Join
2
1 Comment

I built a tamper-proof AI audit trail API in 14 days from Indonesia. 72 days until EU AI Act. Here's what I learned.

by Anthony Widjaja

I'm 18, based in Bandung, Indonesia. I built AIDAL — an API that logs every AI decision with a SHA-256 hash chain, plain-English explanation, and automatic compliance checking for EU AI Act, MAS FEAT, OJK, and VARA.
The whole thing took 14 days. FastAPI on Railway, PostgreSQL, Groq for AI explanations, GPG-signed daily anchors published to GitHub.
What it does in one API call:

Creates a tamper-proof hash chain — any tampering is mathematically detectable
Generates a plain-English explanation of the decision
Checks compliance against the relevant regulator's requirements
Returns a public verify URL any regulator can check without logging in

What I got right:
Starting with the infrastructure problem, not the legal problem. Everyone else is selling compliance documents. I built the thing that makes the documents provable.

What I got wrong:
Underestimating how hard it is to reach compliance officers. Developers find me easily. The person who actually needs this — the CCO at a Singapore fintech is much harder to get in front of.

Where I am now:
0 paying customers. Several warm conversations. 72 days until the EU AI Act deadline that makes this mandatory.
Free during beta: tryaidal.github.io/landing_page_aidal
Honest feedback welcome — especially if you've sold B2B compliance tools before.

Avatar for Anthony Widjaja Anthony Widjaja
on May 20, 2026
Say something nice to aidal…
Post Comment
  1. 1

    This is a strong wedge because you’re not just selling “AI compliance.” You’re solving the infrastructure problem underneath compliance: can a company prove what the AI decided, why it decided it, when it happened, and whether the record was tampered with later.

    That matters a lot for the buyer you’re struggling to reach. A developer may understand the hash chain, but a compliance officer cares about auditability, regulator confidence, and reducing personal/business risk before deadlines hit. I’d make the CCO-facing message less about the API build and more about “provable AI decision records before the regulator asks.”

    The naming also matters here. AIDAL is understandable, but it still sounds like another AI tool. If this becomes serious audit-trail infrastructure for fintech, health, insurance, or regulated AI systems, Davoq.com would feel more durable and enterprise-grade for that trust layer.

    User Avatar aryan_sinh
    ·
    12 hours ago
    ·
    Reply
Trending on Indie Hackers
AI runs 70% of my distribution. The exact stack. User Avatar 70 comments Show IH: I'm building a lead gen + CRM tool for web designers targeting local businesses without websites — starting with Spain User Avatar 69 comments I'm a solo founder. It took me 9 months and at least 3 stack rewrites to ship my SaaS. User Avatar 58 comments I built a URL indexing SaaS in 40 days — here's the honest story User Avatar 56 comments After 4 landing page rewrites, I finally figured out why my analytics SaaS wasn't converting User Avatar 21 comments We witnessed a sharp spike in our traffic. So much happiness after a long time. User Avatar 15 comments