Compliance

How Brain maps to the AI governance frameworks

Brain's job is governed, provable AI: each person sees only what they are cleared to, and every access is recorded in a tamper-evident log anyone can verify. Below is how those controls map to the EU AI Act, the NIST AI Risk Management Framework, and ISO/IEC 42001.

This is a mapping of Brain's technical controls to relevant requirements, to help your compliance team. It is not a certification, an attestation, or legal advice; framework conformity is assessed for your organization as a whole.

EU AI Act

The controls most relevant to record-keeping, data governance, human oversight, and transparency for AI systems operating over company data.

Record-keeping / logging (Art. 12)

Tamper-evident, content-blind audit ledger

Every governed access is recorded in a hash-chained log that proves what happened without storing the content, and an auditor can re-verify the whole chain offline.

Data and data governance (Art. 10)

Per-person ACL pre-filter + field-level redaction

Retrieval is filtered to each person's cleared sources before the model runs, and sensitive fields are redacted inside an allowed document.

Human oversight (Art. 14)

Human-in-the-loop write queue + agent kill-switch + guardrails

An agent's write-back is held for human approval, an agent can be revoked instantly, and guardrails bound what agents may do.

Transparency (Art. 13)

Verifiable answer receipts + citation provenance

Each answer carries a verifiable ledger receipt and version-bound citations of the exact sources it was grounded in.

NIST AI Risk Management Framework

Brain's controls across the four RMF functions: GOVERN, MAP, MEASURE, MANAGE.

GOVERN

Policy-as-code ACL/ABAC + owner-bounded, ledger-recorded grants

Access and sharing run through one governed grant path that is owner-bounded and recorded, so policy is enforced and auditable, not ad hoc.

MAP

Provenance graph + recursive lineage stamping

Every derived object records where it came from, so the data lineage feeding any AI answer is mapped and traceable.

MEASURE

Governance benchmark + the tamper-evident audit

A non-leakage benchmark and the audit chain make governance measurable and continuously checkable.

MANAGE

Kill-switch, verifiable forget (RTBF), oversharing detection

Access can be revoked, derived memory verifiably forgotten, and over-broad sharing surfaced and remediated.

ISO/IEC 42001

The AI management system controls Brain directly supports: access, logging, data management, and accountability.

Access control

Per-user access governance (ACL pre-filter)

Each person and agent only ever reaches what they are cleared to see, enforced before retrieval.

Logging and monitoring

Content-blind, tamper-evident audit ledger

Every access is recorded in an independently verifiable, content-free log.

Data management

DLP at ingest and egress + field-level redaction + provenance

Secrets are blocked at ingest, sensitive data redacted on read, and every object's lineage recorded.

Accountability and roles

Ledger-recorded grants + ERC-8004 attribution

Who granted what, and which agent acted, is attributable and recorded for every governed action.

See the audit you can prove

The record behind these controls is content-blind and independently verifiable. Start free, or compare Brain against the tools you know.

Start free