AGEI

Compliance Evidence, Not Compliance Guarantees

AGEI is designed to help organizations preserve evidence that may support AI governance, audit preparation, privacy review, model risk management, and regulatory response.

Compliance Support Disclaimer

AGEI does not guarantee legal, regulatory, or audit compliance. It helps preserve evidence about AI governance events — who or what acted, what happened, when it happened, where it occurred in the workflow, which policy applied, what evidence was reviewed, and what decision was made. That evidence can support compliance, audit, risk, legal, and regulatory review when configured and used correctly.

GDPR

Privacy evidence

SOC 2

Control evidence

AI Act

Risk management evidence

Audit Ready

Evidence export

GDPR Compliance

Right to Erasure

Article 17 - Data deletion requests

AGEI tracks data deletion requests with complete audit trail and cryptographic proof of deletion.

Implementation:

  • data_deletion_requests table
  • • Privacy gate evaluation
  • • Deletion receipts with hashes
  • • Cross-system tracking
  • • Evidence pack to support privacy review, internal audit, legal assessment, or regulator response

Consent Management

Article 7 - Consent records

Consent tracking with versioning, timestamps, and immutable records for regulatory compliance.

Features:

  • consent_records table
  • • Purpose-specific consent
  • • Withdrawal tracking
  • • Consent version history
  • • Privacy event audit trail

Data Portability

Article 20 - Export user data

Export all user data in machine-readable format for data portability requests.

Capabilities:

  • • JSON export of all user data
  • • Includes all receipts and decisions
  • • Machine-readable format
  • • Complete evidence lineage

Privacy by Design

Article 25 - Built-in privacy

AGEI implements privacy controls at the infrastructure level with RLS and encryption.

Measures:

  • • Row-level security isolation
  • • AES-256 encryption at rest
  • • TLS 1.3 in transit
  • • Automatic data minimization

AI Governance & Regulation

EU AI Act Readiness

High-risk AI system evidence support

Note: AGEI can help preserve evidence related to risk management, human oversight, recordkeeping, and technical documentation workflows. It does not determine whether a system satisfies EU AI Act obligations.

Risk Management (Article 9)

  • • Policy gates for risk assessment
  • • Continuous monitoring via anomaly detection
  • • Documented risk evaluations
  • • Mitigation evidence trail

Technical Documentation (Article 11)

  • • Complete model lineage
  • • Training data evidence
  • • Validation results
  • • Deployment approvals

Record Keeping (Article 12)

  • • Automatic activity logging
  • • Inference request tracking
  • • Immutable audit trail
  • • Retention policy support

Human Oversight (Article 14)

  • • HITL governance framework
  • • Critical decision escalation
  • • Documented human review
  • • Override capabilities

Model Governance

Complete lifecycle governance for AI models with policy enforcement and evidence trails.

Governance Points:

  • • Training data validation
  • • Accuracy & bias thresholds
  • • Deployment approval gates
  • • Drift detection & retraining
  • • Decommissioning evidence

Bias & Fairness

Policy gates can enforce bias and fairness metrics before model deployment.

Evaluated Metrics:

  • • Demographic parity
  • • Equalized odds
  • • Disparate impact
  • • Statistical parity difference
  • • Custom fairness constraints

Audit Pack Export

Regulatory Evidence Packages

Export evidence to support regulator, auditor, legal, or internal review

What's Included:

  • All receipts for specific model/agent/workflow
  • Policy evaluations with outcomes and reason codes
  • HITL requests and human reviewer decisions
  • Anomaly alerts and security incident responses
  • Vault objects with cryptographic signatures
  • Complete metadata and timestamps

Export Features:

  • Sealed archives for immutability
  • Merkle proofs for batch verification
  • Portable evidence format (JSON)
  • Independent verification tools
  • Compliance report generation
  • Regulator-friendly documentation

SOC 2 Evidence Support

Note: AGEI may support evidence collection for SOC 2 control review, but SOC 2 readiness and attestation require formal control design, implementation, testing, and independent assessment.

Security

  • • RLS policies
  • • Encryption
  • • Access logs

Availability

  • • Supabase SLA
  • • Monitoring
  • • Backups

Integrity

  • • SHA-256 hashing
  • • Immutable logs
  • • Audit trail

Confidentiality

  • • Data isolation
  • • RBAC
  • • Encryption

Privacy

  • • GDPR controls
  • • Consent mgmt
  • • Data deletion

Industry Standards & Frameworks

NIST AI RMF

AI Risk Management Framework compliance with risk assessment, monitoring, and governance controls.

ISO 42001

AI Management System standard with policy enforcement and evidence documentation.

OECD AI Principles

Transparency, accountability, and human oversight aligned with OECD recommendations.