The spec stays free and open. The hosted registry is a small paid service on top.
PRML is a CC BY 4.0 specification with MIT-licensed reference implementations in Python, JavaScript, Go, and Rust. The spec itself is free, forever, and cannot be revoked. The Pro tier below adds a tenanted private registry with ten-year Article 18 retention. Audit memos, Annex IV documentation and notified-body submissions are priced separately as one-off Sprint engagements.
- Full PRML v0.2 spec (CC BY 4.0)
- Reference implementations in Python, JS, Go, Rust
- 20 byte-equivalent conformance vectors
mlflow-falsifyplugin (PyPI)- Self-host the registry anywhere
- Public manifests on
registry.falsify.dev - Community support via GitHub Issues
- Everything in Developer
- Private hosted registry, tenanted
- 10-year retention guarantee (Article 18 floor)
- Up to 1,000 manifests / month
- Up to 8 team members
- Email support, written, 48-hour response
- Conformance badge for your tool or model card
Need more than the platform?
Annex IV technical documentation, notified-body submission packages, a signed Article 12 Evidence Pack, or a full Article 12/15 readiness audit are not part of the Pro subscription. Those are written engagements priced separately by deliverable, scoped in days and weeks rather than monthly bills, and they include twelve months of Pro platform access on top.
Three Sprint tiers exist: a five-day Audit Review for one evaluation claim at €15,000, a three-week Full Sprint for multiple claims plus CI deployment at €65,000, and an eight to ten week Enterprise Engagement with custom Annex IV documentation from €180,000.
Why two ways to pay
The open spec answers one question: can a third party detect that the evaluator moved the goalposts after seeing the result? That question is free to ask, free to answer, and free to verify. We do not gate that.
The Pro subscription exists for teams that want their manifests in a tenanted private registry with a real ten-year retention SLA. It is the lowest-touch way to run PRML in production.
A Sprint engagement exists for teams that need a written deliverable: an audit memo, an Annex IV section, an Evidence Pack a notified body can use. Sprint is the founder's time, scoped and fixed-price. It is not a subscription, and the price reflects deliverable scope rather than seats or volume.
Most teams start with Developer, move to Pro when they need retention and private storage, then commission a Sprint when an audit lands on the calendar.
FAQ
Why no checkout? Why everything by email?
This is a small project, currently maintained by one person, and we want every paying customer to be a real conversation, not a guessed-at credit card charge. Once a contract is agreed we invoice in EUR via SEPA or wire. Stripe self-serve checkout will arrive when we have the volume to justify it.
Why is everything written? Why no calls or demos?
Founder preference and a hard operational rule. All communication is via email, in English. We will send detailed answers, sample Evidence Packs, an asynchronous walk-through video on request, and as much technical detail as you need to make a decision. We will not get on a call. If that is incompatible with your buying process, we are not the right vendor.
What's the difference between Pro and a Sprint engagement?
Pro is an ongoing subscription to a hosted private registry. You log in, your team commits manifests, the platform keeps them for ten years. No founder hours go into a Pro account beyond setting it up.
A Sprint is a one-off written engagement. The founder reviews your evaluation claims, writes a memo or a full Article 12 documentation package, and signs the output for use with auditors and notified bodies. Sprint pricing reflects scope, not volume. Every Sprint includes twelve months of Pro platform access bundled, so you do not pay twice.
How is this different from a GRC platform like Holistic AI or Credo AI?
It is not the same product. A GRC platform is a top-down dashboard that maps your AI portfolio to a hundred regulatory controls. Falsify is a bottom-up technical primitive for one specific corner of Article 12 and 15 — pre-committing the evaluation manifest cryptographically so retroactive edits become detectable. The two compose well. Most of our customers will already have a GRC tool. Falsify is the thing the GRC tool's "Article 12 logs" field points at.
What does "early access" actually mean?
It means three things. First, Pro prices are locked in for your first contract term once signed. Second, we will work with you to shape the v0.3 spec and the Evidence Pack format, in writing. Third, response-time SLAs are best-effort during early access and become contractual on renewal. If that is too loose for your procurement team, a Sprint engagement is the more contractual route.
What if the 2 August 2026 deadline gets pushed?
Article 99 penalties bind regardless of the politics around enforcement timing. Article 12 logs are also a sensible engineering practice independent of the AI Act. Our pricing is not premised on the deadline holding. If you want to wait and see, the Developer tier costs nothing and gives you everything you need to be ready inside one sprint when the date arrives.
Can a notified body or audit firm use Falsify on behalf of their clients?
Yes. We are explicitly designing the Evidence Pack format with notified bodies in mind. If you are a notified body, an audit firm, or an insurance underwriter and want a technical briefing on PRML as a recognised methodology under ISO/IEC 42001 Control A.8 (record-keeping), email [email protected] with subject "PRML technical submission" and we will send the pass/fail vectors and schemas the same day.
Open core or open spec?
Open spec. The PRML specification, the four reference implementations, the conformance vectors, the JSON Schema, and the MLflow plugin are all permissively licensed and will stay that way. The Pro subscription adds a hosted service around the open standard, not proprietary format features. A Sprint engagement adds the founder's time and a signed written deliverable, not proprietary format features.