Skip to main content
Governance is the layer that turns “we can see what the agent does” into “we know it’s allowed to do that”. Use it to enforce policies before runs reach users, score risk per app, gather evidence with a review workflow, and run repeatable assessments.

What’s inside

Policies

Define and assign governance rules, evaluate them against runs, score compliance.

Evidence

Collect, review, and approve evidence — automated or manual.

Assessments

Dynamic questionnaires with weighted scoring.

Risk Dashboard

Six-dimensional risk score per app, rolled up to the org.

AI Registry

Catalogue of models, deployments, and ownership.

How governance fits together

The AI Registry is the inventory layer — what exists in your portfolio. Policies and Assessments produce the inputs to risk scoring. Evidence is the artefact layer that proves controls are met. Risk rolls up the four into a single per-app score, and Compliance translates the score into framework-specific status.

When to start where


Compliance

Map controls to EU AI Act, NIST AI RMF, and ISO 42001.

Observability

The telemetry that policies and risk scoring read from.
Last modified on June 3, 2026