Why does AI memory need a standard?

AI agents now write to memory layers that hold customer data, regulated content, and decision history. Every regulatory regime that already covers data (GDPR, EU AI Act, HIPAA, PIPL, PIPEDA) applies to that memory. Without a standard, every vendor's memory layer is a separate audit, a separate erasure surface, and a separate lock-in risk.

What are the consensus requirements for an AI memory standard?

Ten requirements converge from regulation, security frameworks, and open protocols: user-held key custody, cryptographic erasure with proof, tamper-evident audit trail, open cross-tool protocol, encryption at rest and in transit, polymorphous data shapes, revocable scope-bound sharing, distributed-agent coordination, one-protocol-every-client, and independent verifiability.

Why is SAIHM the most complete public candidate to be that standard?

SAIHM is the only public AI memory protocol we are aware of that satisfies all ten of the consensus requirements today. It is Apache 2.0, exposed via Model Context Protocol, encrypted under user-held keys, cryptographically erasable in a GDPR-Article-17-defensible way, and continuously anchored on a public chain for independent verification.

What does a CISO get on day one with SAIHM?

A 90-day audit-trail export, a verifiable erasure receipt, encrypted storage under organisation-held keys, scope-bound sharing with revocation, and zero new infrastructure to operate. Implementation is a five-step quickstart; the same protocol runs in every MCP-capable AI client your teams already use.

AI memory needs a standard. SAIHM already meets it.

2026-05-18 · SAIHM · ~7 min read · for CEO, CISO, and technical leadership

Your AI agents are already writing to memory. Some of what they write is regulated data, some is decision history, some is intellectual property. Every regime that covers data — GDPR, the EU AI Act, HIPAA, PIPL, PIPEDA — covers that memory the moment it is written. Today, most organisations are accumulating that memory across half a dozen incompatible vendor surfaces, with no shared way to audit it, erase it, or move it.

The market needs an AI memory standard. This post does three things. First, it lays out the honest current landscape. Second, it states the consensus requirements an AI memory standard must satisfy — derived from active regulation, established security frameworks, and the open protocols that are already winning in the AI tooling layer. Third, it makes the case that SAIHM is the most complete public candidate to be that standard, and shows how to evaluate the claim yourself.

Internal metric, disclosed up front: since we built SAIHM and adopted it on our own workloads, our token spend dropped 80 percent and our productivity rose roughly 5x. That is the operating-cost case. The compliance case is in this post.

1. The AI memory landscape today (honest read)

Four categories of solution dominate. None of the first three was designed to be a standard.

Category	Examples	Who holds the key?	Cross-tool portable?	Erasure with proof?	Built-in audit trail?
Vendor-native memory features	OpenAI memories, Claude memory, Gemini personalisation, in-app "save this"	Vendor	No	No	No (vendor logs only)
Hosted memory SaaS	Mem0, Letta, Zep	Vendor (operator)	Limited (per integration)	No (delete is not erasure)	Partial
Self-operated vector databases	Pinecone, Weaviate, Chroma	You (but you operate the DB)	You build it	You build it	You build it
Open protocol AI memory	SAIHM	You (user-held wallet key)	Yes (Model Context Protocol)	Yes (cryptographic, on-chain receipt)	Yes (every operation, by default)

Each of the first three categories ships real value — conversational continuity, hosted convenience, similarity search. None was designed to be the durable, regulator-defensible memory layer your AI agents will be operating in for the next decade. None offers all of: user-held keys, cross-tool portability, cryptographic erasure, and a tamper-evident audit trail. SAIHM does.

2. The consensus requirements an AI memory standard must meet

Ten requirements converge from active regulation, security frameworks, and the AI-tooling open protocols. They are not optional for any organisation already covered by data law.

The sources of the consensus. The list below is the intersection of obligations and norms that practitioners are already operating against:

GDPR Article 17 — right to erasure, including data held by automated decision systems.
EU AI Act (Regulation 2024/1689) — logging, traceability, and human-oversight requirements for high-risk AI systems; phased application through 2027.
NIST AI Risk Management Framework 1.0 (January 2023) — provenance, auditability, and incident-response expectations.
ISO/IEC 27001:2022 — cryptographic key management, access control, and audit logging controls.
HIPAA, PIPEDA, PIPL, LGPD — sectoral and regional privacy regimes with similar erasure and audit obligations.
Model Context Protocol (open spec, multi-vendor adoption) — the de-facto interoperability surface for AI memory tools across Claude, ChatGPT bridges, Cursor, Continue, and custom agents.
Operational reality — organisations running heterogeneous AI fleets need one memory layer across many clients to avoid an integration-and-audit explosion.

