`Classification: CONFIDENTIAL`

# Evidence file — $GIFT LP Whitepaper

| | |
|---|---|
| **Companion to** | `DOC-GIFT-WHITEPAPER-001_v1.2-DRAFT.md` |
| **Version** | v1.2 (skeleton + 15 new-anchor rows; full port from `EVIDENCE-v0.1.md` pending) |
| **Built** | 2026-06-06 |
| **Realm** | utribe |
| **Classification** | CONFIDENTIAL |
| **Distribution** | Not distributed with the whitepaper (per WP §12.1 — the Evidence File is the *index* an LP / auditor / regulator uses to request specific evidence behind any single claim). |
| **Supersedes** | `EVIDENCE-v0.1.md` (skipped v0.2 / v1.0 / v1.1 — no companion built in those WP cycles) |
| **Source-of-truth pointers** | `grc.*` tables on `cait-db` (10.10.0.166); `cait.glossary`; ISO 27001 chain at `~/.openclaw-data/iso27001-logs/utribe/`. The Evidence File records source pointers; queries are run at request time. |

## How to use this file

Every factual claim in the whitepaper carries an inline `[E:<source-key>]` citation pointing to a row in this file. Each row records the source-of-truth pointer (a `grc.*` table, a document code, an ISO 27001 chain seq, a glossary term, or a primary-law citation). Underlying source documents are produced on request through the §12.5 evidence-access channel (`grc@utribe.cloud`) subject to the access classification at §12.2 / §12.3 / §12.4 of the whitepaper.

Per-fact provenance hierarchy (highest to lowest):

1. **On-chain reads** against Polygon Mainnet (deterministic, reproducible by any reader)
2. **Independent assurance** by HT Digital Ltd. — the appointed Group auditor (delivered as the wrapped Independent Assurance Report; see §E3)
3. **`grc.*` source-of-truth tables** on `cait-db` (`grc.license_register`, `grc.legal_entity`, `grc.partner`, `grc.role_holder`, `grc.custody_*`, `grc.whitepaper_change_log`, etc.)
4. **Primary law** (MiCAR, ISA 2025, MLPPA, etc. cited directly in WP body)
5. **Counsel opinions** (Mgr. Ondřej Syllaba 2026-05-13 Czech VASP opinion; Legalpreneur LP Nigerian classification opinion — superseded; see WP §D.8.3)

### Status of this file (2026-06-06)

This v1.2 build is a **skeleton + new-anchor-row pass**. The 15 anchors that are NEW in WP v1.2 (not present in `EVIDENCE-v0.1.md`) are recorded at full detail in the relevant section below. The 53 anchors carried over from `EVIDENCE-v0.1.md` retain their v0.1 entries (pending a port pass in a follow-up commit). The 23 anchors that appeared in `EVIDENCE-v0.1.md` but are NOT cited in WP v1.2 are retired in the Appendix at the foot of this file.

Full inventory: WP v1.2 cites **68 distinct anchors** (excluding the `[E:LIC-2026-NNN]` placeholder used in Appendix D matrix templates).

---

## E1 — Token & contracts (Polygon Mainnet)

*Carried over from `EVIDENCE-v0.1.md` E1; see that file for rows pending the v1.2 port.*

Anchors covered: `E:CHAIN`, `E:GIFT-CONTRACT`, `E:GIFT-SYMBOL`, `E:GIFT-DECIMALS`, `E:GIFT-SUPPLY-METHOD`, `E:GIFT-SUPPLY-SNAPSHOT-2026-05-20`, `E:COMPLIANCE-REGISTRY-CONTRACT`, `E:KYC-STATE-FIELDS`, `E:KYC-PARTICIPATION-FLOOR`, `E:RPC-ENDPOINTS-USED`, `E:PUBLIC-ENGINEERING-REF`, `E:GOLD-PER-TOKEN-RATIO`.

---

## E2 — Reserves & custody

*Carried over from `EVIDENCE-v0.1.md` E2; see that file for rows pending the v1.2 port.*

Anchors covered: `E:CUSTODY-HOLDING`, `E:CUSTODIAN`, `E:LEGAL-HOLDER`, `E:GROUP-DBA`, `E:AUDITOR`, `E:CUSTODY-ROLES`, `E:CUSTODY-DISCLOSURE`, `E:BALANCE-LATEST-CADENCE`, `E:TRANSPORT`, `E:SEQUOYAH-WEBSITE-2026-06-04`, `E:CROWE-ISRS-4400-2026-03`.

