How is HVC different from SOC 2 for AI procurement?

SOC 2 verifies that an organization has implemented defined security processes. HVC verifies that the deployer's AI governance system produces evidence of governance quality. SOC 2 audits vendor controls. HVC audits AI governance controls and behavioral evidence. They are complementary, not substitutes.

What does HVC Gold mean in a vendor RFP?

HVC Gold means the AI system scored Φ ≥ 0.85 across all four BGF governance dimensions — Recognition, Calibration, Transparency, and Accountability — as assessed by an independent certified Guardian. The credential is cryptographic and verifiable through the HEART certification registry. The MIN function in the BGF formula means no single dimension can compensate for failure in another, so Gold certification requires strong governance performance across the board, not just on average.

Can HEART certification replace internal AI risk assessments?

No. HVC certification provides independent, standardized behavioral evidence about the AI system. Your internal risk assessment addresses how the system fits your specific regulatory context, data environment, and business processes. The two are complementary. HVC gives your risk team a verified baseline to work from; your internal assessment determines what that baseline means for your deployment.

For Enterprises

Procurement criteria for responsible AI

The HEART Verification Credential (HVC) gives enterprise procurement teams a standardized, independently reviewed governance signal for AI deployments. HVC tiers — Gold (Φ ≥ 0.85), Silver (Φ ≥ 0.80), Bronze (Φ ≥ 0.75) — translate the Behavioral Governance Formula’s four-dimension assessment into a market-legible signal suitable for vendor RFPs, supply chain governance, and board-level AI risk reporting.

The procurement gap

Enterprises buying AI systems face an information asymmetry: vendors self-report governance quality, and no independent standard exists to verify those claims. Voluntary commitments, corporate AI principles, and internal audits are all produced by the entity being assessed. Procurement teams are buying governance quality blind.

The HEART Standard closes this gap the same way that financial auditing closes the gap in accounting. An independent certified Guardian assesses the deployer’s governance system and behavioral evidence against the four BGF governance dimensions, producing a scored certification and cryptographic HVC credential that your procurement team can verify independently.

Why this survives model switching

Enterprise AI stacks change quickly. HEART certification attaches to the governance system: controls, evidence production, monitoring, model-change process, human oversight, and incident response. That means a vendor can swap the model inside a certified governance wrapper without forcing procurement to restart the entire certification question from zero. Material governance shifts still trigger review; routine model velocity becomes governable.

What HVC tells procurement teams

The BGF formula is Φ = MIN(R,C,T,A) × AVG(R,C,T,A). Four governance dimensions are each scored 0–1:

BGF Dimension	Procurement Question
Recognition (R)	Does the system recognize and respect user sovereignty in the domain it operates in?
Calibration (C)	Does the system adapt its behavior to the actual context, population, and conditions of use?
Transparency (T)	Can its governance-relevant decisions be traced and audited by an independent party?
Accountability (A)	Are mechanisms in place to detect harm, enable correction, and identify responsible parties?

The MIN function means a system cannot score Silver by excelling on three dimensions while failing on the fourth. Every certified system meets the threshold across all four. The tier tells you how strongly.

HVC versus SOC 2: complementary, not substitutes

SOC 2 audits organizational processes. It verifies that the vendor has implemented defined controls around security, availability, confidentiality, processing integrity, and privacy. It does not evaluate the AI system’s behavioral output.

HVC audits the AI system itself. A vendor can hold SOC 2 Type II certification while its AI system produces governance failures in deployment. HVC closes the gap SOC 2 doesn’t address. In your vendor assessment framework, you need both: SOC 2 for the vendor’s operational practices, HVC for the system’s behavioral governance quality.

Using HVC in RFPs

Enterprises can incorporate HVC certification into procurement requirements at two levels:

Threshold requirement. Require HVC Bronze (Φ ≥ 0.75) as a pass/fail procurement criterion for any AI system interacting with employees, customers, or sensitive data. This establishes a governance floor before commercial evaluation begins.

Differentiation criterion. Weight HVC tier in vendor scoring. A Gold-certified system provides stronger governance evidence than a Bronze-certified system. The Φ score itself is available for numerical comparison within tiers.

HVC credentials are cryptographically verifiable. Your procurement team can confirm the credential’s validity, issuing Guardian, assessment date, HVC tier, and applicable HEART Division directly through the certification registry — no vendor intermediary required.

Supply chain governance

Enterprise AI risk increasingly comes from the supply chain: AI components, APIs, and embedded systems that your vendors use. The same governance gap that exists for your direct AI deployments exists for every AI system upstream in your stack.

HVC procurement requirements cascade through supply chains when enterprises demand them from vendors, who demand them from their AI providers. The certification registry enables chain-of-custody governance: you can trace the HVC status of AI components through multiple layers of the supply chain, not just at the point of direct vendor contact.

The Behavioral Oracle continuous attestation layer means HVC certification is not a one-time snapshot. Certified systems are monitored on an ongoing basis. Certification status reflects current governance quality, not only the quality at the time of initial assessment.

The GTE strengthens this by proving that governance controls are running in the expected configuration instead of relying only on vendor assertions.

Risk management integration

HVC tiers integrate directly into enterprise AI risk registers. The four BGF dimensions map to standard risk categories:

BGF Dimension	Risk Category
Recognition (R)	User harm, consent violation, autonomy infringement
Calibration (C)	Misapplication, contextual failure, disparate impact
Transparency (T)	Regulatory non-compliance, audit failure, litigation exposure
Accountability (A)	Remediation failure, duty-of-care breach, systemic harm

The Trust Infrastructure Index provides a portfolio-level view of an organization’s AI governance posture across all deployed systems — a single metric for board-level AI governance reporting.

Regulatory alignment

HVC certification supports regulatory compliance across multiple frameworks simultaneously. The HEART Standard’s four-dimension assessment maps to EU AI Act Articles 9–15 (risk management, record-keeping, transparency, human oversight). As conformity assessment requirements take effect, enterprises with HVC-certified systems will have structured behavioral evidence ready for regulatory review — evidence produced by independent Guardians, not by the vendor under assessment.

For detailed EU AI Act mapping, see For Regulators.

Related: Adoption Engine and For Funders.

Contact: See the Contact page for Foundation inquiries.