Compliance
Altrace enforces governance at the infrastructure layer — not the application layer. Every decision is recorded with causal provenance and tamper-evident integrity. Your compliance team gets enforcement evidence, not log files.
Frameworks
Articles 9, 14, 52
Human oversight, risk management, and transparency — enforced at the infrastructure layer. Altrace produces machine-readable evidence that auditors can verify. Art. 14 deadline: August 2, 2026.
Trust Service Criteria
Tamper-evident audit logs with hash-chain integrity. Every governance decision — allow, block, warn, kill — is recorded with full causal context. Continuous compliance evidence, not periodic snapshots.
19 of 51 controls
The AI Under Control standard defines governance requirements for autonomous AI agents across five domains. Altrace enforces controls at the infrastructure layer and reports compliance status in real time.
Access control (AC), audit and accountability (AU), and security assessment (CA) families. Delegation contracts enforce least-privilege access. Continuous audit evidence satisfies monitoring requirements.
Content-blind architecture means Altrace never reads prompt or response content. Your data stays in your infrastructure. Governance operates on metadata and boolean labels only.
Enforcement
Governance decisions are enforced below the application — at the network layer. Agents cannot bypass controls regardless of prompt behavior.
Controls are enforced by a sidecar proxy in Kubernetes. Agents have no code path to bypass governance. This is enforcement, not monitoring.
Every governance decision is recorded with a hash-chain. Modifications are detectable. Auditors get causal records with machine-readable reason codes.
One API call blocks all new LLM requests for a team or agent. Kill state persists through restarts. Maximum cost overrun is bounded and quantifiable.
Authority can only shrink through delegation, never grow. Budget, model access, and tool permissions are attenuated at each level of the agent hierarchy.
Per-team and per-agent budget limits with graduated enforcement. Soft limits warn. Hard limits block. Kill switches activate automatically at thresholds.
Altrace never reads prompt or response content. Governance operates on metadata: model, cost, agent identity, delegation chain. Your data stays private.
Request access and we'll walk through how Altrace maps to your specific regulatory requirements.