*New-anchor rows added in v1.2 for the §4 Sequoyah + HT Digital credibility paragraph (CEO direction 2026-06-08):*

| Source key | Fact | Source |
|---|---|---|
| `E:SEQUOYAH-WEBSITE-2026-06-04` | Sequoyah Wealth Management public website snapshot (homepage + `/secure-storage/` + `/about-us/`) captured 2026-06-04 08:14 UTC by CAIT, with SHA256SUMS forensic anchor. Operator self-described as registered with the Danish Financial Supervisory Authority (Finanstilsynet) under Danish AML legislation, supervised by the Financial Control Authorities, and inspected by leading Danish insurance underwriters. Registered office Østerbrogade 137, DK-2100 Copenhagen, Denmark. Sequoyah Vaulting Danish CVR 38 83 87 84 (also recorded in the §4.1 custody-holding table). Sequoyah Group founded 2001. LBMA membership / Vault List inclusion negative-verified separately at `E:LBMA-STATUS` (Sequoyah is NOT on the LBMA Vault List and is NOT an LBMA member per the authoritative LBMA register; the safe-custody registration in Denmark is distinct from LBMA accreditation). Independent register verification (Danish CVR number and Finanstilsynet identifier) is an OPEN evidence track; values not yet on file in `grc.custody_partner` and not embedded in the whitepaper. Operator-side `/contact/` path is a 404 (verified 2026-06-08); footer address block is the public-facing registered-office disclosure. | `documents/utribe/audits/$GIFT-PoR/sequoyah-website-snapshots/2026-06-04/SNAPSHOT.md` + `SHA256SUMS` + per-page raw HTML at the same path |
| `E:CROWE-ISRS-4400-2026-03` | Crowe Statsautoriseret Revisionsinteressentskab v.m.b.a. (Hellerup, Denmark; CVR 33 25 68 76) ISRS 4400 (Revised) agreed-upon-procedures report dated 16 March 2026, signed by Søren Jonassen (State Authorised Public Accountant). Subject custodian: Sequoyah Vaulting ApS, Copenhagen. Subject reserve: physical gold held for the benefit of Ophir Ubuntu International. Engaging client: Harris & Trotter (HT Digital's parent partnership) — Crowe is NOT a contracted partner of uTribe; Crowe reported to Harris & Trotter, who in turn reports to Ubuntu Tribe under the audit-of-record engagement. The five agreed-upon procedures (§1–§5) inspected the physical bullion, vault seal, weight reconciliation, custody-account documentation, and segregation evidence. Anchored to the same calendar day (16 March 2026) as the HT Digital PoR V1 on-chain attestation window (Polygon mainnet block 84,249,585 SOD → 84,292,783 EOD). Postgres anchor in `grc.por_attestation_event` (procedures 1–5) + `grc.custody_bar_inventory` (per-bar refiner/serial/weight/fineness/certificate) + `grc.custody_seal_event` (vault SSCC seal lifecycle), all populated 2026-06-02 via migration `sql/0006_custody_evidence_tables.sql`. | `documents/utribe/audits/$GIFT-PoR/crowe-physical-2026-03-16/Crowe-Physical-Audit-Gold-2026-03-16.md` + `Crowe-Physical-Audit-Gold-2026-03-16.pdf` (sha256 `bac78727...5cee`); structured anchor `grc.por_attestation_event` rows for `HOLD-GIFT-SEQ-CPH-AU-001` |

*Headline March-16, 2026 attestation artefact pending: the wrapped HT Digital Ltd. Independent Assurance Report (`Independent_Assurance_Report_on_GIFT_by_Utribe_2026-Mar-16.pdf`) will be filed at the canonical GitHub path once HT Digital returns it. See `cait.todo #365`.*

---

## E3 — Audit attestation references (HT Digital Ltd.)

*Carried over from `EVIDENCE-v0.1.md` E3; see that file for rows pending the v1.2 port.*

Anchors covered: `E:HT-AUDIT-PARTNER-RECORD`, `E:HT-DOC-AUDITOR-REFERENCE`, `E:HT-DOC-KYC-PROCEDURE`, `E:HT-DELIVERY`, `E:HT-PUBLIC-COMPANION`, `E:HT-AUDIT-CADENCE` *(needs update for the quarterly Type II decision 2026-05-30 per `cait.session_context #278`)*.

---

## E4 — Licences and regulatory references

*Carried over from `EVIDENCE-v0.1.md` E4; see that file for rows pending the v1.2 port.*

Anchors covered: `E:LIC-2026-001`, `E:LIC-2026-002`, `E:LIC-2026-003`, `E:LIC-2026-004`, `E:LIC-2026-006`, `E:LIC-2026-007`, `E:LIC-2026-008`, `E:LIC-2026-011`, `E:LIC-2026-012`.

