- Regulation library
- Policy templates
- Shadow AI catalogue
- AI system records
- Risk assessments and policies
- Audit trail and evidence
When we update the left side, nothing on the right side changes.
Regulations change. New AI tools appear every week. The platform keeps up with both.
Every customer gets the same up-to-date governance content. The delivery method depends on how the platform is deployed.
Two types of content
Platform content: the regulation library, policy templates, controls catalogue, risk taxonomy, use case library, and the shadow AI tool catalogue. We maintain this.
Customer content: AI system records, risk assessments, policy versions, compliance gaps, evidence, and the audit trail. This belongs entirely to the customer.
These two never mix. When we release a content update, it never touches anything the customer has created.
What platform content covers
EU AI Act, GDPR, DORA, FCA Consumer Duty, NIST AI RMF, ISO 42001, India DPDP Act 2023, Singapore Model AI Governance Framework, ASEAN AI Governance Guide 2024, and others.
Pre-built starting points for each mapped regulation. Clauses already written. Regulation articles already mapped.
A reusable library of governance controls, each mapped to the risk types they address.
A catalogue of AI risk types mapped to the system types they apply to.
Common AI use cases, each with a pre-assessed risk level and the regulations most likely to apply.
200+ known tools with detection fingerprints for all three detection methods. Free and enterprise versions listed separately.
How updates reach customers
Cloud
Applied automatically when we release. Customers see updated content without taking any action. If a regulation changes in a way that affects existing policies, a change alert is generated.
On-premise, connected
The update agent pulls bundles inward on a schedule. No customer data moves outward.
Air-gapped
A signed bundle is produced on an agreed schedule and imported manually. Content is current as of the last import.
When a regulation changes
The content team updates the mapping and cuts a new bundle. The bundle reaches the customer. The platform creates an alert: what changed, which live policies are affected, and which systems are in scope. The compliance team reviews and decides what to update. The platform never changes customer policies automatically.
Key guarantees
- Customer data is never in a bundleUpdates contain only platform content.
- Bundles are signedCustomers can verify the bundle came from us and was not modified.
- Imports are safe to repeatRunning one twice causes no duplicates or data loss.
- Regulation changes never silently alter customer policiesChanges are flagged for human review.
- Air-gapped customers get the same content as cloud customersOnly the delivery method differs.