What does this product do?
It is a deterministic AI governance gateway that sits between AI systems and execution, deciding whether an AI action is allowed, blocked, or requires additional steps before it runs.
AI Governance Gateway
Frequently Asked Questions
Deterministic enforcement, how it differs from monitoring, and what outcomes to expect.
Product & capability
How it works
How is this different from AI monitoring tools?
Monitoring tools detect issues after execution. This gateway prevents non-compliant AI actions before they occur.
How does this work with chatbots?
Chatbot intent is validated against a controlled catalog and evaluated before execution. Unknown intents are blocked by default.
Is this only for chatbots?
No. It also supports agent workflows, inference APIs, and AI-enabled CI/CD pipelines.
Compliance & risk
Does this replace compliance or GRC tools?
No. It complements them by enforcing compliance at runtime while traditional tools handle audits and reporting.
Which regulations are supported?
GDPR, EU AI Act, and configurable internal or sector-specific policies.
How does this reduce fines and legal risk?
By preventing violations before execution and producing immutable compliance evidence.
Do you offer certification? Is the system auditable?
We do not create or certify against new standards. We help organizations comply with existing law.
Our gateway is designed to align directly with applicable legislation, so no separate third-party certification is required—legal requirements take precedence over private certifications.
For audits, we maintain secure, tamper-evident records tied to each relevant legal provision. These records can be shared with you or any authorized auditor when needed.
How does your system map to specific EU AI Act articles?
We map both GDPR and EU AI Act–applicable articles at runtime only. Applicable provisions are derived from metadata we extract from your system and are matched against our configured guidelines under each regulation.
Can you generate regulator-ready documentation? If a regulator (e.g. BaFin) audits us, how does your system support us?
We provide artifacts generated from runtime execution-including decisions such as Allow, Block, and Human-in-the-loop-that support your existing evidence and conformity documentation. These outputs are designed to complement your conformity assessment process rather than replace it.
What happens when regulations change?
When regulations change or are updated, we update our system accordingly and inform customers of what has changed, when the new requirements become enforceable, and how they can comply using our gateway.
If there is a compliance failure, how do you address and manage it?
We aim to provide the broadest possible coverage of enforceable compliance requirements. Any shortfall is addressed through root cause analysis and adjustments to the relevant controls. Because we only process data provided by you and do not operate your systems, we are not subject to fines or prosecution arising from your use of the gateway.
Technical
Do you modify or retrain AI models?
No. The gateway operates externally and does not affect model training or performance.
Does this add latency?
No. It is API-based, stateless, and designed for low-latency real-time decisions.
What happens if the system is unavailable?
Fail-safe configurations ensure stability while preserving compliance posture.
What data do you process on your servers?
We process only the metadata necessary for decisioning. We do not process other data on our systems.
Getting started
What ROI can customers expect?
Customers typically see ~3,000%–8,000% ROI through avoided fines, incidents, and regulatory exposure.
Can you perform a risk assessment of our current system and provide a score?
No. We do not perform risk assessments or scoring of client systems.