Open Arsenal

ProofLayer

The Internet’s Compliance Layer

ProofLayer is an open-source compliance infrastructure designed to make security and regulatory assurance continuous, automated, and verifiable. Instead of treating SOC 2 and SOC 3 compliance as periodic audits or static reports, ProofLayer embeds compliance directly into system operations. It continuously observes infrastructure behavior, validates security controls, and produces real-time evidence that organizations can use for audit readiness and public transparency.

At its core, ProofLayer transforms compliance into a living system. It continuously maps infrastructure signals—such as access logs, encryption status, deployment changes, and system uptime—to structured compliance controls aligned with frameworks like SOC 2 and SOC 3. This allows organizations to maintain always-on audit readiness rather than scrambling to prepare documentation before an external review.

One of ProofLayer’s key features is automated evidence collection. Instead of manually assembling audit artifacts, the system continuously gathers and organizes proof of compliance—such as authentication events, configuration states, security alerts, and availability metrics—into structured, auditable records. These records can then be compiled into SOC 2 evidence binders for auditors or transformed into simplified public summaries for SOC 3 transparency reporting.

ProofLayer also introduces a machine-readable transparency layer through its .well-known/compliance endpoint. This allows external systems, partners, and security tools to automatically query an organization’s compliance posture in real time. Combined with its public trust dashboard, ProofLayer enables a new model of organizational transparency where security and compliance are not hidden behind static PDFs, but are continuously verifiable and accessible.

Together, these features position ProofLayer as a foundational “compliance layer” for modern infrastructure—bridging the gap between security operations, audit requirements, and public trust through automation, standardization, and open-source design.

  • ProofLayer — An open-source continuous SOC 2 and SOC 3 compliance infrastructure designed to provide automated evidence collection, transparency dashboards, and machine-readable trust verification through the .well-known/compliance standard.