For Saudi audit, law & professional firms

How to prove to a client their data never left your office when using AI

Ithbat guide·Arabic-first·Built in Saudi Arabia
Quick answer

A verbal assurance is not proof — real proof is a per-inference record showing that each AI prompt was classified, where it was processed, and that sensitive data never left your firm's hardware.

That record should be tamper-evident and hash-chained, so any later edit is detectable, and summarized into a report you can hand to the client. It demonstrates diligence with objective evidence — it is not a legal certification.

Why "we kept it in-house" no longer satisfies clients or regulators

Saudi audit, accounting, and law firms increasingly use AI tools to draft memos, summarize files, or answer questions on live client data. When a sophisticated client — a bank or a listed company — asks “did any of our data get sent to an outside AI service,” a partner's verbal reassurance is no longer a sufficient answer. Clients who understand the risk want to see how a firm actually processed their information, not just hear a promise about it.

This is not primarily a regulatory problem. It is a trust problem. A firm's reputation for confidentiality is a core asset, and when clients already question cloud AI use, “trust us” is a weak answer compared to a firm that can produce a record. The Kingdom's data protection framework, نظام حماية البيانات الشخصية (PDPL), and مكتب إدارة البيانات الوطنية (NDMO) guidance reinforce this expectation by focusing on how personal data is actually processed, not on assurances after the fact — but the underlying pressure is commercial before it is regulatory.

What real proof looks like: per-inference evidence

Proof starts at the level of the individual AI request, not the firm as a whole. Every time someone at the firm submits a prompt to an AI system, that single event should generate its own evidence — this is what “per-inference evidence” means. Instead of one blanket statement covering months of work, the firm has a record for every prompt, at the moment it happened.

A useful per-inference record captures:

Note what is deliberately excluded: the record itself should not need to contain the client's actual data or the content of the AI's answer to be useful as evidence. Metadata about how the request was handled is what proves the process; the underlying content stays where it always was — on the firm's own systems.

Why the record has to be tamper-evident, not just a log file

A plain log file is easy to edit, delete, or quietly regenerate after the fact — which means, on its own, it is only marginally more convincing than a verbal claim. If a firm could produce a “clean” log after a client complaint, the log proves very little.

The fix is a hash-chained structure: each record's hash is calculated to include the hash of the record before it. Change or remove any entry, and every hash after it fails to match, so the tampering is detectable rather than hidden. This is what “tamper-evident” means in practice — it does not require anyone to sign each record individually, and it is not the same claim as a legal signature. It simply means any break in that consistency is visible on inspection.

Tamper-evident is not the same as “signed” or “certified.” A hash chain shows that a sequence of records has not been altered after the fact. It does not, by itself, make the records a legal certification of compliance — that still depends on the firm's own policies, a lawyer's review, and, where relevant, a formal assessment against PDPL by a qualified assessor.

What a client confidentiality assurance report should contain

Individual records are the raw evidence; a client or a regulator will want a readable summary. A confidentiality assurance report built from per-inference evidence should include:

The practical steps to produce one

Producing this kind of evidence is not a one-time document; it is a byproduct of how the firm runs AI day to day. In practice, a firm needs to:

  1. Put a classification step in front of every AI request, before it reaches any model, local or cloud.
  2. Define the sensitive-data categories relevant to Saudi client work — national ID/Iqama, IBAN, VAT and CR numbers, and client financial records.
  3. Record each request's classification, processing location, and egress status automatically, without relying on staff to self-report.
  4. Store those records in a hash-chained sequence and periodically verify the chain has not broken.
  5. Generate a confidentiality assurance report per client engagement or reporting period, rather than only when a client asks.
  6. Share the report proactively — offering this evidence unprompted signals more confidence than producing it only under pressure.

What this proves — and how Ithbat does it

Be clear about the limits of this evidence. A per-inference, hash-chained record demonstrates that a firm has a disciplined, auditable process for classifying and routing AI requests, and gives objective evidence that sensitive data was kept on the firm's own systems. It is not a legal guarantee, and it is not a substitute for formal PDPL certification, which still requires the firm's own legal counsel and a qualified assessor. What it does is replace an unverifiable promise with something a client or regulator can actually inspect.

This is the specific problem Ithbat's Evidence Trace is built to solve. Ithbat classifies every prompt before processing it, keeps anything flagged as sensitive on the firm's own on-premise hardware as a hard guard — never offering it to any cloud provider — and generates a tamper-evident, hash-chained record for every single inference. Only metadata about how each request was handled is shared with the coordinator dashboard; prompt content and cloud API keys never leave the firm's node. That evidence rolls up into a bilingual Client Confidentiality Assurance report mapped to PDPL and NDMO, which a firm can hand directly to a client or regulator.

Frequently asked questions

Is a hash-chained record the same as a digital signature?
No. A hash chain makes tampering detectable by linking each record's hash to the one before it, but it does not involve signing individual records the way a digital signature does. The two serve different purposes, and Ithbat's Evidence Trace only makes the claim that its records are tamper-evident, not signed.
Does a confidentiality assurance report replace formal PDPL certification?
No. It is objective evidence of how AI requests were classified and processed, which supports a certification process, but formal PDPL alignment is confirmed through the firm's own legal counsel and a qualified assessor, not by the report alone.
What if our firm doesn't use AI on sensitive client data at all?
The same evidence is still useful, because classification — not assumption — is what determines whether a prompt was sensitive. A report that shows routine prompts were correctly identified and routed is itself part of the proof, alongside evidence that anything sensitive stayed on-premise.
Can this evidence be shown to a regulator, not just a client?
Yes. A confidentiality assurance report built on per-inference evidence and mapped to PDPL and NDMO principles is designed to be readable by both an internal client contact and an external regulator or auditor.
What happens if someone edits or deletes a record after the fact?
Because each record's hash depends on the one before it, altering or removing an entry breaks the chain from that point forward. Anyone verifying the chain later will see the break, which is what makes the record tamper-evident rather than simply a file that could be quietly edited.

See where your firm stands — in 60 seconds

Take the free self-check to see your client-confidentiality exposure band instantly. No sign-up needed to see your result.