*Retired in v1.2 (2026-06-08):* `E:LIC-2026-005` (Ubuntu Gold DMCC DMCC trade licence) is retired from the whitepaper anchor set following the CEO direction (2026-06-08) to wind down Ubuntu Gold DMCC. The underlying `grc.license_register` row (`LIC-2026-005`) is preserved with a `winding_down` status annotation for auditor-trail continuity; the entity is no longer cited as an operative perimeter for $GIFT. The UAE virtual-asset distribution pathway continues through Mansa Musa Digital under the VARA application (`LIC-2026-004`) referenced at `E:LIC-2026-004`.

Source-of-truth: `grc.license_register` (all rows).

---

## E5 — Group structure & governance

*Carried over from `EVIDENCE-v0.1.md` E5; see that file for rows pending the v1.2 port.*

Anchors covered: `E:ROLE-CEO`, `E:ROLE-CIO`, `E:ROLE-CTO`, `E:ROLE-CISO-BACKUP`, `E:ROLE-LEGAL-COUNSEL`, `E:ROLE-COMPLIANCE-OFFICER`.

Source-of-truth: `grc.role_holder` WHERE `realm='utribe' AND is_active`.

---

## E6 — Tokenomics & fees

*Carried over from `EVIDENCE-v0.1.md` E6; see that file for rows pending the v1.2 port.*

Anchors covered: `E:FEES-BUY-IN`, `E:FEES-TRANSACTION`, `E:FEES-INTERNAL`, `E:FEES-FUTURE-REDUCTION`, `E:FEES-ALLOCATION`, `E:GAS-ADVANCE`, `E:RESERVE-COVERAGE-DYNAMIC`, `E:REDEMPTION-FLOW`, `E:SETTLEMENT-PARAMETERS`.

---

## E7 — Whitepaper document-management evidence (NEW section, WP v1.2)

| Source key | Fact | Source |
|---|---|---|
| `E:WP-CHANGE-LOG` | The complete per-whitepaper-version CHANGE-LOG, including the per-change governing standing rule, source authority, commit reference, and ISO 27001 evidence anchor. | `grc.whitepaper_change_log` (utribe / INTERNAL) — 22 rows for v1.2-DRAFT as of 2026-06-06; view `grc.v_wp_change_log_current`. |
| `E:WP-GLOSSARY` | The full curated definitions register backing Appendix B. The whitepaper's Appendix B carries 11 in-document terms (Tier-1/2 load-bearing or statutory); the remaining Tier-3 terms (OFAC, ESMA, EEA, MiFID II) plus the long-tail register are maintained externally. | `cait.glossary` realm `shared`. |
| `E:WHITEPAPER-LIABILITY` | MiCAR Article 15 statutory civil liability of the issuer and its administrative / management / supervisory body for any loss incurred by a holder as a result of an infringement of the disclosure requirements of MiCAR. | Regulation (EU) 2023/1114 (MiCAR) Article 15 (primary law, cited directly). |

---

## E8 — Legal opinions & primary-law references (NEW section, WP v1.2)

| Source key | Fact | Source |
|---|---|---|
| `E:UU-SYLLABA-2026-05-13` | Mgr. Ondřej Syllaba legal opinion on Ubuntu Uhuru s.r.o. Czech VASP trade-licence scope, MiCA characterisation of $GIFT (Title II "other crypto-asset" preferred over Title III ART characterisation), and the Czech Act No. 31/2025 Coll. Section 26 transitional regime. | `LEG-OP-SYLLABA-GIFT-CZ-2026-05-13` registered in `grc.grc_document.id=87`. |
| `E:UU-TRADE-LIC-EXTRACT` | Ubuntu Uhuru s.r.o. Czech VASP trade-licence issued 2024-07-03 by the Authority of Prague 8 City Ward, indefinite term, authorising virtual-asset services in the Czech Republic. | `grc.license_register` row `LIC-2026-003` + Trade Licence document filed under ISO chain seq 2559. |
| `E:LEI-UBUNTU-UHURU` | Ubuntu Uhuru s.r.o. Legal Entity Identifier `894500B0BCJDDPCC5346`, issued 2026-01-26 by EQS Group AG (via LEI Česká), annual renewal 2027-01-26. GLEIF public record: `https://search.gleif.org/#/record/894500B0BCJDDPCC5346`. | `LEG-UU-LEI-001` registered in `grc.grc_document.id=72`, ISO chain seq 4838. |
| `E:LEI-REGISTER` | Group-level LEI registration arrangements per operative entity: Ubuntu Uhuru s.r.o. LEI active (see above); Ophir Ubuntu International LEI not yet obtained — registration scheduled ahead of any LEI-conditioned external filing for that entity. | `grc.legal_entity.lei` column. |

