Compliance
The frameworks your AI agents answer to. The evidence the substrate produces.
Each framework asks, in its own vocabulary, the same thing: prove what happened. None of them is satisfied by a model that probably behaves. The substrate produces the attributable, tamper-evident record of what every agent actually did, under whose policy, kept inside your boundary. This is not a certification claim. It is the evidence the governance each framework expects assumes you can produce.
2026 interagency model-risk guidance that supersedes SR 11-7 and scopes agentic AI out, directing banks to broader governance. The evidence is the record of what every agent did.
Read the SR 26-2 page →
Mandatory cybersecurity standards for the Bulk Electric System. Agents that touch in-scope systems inherit the control obligations; the substrate produces the attributable, tamper-evident record those controls assume.
Read the NERC CIP page →
The AI Risk Management Framework and its Generative AI Profile ask for governed, mapped, measured, and managed AI. Attribution and an interrogable audit record are how you evidence the Manage function for agents.
Read the NIST AI RMF 1.0 page →
High-risk AI requires documented explainability. The substrate produces the attributable, interrogable record of what each agent did, retained inside your boundary.
Read the EU AI Act page →
Requires AI decisions to be recoverable and attributable. Every agent action is recorded under a specific policy and reconstructable after the fact.
Read the DORA page →
This material is informational, not legal or regulatory advice. The substrate produces the record; assess your specific obligations with qualified counsel.