What is VoltageGPU Confidential Chat?

A ChatGPT-style interface running inside Intel TDX hardware enclaves. Prompts and responses are encrypted in CPU memory at runtime and never leave the sealed Trust Domain. VoltageGPU cannot read user data, cannot log it, cannot train on it.

Do I need an account to try it?

No. Anonymous visitors get 3 free messages on Qwen3-32B-TEE without any signup, no credit card required. After the free trial, signup unlocks 50 free messages per month, Plus $20/mo unlocks 2000 messages with Qwen3-235B 262K context.

How is it different from ChatGPT Plus?

Same $20/mo price point but sealed in Intel TDX hardware. OpenAI trains on user data by default. VoltageGPU Plus cannot technically read user data — memory is encrypted with CPU-fused keys and even the hypervisor is outside the trust boundary. EU company (France, SIREN 943 808 824), native GDPR Article 28 DPA available.

Which TEE models are available?

3 models sealed in Intel TDX: Qwen3-32B-TEE (40K context, fast), Qwen3-235B-A22B-Instruct-2507-TEE (262K context, flagship, Plus/Pro), DeepSeek-R1-0528-TEE (163K context, reasoning model, Enterprise).

Can I use it for regulated work (legal, medical, finance)?

Yes. Beyond the generic chat, 8 specialized agents are available: Contract Analyst, Financial Analyst, Medical Records, Compliance Officer, Due Diligence, Cybersecurity, HR, Tax. GDPR Article 28, HIPAA, DORA, NIS2 ready. DPA available on request.

Yes — api.voltagegpu.com/v1 is OpenAI-compatible, pay-per-token starting at $0.15/M input tokens on Qwen3-32B-TEE. Drop-in replacement for the OpenAI SDK (change base_url).

Article 12 AI Act Logging TDX Attestation Live

ECDSA-signed quote per request · verifiable on /trust

Article 12 AI Act logging — automatic event logs from TDX.

What the article requires. What we sign. How to access the logs. Sample JSON below.

What the article requires

Automatic recording of events over the lifetime of the system.

Article 12(1) of the EU AI Act requires high-risk AI systems to technically allow for the automatic recording of events ("logs") over the lifetime of the system. Article 12(2) sets the purpose: identifying situations that may result in risks at the national level or substantial modifications, and facilitating post-market monitoring under Article 72. Article 14(4)(d) ties this evidence to human oversight.

Identification of situations that may result in risks
Substantial modifications detection
Post-market monitoring under Article 72
Support for human oversight under Article 14
Traceability across the full lifecycle
Logs accessible to competent national authorities

Sample attestation log

One signed quote per request — JSON-LD, exportable.

Each inference call produces an ECDSA-signed log entry bound to the enclave measurement and model version. The signature is verifiable against the Intel SGX/TDX root of trust. No plaintext input or output is stored — only SHA-256 hashes — keeping Article 12 logging compatible with Article 32 GDPR confidentiality.

attestation-log.jsonld

{
  "@context": "https://schema.voltagegpu.com/attestation/v1",
  "@type": "InferenceAttestationLog",
  "request_id": "req_01HQXKZ8E4Y5J7NM3R4D2P1F9V",
  "timestamp": "2026-08-12T14:23:07.412Z",
  "tenant_id": "tnt_a1b2c3",
  "model": {
    "name": "Qwen3-235B-A22B-Instruct-2507-TEE",
    "version": "2507.1",
    "weight_sha256": "9f1c...a3b7"
  },
  "enclave": {
    "platform": "Intel TDX",
    "mrenclave_analog": "0x7b4e2c9a...d5f1",
    "tcb_status": "UpToDate",
    "region": "eu-west-fr-1"
  },
  "io": {
    "input_sha256": "c4f2...91ab",
    "output_sha256": "08de...42c7",
    "input_tokens": 18342,
    "output_tokens": 1024
  },
  "oversight": {
    "human_in_the_loop": true,
    "approver_id": "usr_julien_aubry",
    "approval_method": "step_review",
    "approved_at": "2026-08-12T14:23:05.180Z"
  },
  "ai_act": {
    "annex_iii_category": "credit_scoring",
    "deployer_organization": "ACME Bank SA",
    "article_15_robustness_class": "high"
  },
  "signature": {
    "alg": "ECDSA-P384-SHA384",
    "value": "MEYCIQDh...Q==",
    "verifier_url": "https://app.voltagegpu.com/trust/verify"
  }
}

Retention

Configurable per workflow.

30 days

Low-risk workflows

Default for general-purpose copilots not in Annex III scope.

90 days

Standard default

Covers most regulated SaaS workloads under GDPR Art. 32 expectations.

365 days

High-risk regulated

Aligned with DORA, NIS2 and sectoral regulator expectations.

Extended

On request

For workflows under prudential or healthcare regulator long-term retention.

API access

Pull logs by request ID, time window or tenant.

Authenticated REST endpoints, scoped to your tenant. Pagination, filtering by Annex III category and approver identity. Bulk export as JSON-LD or CSV for audit submission. Verification endpoint at /trust/verify for independent signature checking.

# Fetch a single attestation log
GET /v1/attestation/logs/{request_id}

# Filter by time window and category
GET /v1/attestation/logs?from=2026-08-01&to=2026-08-12&category=credit_scoring

# Verify a signature independently
POST /trust/verify
Content-Type: application/jose+json

FAQ

What does Article 12 of the EU AI Act require?

Article 12 requires high-risk AI systems to allow for the automatic recording of events ('logs') over their lifetime. Logs must enable identification of situations that may result in risks at the national level, substantial modifications, and facilitate post-market monitoring under Article 72. Article 14(4)(d) ties Article 12 to human oversight.

What does a VoltageGPU attestation log contain?

Each log entry is a signed ECDSA quote bound to: request ID, enclave measurement, model version with weight checksum, RFC3339 UTC timestamp, tenant ID, approver identity (when human-in-the-loop is configured), and SHA-256 hashes of input and output. The signature is verifiable against the Intel SGX/TDX root of trust.

How long are logs retained?

Default retention is 90 days. Configurable to 30 days for low-risk workflows or 365 days for high-risk regulated workflows. AI Act Article 12(2) does not set a minimum retention but national authorities and sectoral regulators (DORA, NIS2) commonly require 6 months to several years. Contact us for extended retention.

Are inputs and outputs stored?

No plaintext input or output is stored. Only SHA-256 hashes go into the log entry, keeping Article 12 logging compatible with Article 32 GDPR confidentiality. If your workflow needs the actual content for audit, you can capture it on your side and bind it to our request ID.

Can a national authority verify a log without VoltageGPU?

Yes. The signature is ECDSA-P384 over the canonical JSON-LD entry, verifiable against the Intel attestation root of trust. The /trust/verify endpoint is public and stateless — anyone with the log entry can confirm authenticity.

Related compliance pages

EU AI Act compliance pillar

Article 12, 14, 15 and 32 obligations enforceable from 2 August 2026.

GDPR-compliant AI agents

Article 28 native DPA, Article 32 confidentiality.

DORA AI compliance

ICT third-party risk for banks, insurers and investment firms.

NIS2 AI compliance

Supply chain security and incident reporting.

Sovereign agentic AI

Vertical agents for legal, finance, regulated professionals.

Live attestation evidence