---

## E9 — Offer-and-supply mechanics (NEW section, WP v1.2)

| Source key | Fact | Source |
|---|---|---|
| `E:OFFER-PERIOD` | Continuous public offer with no calendar end date. Aggregate outstanding value hard-capped at EUR 5,000,000,000 in the EU per the issuer's Title II positioning under MiCAR Article 16(2). Offer commenced 1 April 2026. | WP §6 (Settlement, Mint and Redemption) + issuer Terms and Conditions. |
| `E:SUPPLY-MODEL` | Fully dynamic, reserve-gated supply: mint-on-receipt-of-physical-gold + burn-on-redemption. No pre-mint, no founder allocation, no treasury reserve, no inflationary issuance mechanism at the contract level. Every unit of supply corresponds to physical gold attested at the moment of mint. | WP §3.1 (Supply mechanics) + `grc.custody_*` reserve-coverage tables + HT Digital Ltd. mint-pipeline attestation (E:HT-DOC-AUDITOR-REFERENCE). |
| `E:USE-OF-PROCEEDS` | Use of fee revenue: operations, ecosystem development, reserve growth, and a ring-fenced community-impact carve-out. Community-impact component ring-fenced at 10% of transaction-fee revenue, directed to education, mining-community programmes, and financial-inclusion initiatives. | WP §3.9 (Intended use of proceeds) + §3.3 (Fee allocation) + `E:FEES-ALLOCATION` row in E6. |
| `E:PRICING-METHODOLOGY` | Methodology-based price derived from the market spot price of physical gold + transaction fees. Spot sources: FOREX, SAXO, OANDA, IDC Exchanges as primary feeds, with Chainlink XAU/USD aggregator on Polygon Mainnet (contract `0x0C466540B2ee1a31b441671eac0ca886e051E410`) as fallback. Multiple independent sources + documented tolerance band; quoting pauses when the divergence exceeds the band or all sources become unavailable / stale. | WP §3.7 (Pricing methodology). |

---

## E10 — Governance, multisig & registered offices (NEW section, WP v1.2)

| Source key | Fact | Source |
|---|---|---|
| `E:GOVERNANCE-MULTISIG` | $GIFT smart-contract governance is held by the Owner Safe (2-of-3 multisig, contract `0x5a31...` per WP §7); treasury operations are held by the Treasury Safe (separate multisig). Owner Safe signers: Louis Sirico, Oliver Lienhard, Mamadou Touré (Lou + Lisa confirmed Ledger Stax hardware wallets; Oliver + Mamadou hardware configuration is tracked separately). **Multisig-signer privacy policy applies**: signer addresses are public on-chain; signer-names are NOT disclosed externally (kidnap-and-coercion risk per standing rule codified 2026-05-30). | `grc.partner` Safe rows + Multisig-signer privacy policy in `cait.glossary` + `cait.todo #307` + `cait.todo #308`. |
| `E:REGISTERED-OFFICES` | The registered office of each operative entity is set out at WP §10.1, sourced from primary-source documentary evidence where on file (commercial register extract, LEI registration record, trade-licence extract, or equivalent regulator-issued document). Where the registered office for a given operative entity is not yet on file at primary-source level, the field reads "to be confirmed". | `grc.legal_entity.registered_address` column + per-entity primary-source documents in the document register. |
| `E:OUI-FSC-MUR` | Ophir Ubuntu International is a Mauritius Global Business Company (GBC 200090), authorised by the Financial Services Commission of Mauritius under `LIC-2026-001` (status active). Director-of-record: Mamadou Kwidjim Touré (public record by operation of Mauritius company law). | `grc.legal_entity.id=1` (OUI) + `grc.license_register` row `LIC-2026-001` + Mauritius Companies Registrar public extract. |

