The governance layer of the sovereign-AI stack.
Every AI deployment, in Lagos or in London, has hardware, compute, models, and applications. Between them there is a layer that records what happened, who authorised it, and on what lawful basis. That layer is what a regulator asks for. That layer is what we build.
What this page deliberately does not show.
How the checks and records are built is not on this page. We show that live, with worked examples, in the discovery call under NDA. This page covers outcomes, obligations, and topologies.
Where we sit in the stack.
The sovereign-AI stack already has owners at every layer. Silicon vendors at the bottom, sovereign data-centre operators at compute, local foundation-model providers at the model layer, ministry teams at applications. The governance layer in the middle has had no owner. That is the gap a regulator notices first.
Applications
The ministry tools, research platforms, and public services built on AI.
Models
Foundation and fine-tuned models, sovereign or global.
Governance & accountability
Where the record of what trained what, under whose authority, lives.
Compute infrastructure
Sovereign data centres and on-prem clusters.
Silicon
The chips that run it all.
How regulation becomes a deliverable.
Regulators do not ask for a diagram. They ask for an answer: which dataset trained this model, who approved it, on what lawful basis, and can you show me. Every obligation maps to a deliverable a non-technical reader can open and understand.
§5 (Data governance)
Know what trained each model, where it came from, and on what lawful basis.
Data Registry + Model Registry
A complete, searchable catalogue of every dataset and model, with provenance stamped at registration.
§7.2 (Human oversight)
A named human must sign off on every automated decision of consequence.
Tamper-evident attestation record
Every sign-off is recorded with who, when, and why. A sign-off is never overwritten. To change it, you add a new one and the earlier one stays on the record.
Section 25 (Automated decision-making)
Citizens have a right to know the lawful basis and to have a human review.
Evidence Pack
One click produces a regulator-ready dossier: lawful basis, approver, scope, and the audit trail.
Articles 10–15 (High-risk obligations)
Technical documentation, record-keeping, transparency, human oversight, accuracy.
Governance Standards Hub
Each article is a checkable requirement; compliance is shown as a live score, not a spreadsheet.
Cross-border + residency
Some data must not leave the jurisdiction, some must be accompanied by contracts.
Deployment-tier controls
SaaS today, with sovereign on-premise as a scoped engagement we deliver with your team. The shape is set at contract time.
The journey of a dataset and a model.
From the moment data arrives to the moment you produce evidence for a regulator, every step has an owner, a record, and a check. You do not have to remember what you did last year. The platform does.
- Step 1
Receive
Every dataset, table, API, and model arrives through a named owner.
- Step 2
Document
Schema, sensitivity, provenance, lawful basis, and owner captured at first contact.
- Step 3
Validate
Quality checks run; gaps surfaced to the team who can fix them.
- Step 4
Govern
Standards applied, human sign-off captured, change history preserved.
- Step 5
Evidence
A regulator-ready dossier produced on demand. One document, every question answered.
Where it runs is your call.
Some data must not leave the jurisdiction. Some must not leave the building. The product is the same. The topology changes. We design the deployment shape with you before anything is installed.
Managed SaaS
Live todayWe host. You log in. Fastest to value.
When: Departments with no residency constraint and a need to move this quarter.
Sovereign on-premise
Scoped engagementRuns inside your data centre, under your keys. Delivered with your team.
When: Ministries where data must not leave the jurisdiction, or law forbids outside access.
Questions senior evaluators ask.
- Why can't we build this in-house with an open-source governance toolkit?
- You can build the primitives. What you cannot build quickly is the long-run accountability trail and the regulator-ready evidence format that our customers have tested under real NITDA, NDPA, and EU AI Act scrutiny. The cost of learning those in production is paid with findings, not code.
- How do you handle a regulator asking for the trail of a decision made two years ago?
- A decision from two years ago is still on the record, including who approved it, what data it was based on, and any later decisions that replaced it. An Evidence Pack shows your exact compliance state at any chosen date.
- What about our existing data warehouse, CMDB, and integration fabric?
- We connect to them rather than replace them. eventParity is the layer above. The accountability record, not the storage engine. We have connectors for the stacks regulated sectors tend to already run.
- Can we see the inside?
- Yes, in the discovery call under NDA. We demo the product live, work through a sign-off, produce an Evidence Pack, and answer the implementation questions a CISO or Chief Data Officer needs to close.