Platform content
We maintain
  • Regulation library
  • Policy templates
  • Shadow AI catalogue
Customer content
You own
  • AI system records
  • Risk assessments and policies
  • Audit trail and evidence

When we update the left side, nothing on the right side changes.

Content updates

Regulations change. New AI tools appear every week. The platform keeps up with both.

Every customer gets the same up-to-date governance content. The delivery method depends on how the platform is deployed.

Two types of content

Platform content: the regulation library, policy templates, controls catalogue, risk taxonomy, use case library, and the shadow AI tool catalogue. We maintain this.

Customer content: AI system records, risk assessments, policy versions, compliance gaps, evidence, and the audit trail. This belongs entirely to the customer.

These two never mix. When we release a content update, it never touches anything the customer has created.

What platform content covers

Regulations and articles

EU AI Act, GDPR, DORA, FCA Consumer Duty, NIST AI RMF, ISO 42001, India DPDP Act 2023, Singapore Model AI Governance Framework, ASEAN AI Governance Guide 2024, and others.

Policy templates

Pre-built starting points for each mapped regulation. Clauses already written. Regulation articles already mapped.

Controls catalogue

A reusable library of governance controls, each mapped to the risk types they address.

Risk taxonomy

A catalogue of AI risk types mapped to the system types they apply to.

Use case library

Common AI use cases, each with a pre-assessed risk level and the regulations most likely to apply.

Shadow AI catalogue

200+ known tools with detection fingerprints for all three detection methods. Free and enterprise versions listed separately.

How updates reach customers

Cloud

Applied automatically when we release. Customers see updated content without taking any action. If a regulation changes in a way that affects existing policies, a change alert is generated.

On-premise, connected

The update agent pulls bundles inward on a schedule. No customer data moves outward.

Air-gapped

A signed bundle is produced on an agreed schedule and imported manually. Content is current as of the last import.

When a regulation changes

The content team updates the mapping and cuts a new bundle. The bundle reaches the customer. The platform creates an alert: what changed, which live policies are affected, and which systems are in scope. The compliance team reviews and decides what to update. The platform never changes customer policies automatically.

Key guarantees

  • Customer data is never in a bundleUpdates contain only platform content.
  • Bundles are signedCustomers can verify the bundle came from us and was not modified.
  • Imports are safe to repeatRunning one twice causes no duplicates or data loss.
  • Regulation changes never silently alter customer policiesChanges are flagged for human review.
  • Air-gapped customers get the same content as cloud customersOnly the delivery method differs.