorsDownstream systems, APIs
VerificationIntegrity hash (manual)Ed25519 signature (automatic)
ReadabilityHuman-readableMachine-readable
Use caseRegulatory filings, audit logsRuntime proof, inter-service trust

For the highest assurance, generate both from the same result:

from comply54 import NigeriaFintechCompliance
from comply54.receipts import sign_result, load_or_generate_key

compliance = NigeriaFintechCompliance()
result = compliance.check(action="transfer_funds", params={"amount": 5_000_000, "currency": "NGN"})

# Auditor-exportable certificate
cert = result.to_certificate(
sector_pack="Nigeria Fintech Compliance",
jurisdictions=["NG"],
)

# Machine-verifiable JWT receipt
key = load_or_generate_key()
receipt_jwt = sign_result(result, key)