The ten requirements. Any AI memory layer that aspires to be a standard must satisfy all of them:

User-held key custody. The encryption key sits with the data subject (or their organisation), not the vendor. Vendors cannot read what they cannot decrypt.
Cryptographic erasure with proof. A forget operation destroys the key, leaves the ciphertext mathematically unreadable, and produces an independently verifiable receipt — the GDPR-Article-17-defensible posture.
Tamper-evident audit trail. Every write, recall, share, and erasure is logged to a surface neither operator nor user can silently rewrite. This is the regulator-facing artefact.
Open standard, cross-tool portability. The same memory protocol works across every AI client an organisation uses, today and after the next vendor change.
Encryption at rest and in transit. Ciphertext-only storage; ciphertext-only egress. No plaintext at any node the user does not control.
Polymorphous data shapes. Tables, JSON, key-value records, prose, transcripts, and binary references in one protocol. Input one shape, request another; the cell does not care.
Revocable scope-bound sharing. Per-record sharing with time bounds, mode bounds, and one-prompt revocation. No blanket access.
Distributed-agent coordination. Multiple AI agents — across regions, fleets, or supply chains — can share live memory state with cryptographic access control. Single source of truth without manual sync.
One protocol, every client. A single integration surface for the whole AI fleet. Minimises engineering cost, audit cost, and incident-response surface area.
Independent verifiability. Open source, public-chain anchors, and reproducible builds. No "trust us" claims; every assertion is testable by a third party.

3. SAIHM, requirement by requirement

SAIHM is the only public AI memory protocol we are aware of that satisfies all ten requirements today. Each line below is independently verifiable.

Requirement	SAIHM mechanism	How to verify it yourself
1. User-held key custody	ML-DSA-65 wallet-derived keys; HKDF identity chain anchored to the holder's wallet. SAIHM the operator never holds the user's decryption key.	Inspect the open-source key-derivation code; verify wallet ownership on COTI V2 mainnet.
2. Cryptographic erasure with proof	Forget operation destroys the Data Encryption Key, writes a tombstone, blacklists the CID, and anchors the destruction event on the public chain.	Read the tombstone receipt on cotiscan.io; the original ciphertext becomes mathematically unreadable.
3. Tamper-evident audit trail	Every SAIHM operation anchors a signed receipt on COTI V2 mainnet (chain ID 2632500). Regulator-grade evidence by default.	Pull the audit-trail export from `saihm_status`; cross-check each receipt on the public explorer.
4. Open standard, cross-tool portable	Eight MCP tools cover the whole protocol surface. Same prompts work in Claude Code, Claude Desktop, ChatGPT (via MCP bridge), Cursor, Continue, and custom agents.	Connect any MCP-capable client to the SAIHM endpoint; the same eight tools appear.
5. Encryption at rest + in transit	Per-cell encryption before egress; shard-distributed ciphertext across Filecoin and IPFS. No plaintext leaves the user's machine.	Inspect the write-path code; pull a ciphertext shard from Filecoin directly — it is unreadable without the user's key.
6. Polymorphous data shapes	Cells hold structured (tables, JSON, key-value) and unstructured (prose, transcripts, descriptions) content in the same protocol. Input one form, request output in another.	Run `saihm_remember` on a CSV; `saihm_recall` for the same content as a paragraph; the cell does not care about shape.
7. Revocable scope-bound sharing	Three sharing modes (temporary ≤ 24h, permanent, syndicate). One-prompt revocation. Per-record, not per-account.	Issue a share, revoke it, watch the on-chain revocation event land within one block.
8. Distributed-agent coordination	Multiple AI agents holding a share read and write the same live SAIHM cells. Fleet robotics, autonomous drones, multi-region trading agents stay in sync without manual exchange.	Connect two agents to the same share contract; observe state changes propagate via SAIHM, not via a private side channel.
9. One protocol, every client	One Model Context Protocol server; one configuration block; works in every MCP-capable AI client. No per-vendor integration.	Compare the MCP config blocks across your tools; the SAIHM block is identical.
10. Independent verifiability	Apache 2.0 source; npm package `@saihm/mcp-server`; listed on Glama and Smithery MCP registries; build commitments anchored on a public chain.	Clone the source, run the test suite, compare your build hash to the on-chain anchor.

