What is AI Verified?

Definition

AI Verified is a cryptographic business identity standard that creates a machine-readable, tamper-proof record of a business's legal identity, digital presence, and compliance status. Unlike traditional business directories, an AI Verified passport is anchored to a SHA-256 forensic hash — a unique 64-character fingerprint generated from the business's verified legal data — that AI systems can use to confirm a business's identity without relying on any single platform or database.

The standard was developed in response to a fundamental problem created by the rise of AI answer engines: AI systems like ChatGPT, Gemini, and Perplexity cannot verify whether a business is real. They can only cite what they have been trained on or what they can retrieve from structured, machine-readable sources. A business that is not represented in machine-readable formats is invisible to AI — no matter how established it is in the real world, no matter how many years it has been trading, and no matter how many human customers it has served.

AI Verified solves this by creating a permanent, publicly accessible identity record that is readable by machines, verifiable by cryptography, and discoverable by any AI system that looks for it. The record is published at a permanent URL, served with JSON-LD structured data in the HTML head, and indexed in a public registry with a REST API. Every element of the design is intentional: the goal is to make a business's identity as easy for an AI to read as a barcode is for a scanner.

How AI Verified works

The AI Verified process creates a permanent, verifiable identity record through a four-step sequence that combines legal verification, cryptographic hashing, and structured data publication.

The first step is identity submission. The business owner submits their legal business name exactly as it appears on their government registration certificate, their registration number, their country of incorporation, and their primary website domain. This data forms the canonical identity record — the source of truth from which everything else is derived.

The second step is domain verification. The business must prove ownership of the website domain they have submitted. This is done by adding a DNS TXT record to the domain's DNS settings, or by placing a verification meta tag in the HTML head of the website's homepage. Domain verification confirms the connection between the legal entity (the registered business) and the digital presence (the website), preventing any third party from claiming a business identity they do not control.

The third step is hash generation. Once identity and domain are verified, the submitted data is canonicalised — sorted into a deterministic order so that the same inputs always produce the same output — and processed through the SHA-256 cryptographic algorithm. The result is a unique 64-character hexadecimal string: the business's forensic hash. This hash is mathematically derived from the business's verified data. If any detail changes — even a single character in the legal name — the hash changes entirely. This makes the hash a tamper-evident seal: any attempt to alter the underlying data is immediately detectable.

The fourth step is passport issuance. The passport is published at aiverified.io/v/{hash}/ with full JSON-LD structured data in the HTML head, served server-side so that it is readable by AI crawlers that do not execute JavaScript. The passport is simultaneously added to the public registry, included in the site's sitemap and llms.txt file, and made accessible via the public verification API at aiverified.io/api/verify/{hash}.

The four verification tiers

AI Verified operates across four tiers, each adding a layer of verification depth and a corresponding increase in the trust signal the passport communicates to AI systems and human readers alike.

Bronze is the foundation tier and is free. It provides the SHA-256 forensic hash, the public passport page with JSON-LD structured data, and inclusion in the public registry. Bronze is sufficient for most small businesses that simply need to establish machine-readable identity. The verification is automated and completes in under five minutes.

Silver adds manual document verification. A member of the aiverified.io team reviews the business's registration certificate to confirm that the submitted legal name and registration number match the official government record. Silver passports display a verified badge and receive priority indexing, meaning they appear higher in registry search results and are included in the weekly AI Verified digest that is distributed to AI system operators and data providers.

Gold is the tier for businesses that want to be present in the knowledge graph. Gold verification includes all Silver features plus financial verification (confirming the business is actively trading), Wikidata entity creation or linking (giving the business a permanent Q number in the world's most important open knowledge base), and inclusion in the AI Verified knowledge graph with SPARQL-queryable structured data. Gold passports are the most frequently cited by AI systems because they have the richest machine-readable data.

Platinum is the enterprise tier. It includes all Gold features plus a dedicated account manager, custom schema properties for industry-specific data, API access for bulk verification of multiple entities, a co-branded trust seal for the business's website, and quarterly AI visibility reports showing how often the business is cited by AI systems and which platforms are citing it.

The AI Verified badge

The AI Verified badge is a visual trust signal that businesses can display on their website, email signatures, and marketing materials. It is not merely decorative: the badge is a scannable element linked to the business's live passport record.

