vaaraio · vaaraio · May 31, 2026 · May 31, 2026 · May 31, 2026
@@ -6,6 +6,32 @@ and this project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.ht
 
 ## [Unreleased]
 
+## [0.48.0] - 2026-05-31
+
+**Theme: external time anchoring. The audit chain head can now be timestamped by
+a third-party authority, so the chain's existence is provable against an external
+clock even if the signing key is later compromised. This is the anti-backdating
+property the server-side signed execution-record SEP relies on.**
+
+### Added
+- External time anchoring for the audit hash chain (`vaara.audit.timeanchor`, new
+  `timeanchor` extra). `AuditTrail.anchor_head(client)` takes the current chain
+  head (already a SHA-256 digest) and obtains an RFC 3161 trusted timestamp over
+  it from an external Time-Stamp Authority. RFC 3161 underpins eIDAS qualified
+  electronic timestamps, so a qualified TSA makes this regulator-grade evidence
+  under EU AI Act Article 12. The token is verified on receipt and kept as a
+  `TimeAnchor`; verification is offline (`verify_anchor`,
+  `verify_anchor_over_records`) and binds the anchor to a specific record, so a
+  rewritten chain or a token over a different digest is rejected. The HTTP round
+  trip uses the standard library; only the ASN.1 and signature checks need the
+  extra. See `docs/sep/sep-server-execution-record.md`.
+
+### Changed
+- Public framing leads with EU AI Act runtime evidence and data sovereignty (runs
+  in your own environment, no SaaS, no telemetry) across the README, package
+  descriptions, MCP manifests, and vaara.io. The tamper-evident receipt stays the
+  mechanism, not the headline.
+
 ## [0.47.0] - 2026-05-31
 
 **Theme: tenant isolation across the evidence path. The reference server can no

@@ -14,13 +14,13 @@
   <a href="https://huggingface.co/spaces/vaaraio/vaara"><img src="https://img.shields.io/badge/%F0%9F%A4%97%20Hugging%20Face-Space-blue" alt="Hugging Face Space"></a>
 </p>
 
-Vaara is an open-source runtime evidence layer for AI agents. It sits in front of an agent's tool calls, decides whether each one is allowed, and writes a tamper-evident record of what happened. When you have to prove what an agent actually did, to an auditor, a regulator, or a customer, that record is the proof. Runs in your own environment. No SaaS, no telemetry.
+Vaara is the open-source runtime evidence layer for AI agents under the EU AI Act. It sits in front of an agent's tool calls, gates each one against your policy, and writes a tamper-evident record an outside party can verify. When a regulator, an auditor, or a public-sector buyer needs proof of what your agent actually did and why, that record is the answer. Runs entirely in your own environment. No SaaS, no telemetry.
 
-The original driver is EU AI Act compliance, but the same trail answers any "show me exactly what the agent did, and why" question.
+EU AI Act Article 12 record-keeping is the driver. The same trail answers any "show me exactly what the agent did" demand: procurement validation, incident reconstruction, SOC 2 evidence.
 
+- Article-level EU AI Act evidence report, honest about the gaps instead of rubber-stamping them.
+- Hash-chained, tamper-evident audit trail an outside party can verify without trusting your stack, with the chain head anchorable to an external trusted timestamp (RFC 3161 / eIDAS).
 - Gate every agent tool call against your own policy: allow, block, or escalate.
-- Hash-chained, tamper-evident audit trail an outside party can verify without trusting your stack.
-- Article-level EU AI Act evidence report, honest about gaps instead of rubber-stamping them.
 
 ## How it works
 
@@ -32,6 +32,21 @@ Every tool call an agent makes passes through Vaara before it runs:
 
 The scoring blends five expert signals and keeps adapting as outcomes come back, and each risk score carries a confidence interval with a coverage guarantee that holds regardless of the input distribution. Those are the properties an auditor can check independently; the math is in [Benchmarks](#benchmarks) and [docs/formal_specification.md](docs/formal_specification.md).
 
+### External time anchor
+
+The hash chain proves order and integrity but not *when* it existed: every timestamp comes from your own clock, so a compromised signing key could in principle be used to forge a backdated chain. Vaara can anchor the current chain head to an external RFC 3161 Time-Stamp Authority, the standard behind eIDAS qualified electronic timestamps. The authority signs the chain head and the time, so the chain's existence is provable against a clock you do not control. Verification is offline.
+
+```bash
+pip install 'vaara[timeanchor]'
+```
+
+```python
+from vaara.audit.timeanchor import RFC3161TimeAnchorClient
+
+# Periodically, or after a batch of high-risk actions:
+trail.anchor_head(RFC3161TimeAnchorClient("https://freetsa.org/tsr"))
+```
+
 ## Install
 
 ```bash

@@ -1,8 +1,8 @@
 {
   "name": "@vaara/client",
-  "version": "0.47.0",
+  "version": "0.48.0",
   "mcpName": "io.github.vaaraio/vaara",
-  "description": "TypeScript client for the Vaara HTTP API. Conformal risk scoring, hash-chained audit, policy reload, named detectors.",
+  "description": "TypeScript client for the Vaara HTTP API: EU AI Act runtime evidence for MCP tool calls. Conformal risk scoring, policy gating, hash-chained tamper-evident audit, named detectors.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "exports": {