Five Suites. One Verifiable Core.
Each suite packages a set of capabilities around a specific institutional need. Every output is verifiable, exportable, and operator-controlled.
Compliance Suite
Compliance officers, DPOs, AI Act project leads
Regulatory frameworks require continuous risk assessment, incident reporting, and material documentation. Manual processes do not scale.
Risk registry (Annex III classification) · Monitoring dashboards (drift, distribution, escalation) · Incident reports (Art. 73 deadlines) · AI Bill of Materials (SPDX 3.0)
Structured regulatory artefacts with deterministic classification. Exportable for auditor review.
Audit Suite
Internal audit, external auditors, regulators
Auditors need to verify that a historical decision was made correctly, with the right evidence, under the right policy. Most systems cannot replay or prove this.
Deterministic replay · Multi-language explanation · Decision lineage graph · Unified audit report · Append-only ledger · Cryptographic timestamps · Signed evidence pack
Every decision is replayable, explainable, and exportable with cryptographic integrity. Offline-verifiable.
Governance Suite
CROs, governance boards, policy architects
Governance requires role-based control, policy lifecycle management, temporal analysis, and constitutional consistency checks. Ad-hoc tools leave gaps.
RBAC with maker-checker · Policy lifecycle and versioning · Temporal replay and what-if analysis · Constitutional consistency verification · Gateway modes (Observe / Shadow / Enforce)
Policy changes are versioned and auditable. Gateway mode transitions are logged. What-if scenarios are deterministic.
Analysis Suite
Risk analysts, data scientists, decision engineers
Anomaly detection, external data integration, and decision model interoperability require specialised tooling that integrates with the governance layer.
Statistical anomaly detection (FFT, Mahalanobis) · External evidence connectors (normalised, integrity-verified) · DMN import/export for decision model interoperability
Anomaly scores are deterministic. External evidence is integrity-verified. DMN models are version-controlled.
Protection Suite
CISOs, operations teams, critical infrastructure operators
AI systems must be stoppable. Emergency response needs graduated control with cryptographic proof that shutdown was authorised and witnessed.
Graduated emergency control (S5→S1) · Witness attestation · Offline licence (no phone-home) · Plan enforcement
Emergency transitions are cryptographically attested. Licence verification is offline-capable. Response levels are compile-time enforced.
Detailed technical specifications, integration guides, and deployment architectures are available under NDA as part of a guided pilot engagement.