4. The CISO checklist

Paste this into your next AI memory RFP, regardless of the vendor you are evaluating. Any vendor that scores fewer than 10/10 is a partial solution that will compound audit cost and lock-in risk.

Can your organisation hold the decryption key, with the vendor unable to decrypt without you?
Can the vendor produce a cryptographic erasure receipt for a single record, independently verifiable on a public surface?
Is every read, write, share, and erasure recorded on a tamper-evident audit surface neither the vendor nor the user can silently rewrite?
Does the same memory protocol run in every AI client your teams use today and the one they will pick next year?
Is all data encrypted at rest and in transit, with no plaintext outside your control?
Can a single memory cell hold structured and unstructured data, and serve it back in either shape on demand?
Can you grant scope-bound, time-bound, revocable access on a per-record basis from a single prompt?
Can a fleet of AI agents share live memory state with cryptographic access control, without manual sync?
Is the integration surface a single protocol across the whole AI fleet, not a per-tool integration?
Is the implementation open source, with public-chain build anchors and a third-party-runnable test suite?

SAIHM answers yes to all ten. The honest result of running this checklist across the rest of the market today: vendor-native scores 0–2, hosted SaaS scores 2–4, self-operated vector DBs score 3–5 (everything you build yourself). The 4–7 point gap is your audit cost, your lock-in risk, and your incident-response surface area.

5. Two SAIHM operations a CISO will care about on day one

These are the two prompts your team can run within the first hour of adopting SAIHM. Both are paste-ready into any MCP-capable AI client.

The audit-trail export

Use SAIHM to export the audit trail for the
{department-or-system} workload, last 90 days.
Format as a CSV suitable for the risk committee.

You get a tamper-evident, public-chain-anchored record of every memory operation your AI agents ran in the period. Bring it to the next risk meeting. Most incumbent memory vendors cannot produce this artefact at all; SAIHM produces it by default.

The verifiable erasure

Use SAIHM to forget all cells tagged
{data-subject-id}. Produce the destruction receipt
and the public-chain anchor for legal review.

This is your GDPR-Article-17-defensible posture in one prompt. The cell's encryption key is destroyed; the ciphertext is mathematically unreadable; the destruction event is anchored on a public chain. Counsel can verify the receipt independently.

6. Adopting SAIHM as your AI memory standard

Join SAIHM at /join. Five-step quickstart (wallet, USDC.e, connect, say "Join SAIHM", verify). PAYG and paid tiers available; see /pricing.
Run an audit-trail export on a small SAIHM workload within the first hour. Present the artefact at your next risk meeting.
Run the CISO checklist on your incumbent memory tool side-by-side with SAIHM. The standard wins on paper before it wins in production.
Scale. Recommended pattern for multi-agent deployments: one fresh empty wallet per AI Agent (memories are bound to the wallet that wrote them; per-agent wallets contain blast radius and produce per-agent audit trails). Setup guide on the quickstart.

SAIHM does more than every alternative and asks less of the organisation. One protocol. User-held keys. Cryptographic erasure with public-chain proof. The CISO checklist passes; the CFO benefits from the 80 percent reduction in token spend and roughly 5x productivity lift on the same workloads.

Join SAIHM

Still have questions? The SAIHM chatbot at the bottom-right of this page answers immediately — including regulatory citations, architecture details, and pricing comparisons. Ask before you talk to your team.

Independence notice. SAIHM is an Apache-2.0 protocol authored independently. It is not affiliated with OpenAI, Anthropic, Google, Perplexity, Mem0, Letta, Zep, Pinecone, Weaviate, Chroma, or any AI client or vendor named in this post. References to those vendors describe publicly observable product characteristics, not endorsements or disparagements. The 80 percent token-spend reduction and ~5x productivity uplift are internal metrics measured by the SAIHM author team on their own workloads since adopting SAIHM, and will vary by usage pattern. Regulatory citations (GDPR, EU AI Act, NIST AI RMF, ISO/IEC 27001, HIPAA, PIPEDA, PIPL, LGPD) are correct as of publication; consult counsel for application to your jurisdiction.