Knox isn't the first to anchor to Bitcoin. Here's what it adds.

The primitive Knox depends on. Published standard, independent calendar-server infrastructure, maintained by a community that predates Bonis. If all you need is 'prove this hash existed at time T' for an individual file, you don't need Knox — just run `ots stamp file.pdf` directly.

OTS is a timestamp primitive, not a system of record. No hash-chain for ordering between records, no evidentiary envelope (signers, geography, device attestation, oracles), no public API to query an anchor by payload hash, no self-authenticating affidavit scaffold, no integration with federal exclusions or SBOM vulnerability feeds.

Knox is the operational wrapper around OTS for commercial and federal use cases that need the envelope, audit trail, affidavit, and integrations. The Bitcoin anchor under Knox IS OpenTimestamps — we did not replace it. We built the layer around it.

Deep backing from Adobe, Microsoft, BBC, major camera makers. Content provenance manifests embedded directly into images and videos so the proof travels with the file. For media specifically, C2PA is the current industry direction and rightfully so.

PKI-custodial. The manifest integrity depends on a certificate chain that can be revoked — which means prior records become ambiguous unless the revocation timeline is itself provable. C2PA does not publish a public-chain anchor by default; verification depends on a CA being online and trustworthy. Scope is limited to media content; not intended for generic business records, supply-chain events, or multi-signal attestations.

Different scope (any record, not just media) and different trust model (Bitcoin anchor that PKI rotations don't compromise). C2PA and Knox are complementary, not competing — a media file can carry a C2PA manifest AND be anchored into Knox for public-chain permanence. Knox does NOT embed manifests into media; for that specific feature, C2PA is the right tool.

Enterprise-ready, deep AWS IAM integration, SQL-like query interface, managed service with no operational burden, committed data model.

Vendor-controlled. AWS can be served a subpoena for your ledger; your records' integrity depends on AWS being truthful and online. No Bitcoin anchor, no external permanence layer. Lock-in: your ledger is in Amazon's ion format and exiting means re-anchoring to something else. If AWS discontinues the service (as it has done with other products), your ledger survives only as long as AWS keeps a read-only archive available.

Knox is vendor-independent by design. If Bonis Systems disappears tomorrow, your records verify against Bitcoin without any Bonis server. That is the Continuity Guarantee — QLDB cannot make it because AWS is the custodian.

Default for contract signatures. Deep enterprise adoption, accepted by most courts, ESIGN Act / UETA compliant, well-understood legal posture. If you need a signed PDF with a timestamp and signer identity verification, DocuSign is the right tool.

Vendor-controlled audit trail. DocuSign's certificate of completion depends on DocuSign being online and operational. No public-chain anchor — if the DocuSign record is disputed, the counter-party has to subpoena DocuSign to produce the evidence, and the record depends on DocuSign's internal chain-of-custody practices. No tamper-evident hash-chain linkage between separate signatures.

Complementary. Use DocuSign for the signature workflow — and Knox to anchor the signed-document hash to Bitcoin. DocuSign provides the identity ceremony; Knox provides the public permanence. For audit integrity of the DocuSign record itself over decades, the Knox anchor outlasts any vendor.

Established developer workflow for code and artifact signing. Short-lived certificates + Rekor transparency log. Backing from Google, Linux Foundation, OpenSSF. For software supply-chain provenance specifically, Sigstore is the right direction.

Rekor is itself a centralized transparency log, independently operated by the Linux Foundation. Re-verification of a Sigstore signature requires Rekor to be online. Short-lived certs mean the signer's identity is not self-evident from the signature alone — the chain-of-trust relies on the OIDC identity provider's historical state. Scope is code signing; not intended for generic business-record anchoring or multi-signal attestation.

Different scope (evidence records, not code artifacts), different primitive (Bitcoin anchor, not certificate + transparency log). Sigstore and Knox can coexist: a Sigstore-signed container image's manifest hash can itself be Knox-anchored for permanence beyond Rekor.

Cheap, trivial to implement, works today with any RDBMS. For most internal audit needs that will never be litigated, it's sufficient. Do not over-engineer.

Any single DBA with the right credentials can alter both the records and the audit trail of the alteration. Custodian-controlled. No external witness. In a dispute, the plaintiff's first move is to argue the defendant's audit log is incomplete or altered — and without an external anchor, there is no way to refute that argument without calling the DBAs as witnesses.

For records that will be subject to regulatory audit, litigation, vendor bankruptcy, or a dispute between two parties who don't trust each other, the custodian-controlled log is insufficient. Knox anchors the audit log's own hash-chain checkpoints to Bitcoin — the audit log remains where it is; Knox makes it tamper-evident against the operator.

Same Bitcoin primitive, some operational for years longer than Knox. For the specific problem of public-timestamping a hash, they may already meet your requirement.

Most do not publish a machine-checked formal specification. Most are closed-source black-boxes whose algorithm is not independently verifiable. No federal-exclusions enrichment, no hash-chain linkage between records, no self-authenticating affidavit scaffold, no zero-dep air-gap verifier distributed for public redistribution.

If your requirement is 'timestamp a hash to Bitcoin' and nothing else, any of these may work. Knox's differentiation is the operational and evidentiary layer around the timestamp — formal spec, affidavit, air-gap verifier, federal-integration, charter governance, hash-chain of custody.