---

## E11 — MiCAR notification & filing references

| Source key | Fact | Source |
|---|---|---|
| `E:WP-GIFT-MICAR-FORM-2026-05` | The issuer's regulator-facing white-paper notification to the home Member State competent authority (Česká národní banka) under MiCAR Article 8 (Title II) or Article 17 (Title III, depending on final classification). Part F of that notification carries the issuer's structural risk-disclosure that the body §9 of the whitepaper maps to (see WP §9 mapping table). | `[FORWARD-LOOKING]` — the structured MiCAR Art. 6(7) machine-readable notification has not yet been filed (15 P1 blockers identified in `GAP-GIFT-MICAR-v1.0-2026-05-28`; see `documents/utribe/projects/gift-lp-whitepaper/MICAR-GAP-ANALYSIS-v1.0-2026-05-28.md` and the v2.0 remediation plan). The narrative MiCAR submission form drafted at `WP-GIFT-MICAR-FORM-2026-05` is on internal file; the filing event will land as a separate ISO 27001 evidence event when notified to the CNB. |

---

## Appendix — Anchors retired from v0.1 (not cited in WP v1.2)

The following anchors appeared in `EVIDENCE-v0.1.md` but are not cited in WP v1.2. They are recorded here for audit-trail continuity. Underlying evidence (where it exists) remains accessible through the §12.5 channel; the anchors are retired only at whitepaper-citation level.

**Drafting-cut markers** (clean cuts from v0.1 drafting; preserved in `EVIDENCE-v0.1.md` for audit only):

- `E:CUT-CHAINLINK`, `E:CUT-COMMODITY-BASKETS`, `E:CUT-COUNTERPARTY-MATRIX`, `E:CUT-FAIZAH-TOKENOMICS`, `E:CUT-SILVER`, `E:CUT-STRUCTURED`, `E:CUT-YIELD`

**Standing-rule references** (no longer carried as `[E:...]` anchors; cited inline as plain-language standing-rule names where needed):

- `E:RULE-EXTERNAL-HYGIENE`, `E:RULE-LICENCE-POLICING`, `E:RULE-SECURITISE`, `E:RULE-VERIFIED-ONLY`

**V1 / V2 deploy markers** (superseded by the consolidated Polygon deployed-contracts inventory committed 2026-06-04, commit `df908cf`):

- `E:GIFT-DEPLOY`, `E:COMPLIANCE-REGISTRY-DEPLOY`, `E:V1-KYC-CONTRACT`, `E:V1-WHITELIST-CONTRACT`, `E:V2-MINT-CONTROLLER-DEPLOY`, `E:V2-POR-DEPLOY`

**RPC sweep notes** (debug-time markers from the v0.1 build; the consolidated `E:RPC-ENDPOINTS-USED` row in E1 supersedes):

- `E:RPC-PUBLICNODE-403-FROM-CAIT-IP`, `E:RPC-PUBLICNODE-PUBLIC-NOT-ARCHIVE`, `E:RPC-QUIKNODE-PUBLIC-WORKING`

**March-16 attestation enumerations** (superseded by the wrapped HT Digital Ltd. Independent Assurance Report once it lands at the canonical GitHub path per `cait.todo #365`):

- `E:MAR16-HOLDER-ENUM`, `E:MAR16-MINT-ENUM`

**LBMA status verification** (retained operationally in `grc.custody_partner.lbma_member_status` and the underlying provenance trail; not cited in WP v1.2 because the body uses the `investment-grade-gold-terminology-rule` framing rather than naming LBMA status):

- `E:LBMA-STATUS`

---

## Open work

- **Port pass** for the 53 anchors carried over from `EVIDENCE-v0.1.md` E1–E6. Skeleton notes in those sections are placeholders; full row-by-row port is a follow-up commit.
- **Wrapped HT Digital Ltd. Independent Assurance Report** to land at the canonical path per `cait.todo #365`. On arrival, the E2 + E3 sections gain a row pointing to the wrapped PDF; the retired `E:MAR16-HOLDER-ENUM` / `E:MAR16-MINT-ENUM` markers are formally retired.
- **`E:HT-AUDIT-CADENCE` update** to reflect the 2026-05-30 CEO decision that HT Digital Ltd. delivers a **quarterly Type II attestation** covering PoR + PoCS + token-management functions (per `cait.session_context #278`).
- **`E:WP-GIFT-MICAR-FORM-2026-05` transition** from `[FORWARD-LOOKING]` to a recorded filing event once notified to the CNB.

## Provenance

- File created 2026-06-06 by CAIT under Lou direction (Slack DM 2026-06-06 21:27 UTC msg `1780781227.274569`, Q1–Q4 answers).
- Skeleton + 15-new-anchor rows committed first per Lou Q4 direction; full v0.1 → v1.2 port pass deferred to a follow-up commit.
- Predecessor `EVIDENCE-v0.1.md` retained on disk for audit-trail continuity; not deleted.
- No ISO event fired per Lou standing direction (held until the wrapped HT Digital Ltd. Independent Assurance Report lands at the canonical path).