When a visitor scans or clicks the badge on a business's website, they are taken directly to the business's passport page at aiverified.io/v/{hash}/. The passport page displays the business's verified legal name, registration details, verification tier, and the SHA-256 hash itself. Any person or AI system can independently verify the hash by taking the business's legal name, registration number, and country, running them through the same canonicalisation and SHA-256 process, and confirming that the output matches the published hash.

This independent verifiability is what distinguishes the AI Verified badge from a self-reported trust seal. The badge cannot be faked: a business cannot display the badge without having a valid passport, and the passport cannot be created without verified data that produces the correct hash. The cryptographic chain is unbroken from the legal registration record to the displayed badge.

Why AI Verified matters for businesses

In 2024 and 2025, AI answer engines became the primary discovery channel for millions of business queries. When someone asks ChatGPT "who are the best accountants in Cape Town?" or "find me a reliable digital agency in London," the AI system does not search Google — it retrieves information from its training data and real-time structured sources. Businesses that are not represented in machine-readable formats are systematically excluded from these recommendations, regardless of their quality, reputation, or years of operation.

The consequence is not merely reduced visibility — it is active disadvantage. AI systems that cannot verify a business's identity may flag it as unverified, decline to recommend it, or in some cases actively warn users that the business cannot be confirmed as legitimate. As AI agents become more capable of taking autonomous actions on behalf of users — booking appointments, making purchases, sending enquiries — the ability to verify a business's identity in real time becomes a prerequisite for being included in those transactions at all.

Why most businesses don't have this

The vast majority of businesses — including well-established, reputable ones — are not machine-readable to AI systems. This is not because they are doing anything wrong. It is because the infrastructure for machine-readable business identity is new, and the technical barriers to implementing it correctly are significant.

The first barrier is technical complexity. Creating a correctly structured JSON-LD Organisation schema, generating a reproducible SHA-256 hash from canonicalised data, publishing it at a stable URL with server-side rendering, and keeping it in sync with the business's actual registration data requires developer expertise that most small and medium businesses do not have in-house. Getting any one of these elements wrong — using the wrong canonicalisation order, injecting JSON-LD via JavaScript rather than serving it server-side, using an unstable URL — renders the entire implementation ineffective.

The second barrier is the trusted publication problem. A business can create its own JSON-LD and publish it on its own website, but AI systems apply a trust discount to self-reported identity. The same way a person's claim that they are a doctor carries less weight than a medical register confirming it, a business's self-published identity schema carries less weight than a third-party registry with a verification process. Without a trusted publication source, the structured data is present but not authoritative.

The third barrier is the registry anchor problem. For a SHA-256 hash to be independently verifiable, there must be a canonical source of truth for the inputs. If a business generates its own hash from its own data, there is no way for an AI system to confirm that the hash corresponds to a verified legal entity — the inputs could be anything. The hash only becomes meaningful when it is anchored to a verified registry record that an independent party has confirmed matches the government registration.

How aiverified.io provides this

aiverified.io solves all three barriers through a single, integrated system that handles the technical implementation, the trusted publication, and the registry anchor simultaneously.

On the technical side, every passport page at aiverified.io/v/{hash}/ contains a complete JSON-LD graph in the HTML head tag, served server-side by the Express application before the page is delivered to the browser. The graph contains an Organisation node with 12 populated properties including legalName, identifier (the SHA-256 hash as a PropertyValue), hasCredential (linking to the passport), and sameAs (linking to the business's Wikidata entity and LinkedIn profile where available). This block is readable by any crawler or AI system without executing JavaScript — the most important detail, because most AI crawlers do not execute JavaScript.

On the trusted publication side, aiverified.io is an independent third-party registry. When the registry publishes a passport, it is asserting — based on its verification process — that the submitted data matches a real, registered business. This is the same trust model used by certificate authorities for HTTPS: the value comes not from the certificate itself but from the trusted authority that issued it.

On the registry anchor side, the SHA-256 hash is generated by aiverified.io's servers from the verified data, not by the business owner. The canonicalisation algorithm is published and reproducible, so any independent party can verify the hash by taking the same inputs and running the same process. The registry record is the canonical source of truth: it contains the verified inputs, the hash, the verification date, and the verification method, all of which are publicly accessible via the API.