Dynamic regulation compliance

The rules governing AI systems keep moving: the EU AI Act is phasing in, sector regulators are issuing guidance, and what was acceptable last quarter may not be acceptable next. For agents, compliance has to be a process, not a document.

What this is

Most compliance work produces a document that is accurate on the day it is signed and stale within a quarter. Agents make that worse: they change when their models change, and the rules that govern them change on their own schedule.

We treat compliance as an engineering loop. First a map: which regulatory instruments actually apply to your agents — the EU AI Act, GDPR, the sector rules of your market. Then a translation: each obligation becomes a concrete, enforceable guardrail on what your agents can do, not a paragraph in a policy. Then maintenance: when the rules move, or your agents do, the map and the guardrails are re-reviewed and updated.

Two things this is not. It is not legal advice — we work alongside your counsel, translating obligations into engineering, and the legal judgement stays with them. And it is not a certification — nobody can guarantee a compliance outcome, and anyone who promises one is guessing at your expense.

What an engagement covers

  • Regulation mapping

    Which instruments apply to your agents and why: jurisdiction, sector, data involved, decisions made. Scoped with your counsel where you have one.

  • Obligation-to-guardrail translation

    Each applicable obligation becomes an enforceable constraint on the agent — logging, human oversight points, data handling boundaries, disclosure behaviour — with the rule that required it recorded next to it.

  • Evidence file

    The record an auditor or regulator would ask for, kept current: what your agents do, what constrains them, what was tested, and when each item was last reviewed.

  • Change watch

    We track movement in the instruments mapped to your deployment. When something in scope shifts, you hear about it with an assessment of what it touches, not a news clipping.

  • Re-review and update

    Regulatory change, model change or product change triggers the same loop: re-map, re-translate, re-test where sandboxing is in scope, and update the evidence file.

  • Counsel handoff

    Everything is written so your lawyers can rely on its facts: what the agent does, what constrains it, what was observed. Legal interpretation stays where it belongs.

What we are building

We are developing tooling that watches regulatory sources for change and proposes guardrail updates automatically — the "dynamic" in dynamic compliance, done by software rather than by calendar.

It is in development. It has not shipped, it is not part of any engagement, and nothing on this page assumes it. Until it has been proven in real use, every engagement is delivered by a person using the discipline described above. When that changes, this page will say so — with evidence, not adjectives.

Start with the review

A short consultation comes first, to establish fit. The review then maps what applies to you and where you stand against it. Send your company name, what your agents do, and which markets you operate in.

Request a compliance review