The platform

One platform. Every AI tool your team uses. Full governance lifecycle.

From the first unapproved tool detected by the network sensor to the AI Passport issued at the end of the process. One platform handles every step.

20+
regulations mapped
Always
audit trail on every action
AI
assisted throughout
vigil24 / command-center
Unified AI Inventory
Every AI system, automatically discovered and organized.
Finance
ChatGPT
Claude
HR
ChatGPT
Claude
Copilot
Engineering
ChatGPT
Claude
Copilot
Gemini
Marketing
ChatGPT
Claude
Legal
ChatGPT
Claude
Copilot
Ops
ChatGPT
Claude
Copilot
Gemini
Module 01

AI Registry and Shadow AI

A live inventory of every AI system. Not just the ones you declared.

56% of employees use AI tools their organisation has not approved (IDC, 2025). The platform finds them before you have a problem.

Three detection methods run in parallel. The browser extension catches tools accessed through any browser. The network sensor catches tools connecting through the corporate network. The endpoint agent catches tools running on managed Windows devices.

Each detected tool is matched against a catalogue of 200+ known services. It gets a risk score. It goes into the review queue.

One click moves a detected tool into the formal registry with its risk score already filled in. The vendor registry sits alongside, tracking third-party AI suppliers with risk rating, contract status, and a re-review trigger when a vendor releases an update.

AI Registry and Shadow AI screenshot
Module 02

Risk and Compliance

Risk assessment that produces evidence, not just a score.

The AI reads whatever you have about the system and drafts the risk profile. The team reviews it. A second person approves it. The reviewer and the approver cannot be the same person.

For a credit scoring model, the AI surfaces automated decision risk under GDPR Article 22 and EU AI Act Article 14, data quality requirements under Article 10, and explainability obligations under Article 13.

For a system processing data of Indian users, it flags consent obligations under the India DPDP Act 2023, data retention limits, and the 72-hour breach notification requirement.

Gaps that cannot be closed right away can have an exception granted. The exception has a hard deadline. It expires automatically. The gap reopens when it does. The responsible person is notified.

Risk and Compliance screenshot
Module 03

Policy Engine

Policies that track their own compliance.

Each obligation in a policy is a separate tracked item with an owner and a status. When a policy is applied to a system, the platform creates a gap for every unmet clause straight away.

Pre-built templates: EU AI Act, NIST AI RMF, GDPR, ISO 42001, DORA, FCA Consumer Duty, India DPDP Act 2023, Singapore Model AI Governance Framework.

Every policy edit creates a new version. Old versions are kept for audit. A policy cannot go live until a second person signs off.

Policy Engine screenshot
Compliance professional reviewing the platform
Module 04

Audit and Evidence

A complete record. Ready whenever you need it.

Every action on the platform is logged: who did it, what they did, which system it affected, and whether it was allowed. The log cannot be edited or deleted.

Blocked actions include the reason they were blocked. Approval decisions include the reasoning. The trail explains itself to anyone reading it later.

Download the full audit trail as CSV or JSON at any time. Generate an executive risk report as a PDF in one click.

Audit and Evidence screenshot
Module 05

AI Passport

When a system has been fully governed. Prove it.

When a system completes the full process, it gets an AI Passport. A signed record of everything that was assessed, approved, and evidenced.

Share it with customers, regulators, or procurement teams. Premium feature.

AI Passport screenshot
Module 06

Vendor Registry

Third-party AI is still your risk.

Each vendor record captures: vendor name and category, risk tier (Low / Medium / High / Critical), data processing agreement status, contract review date, data residency, and the AI systems in your registry that rely on this vendor.

A re-review is triggered automatically when the vendor releases a model update or when the contract review date is reached. When a vendor is marked High or Critical risk, all dependent systems are flagged for reassessment.

Vendor Registry screenshot
AI-Assisted Governance

Less time on research. More time on decisions.

Risk suggestions

Upload a system description. The AI identifies the applicable risks, recommends a control for each, and suggests the evidence a regulator would expect.

Audit queries

Ask how many exceptions were granted in the last quarter. Ask whether any approvals were attempted by the same person who created the record. Get a direct answer from the actual data. Available for audit history queries. Additional AI assistant features are in development.

Regional intelligence

The platform applies the right regulatory context based on where a system is deployed. A model processing data of Indian users triggers India DPDP Act 2023 obligations. The same model in Singapore falls under the Singapore Model AI Governance Framework. Across multiple ASEAN countries, the ASEAN AI Governance Guide 2024 provides the regional reference.

Regulation coverage

20+ regulations at launch. Mapped at the article level. Updated when rules change.

EU AI Act

Effective August 2024. Sets risk tiers for AI on the EU market. High-risk applications in employment, credit, education, and healthcare face strict obligations including risk management systems, data governance, transparency, and human oversight requirements.

NIST AI RMF

Published January 2023. Voluntary but widely used. Organises AI risk management across four functions: Govern, Map, Measure, and Manage. Frequently cited in US federal procurement requirements.

GDPR

Applies to any AI system processing personal data of EU residents. Key obligations: lawful basis, automated decision protections under Article 22, data minimisation, processor accountability, and impact assessments for high-risk processing.

ISO 42001

Published December 2023. The first international standard for AI management systems. Provides a certifiable framework covering governance policy, risk assessment, and evidence requirements.

DORA

Applied from January 2025. Covers financial entities in the EU. Addresses third-party ICT risk including AI, incident classification and reporting, and resilience testing.

FCA Consumer Duty

In force July 2023. Requires UK financial services firms to show that AI used in customer-facing decisions produces fair outcomes. Relevant to AI in lending, insurance, and product recommendations.

India DPDP Act 2023

Enacted August 2023, with DPDP Rules 2025. Applies to any AI system processing personal data of individuals in India. Key obligations: informed consent for each processing purpose, data retention limits, erasure when consent is withdrawn, and breach notification to the Data Protection Board of India within 72 hours.

Singapore Model AI Governance Framework

Developed by the IMDA and the PDPC. Referenced by the Monetary Authority of Singapore for AI in financial services. Two principles: AI decisions should be explainable and fair, and AI should be human-centric. Used as the standard for Singapore market entry and MAS-regulated firms.

ASEAN AI Governance Guide 2024

Issued by ASEAN in February 2024, with a Generative AI supplement in 2025. Covers all ten member states. Used as the foundation for national AI policy across the region. For organisations operating across multiple ASEAN countries, it provides a single regional reference that reduces country-by-country mapping work.

Regulation coverage grows with each content update. When a regulation changes, affected policies and in-scope systems are flagged for review automatically.

Start with the module that solves your most urgent problem.