Compliance Matrix
How AgenticRail's deterministic enforcement gate, cryptographic receipts, and per-step attestation satisfy AI governance requirements across 60+ frameworks on 4 continents — including verbatim regulatory language matches in FDA, NIST 800-53, SEC, and Canada TBS. One infrastructure. Every regulation.
60+
Frameworks covered
4
Continents
30+
Articles satisfied
0
Code changes needed
Per-step attestation — deliverable contracts in every receipt
Every gate call accepts an optional attestation object. Whatever you pass — a document hash, an approval ID, a KYC check result, a human sign-off token — is signed into the R2 receipt at that step. Immutable. Chained. Cryptographically bound to the enforcement decision.
This amplifies every row in this matrix: where the baseline receipt proves what ran and when, attestation proves what evidence justified it. A payment rail can embed a fraud-check score at assess_risk. A hiring pipeline can embed a bias-audit token at evaluate_candidate. A pharma workflow can embed a batch-release hash at approve_batch. Each one becomes a structural compliance artifact — not a log entry, not a claim, a signed fact.
EU AI Act
| Article | Requirement | How AgenticRail satisfies it | |
|---|---|---|---|
| Art. 9 | Risk management system for high-risk AI systems | The gate is the risk management control — it enforces the sequence at infrastructure level. Every ALLOW is a risk acceptance decision with a cryptographic receipt. Every DENY is a risk mitigation with a recorded reason. Receipt: DENY/HALT receipts are the risk management log. |
✓ |
| Art. 10 | Data governance — training data must be demonstrably free of bias | While AgenticRail doesn't govern training data, it enforces that any AI system using that data follows a validated sequence. The receipt chain proves the system operated as designed — a prerequisite for demonstrating data governance. Proof: Receipts show the operational pipeline was followed. Bias in the pipeline is visible in the receipt log. |
✓ |
| Art. 11 | Technical documentation — drawn up before deployment, kept up to date | Receipt chains ARE the living technical documentation. Every system version, every enforcement decision, every policy change is recorded as a signed receipt. The report generator produces an Article 11-ready compliance report in seconds. | ✓ |
| Art. 12 | Record-keeping — automatically recorded logs during system operation | Receipts are generated at decision time by the infrastructure layer, not the application. HMAC-signed. Chained. Immutable. Cannot be edited by the AI agent. This is the definition of "automatically recorded, tamper-evident logging." | ✓ |
| Art. 13 | Transparency — capabilities, limitations shared with deployers | The public verification portal at report.agenticrail.nz lets deployers independently verify enforcement. No access to the provider's systems needed. The receipts speak for themselves. |
✓ |
| Art. 14 | Human oversight — effective oversight capable of intervention | The gate IS the oversight mechanism. If a step fails, nothing proceeds. Human oversight is enforced architecturally — not as a procedural afterthought. The receipts prove the oversight was active for every decision. Design: Fail-closed. Ambiguity → HALT. No uncertainty → ALLOW. Attestation: Embed the human approver's ID or sign-off token at the approval step. The receipt now proves not just that oversight ran, but who approved and what evidence they acted on — satisfying Art. 14(4)(b) "appropriate human-machine interface." |
✓ |
South Korea AI Basic Act
| Article | Requirement | How AgenticRail satisfies it | |
|---|---|---|---|
| Art. 33 | Safety assurance — high-impact AI operators must ensure safety | The gate enforces safety at the step level. An unsafe sequence cannot proceed. Every ALLOW is a safety assurance decision with a cryptographic receipt. Design: Before each step, the gate evaluates: is this the right step, at the right time, by the right caller? If not → DENY. |
✓ |
| Art. 36 | Impact assessment submission — documentation for high-impact systems | Receipt chains are the evidence for impact assessments. They prove the system operated within its designed parameters — not a claim, a cryptographic record. | ✓ |
| Art. 40 | User notification — affected persons must be informed | Receipts provide the evidence that notification obligations were met. Each step in the notification sequence generates a receipt. The chain proves notification happened in the correct order. | ✓ |
Digital Operational Resilience Act (DORA)
| Article | Requirement | How AgenticRail satisfies it | |
|---|---|---|---|
| Art. 17 | ICT incident management — detect, record, report | Every DENY and HALT receipt IS an incident record. Automatically generated at detection time. Includes timestamp, reason code, and sequence context. Attached to the enforcement chain. Receipt: DENY = incident. HALT = critical incident. Both are recorded at infrastructure level. |
✓ |
| Art. 24 | Third-party ICT risk — providers must demonstrate resilience | AgenticRail is deployed on Cloudflare's global network (330+ data centers). Durable Objects provide consistent state. The status page shows live component health. The 1M test proved resilience at scale. | ✓ |
FDA 21 CFR Part 11 — Electronic Records
| Article | Requirement | How AgenticRail satisfies it | |
|---|---|---|---|
| §11.10(f) | Operational system checks to enforce permitted sequencing of steps and events | Verbatim AgenticRail. The gate enforces exact step order at the infrastructure layer. Every step must execute in the permitted sequence. This is the single strongest regulatory language match of any framework anywhere. Design: "permitted sequencing of steps and events" — the regulation describes the product. |
✓ |
| §11.10(e) | Secure, computer-generated, time-stamped audit trails retained as long as the subject electronic records | HMAC/Ed25519 signed receipts in R2 immutable storage. Computer-generated at decision time. Retained per plan (7 days to multi-year). Cryptographic chain proves no insertion or deletion. Receipt: Every ALLOW/DENY is a §11.10(e)-compliant audit trail entry. Attestation: Embed the batch release hash, QC result, or regulatory submission ID at each step. FDA inspectors get a single signed artifact that shows both the action taken and the evidence that justified it — satisfying §11.10(e)'s requirement that the audit trail be complete enough to reconstruct the event. |
✓ |
NIST SP 800-53 → FedRAMP → CMMC 2.0
| Control | Requirement | How AgenticRail satisfies it | |
|---|---|---|---|
| AU-9(3) | Cryptographic mechanisms to protect the integrity of audit information and audit tools | Every receipt is HMAC-SHA256 or Ed25519 signed. Canonical JSON ensures deterministic hashing. Receipt chain prevents insertion/deletion. Proof: 1M enforcement requests, zero corrupted receipts. |
✓ |
| AU-10 | Non-repudiation — prevent an actor from falsely denying having performed an action | AU-10(2) explicitly calls out "cryptographic checksums." AU-10(3) requires hash-chained "chain of custody." Every receipt embeds the previous receipt's pack_id — the chain IS the custody log. Attestation: Attach the actor's credential or authorisation token at each step. The signed receipt binds the action, the actor, and the evidence together — making denial structurally impossible, not just procedurally difficult. Satisfies AU-10(3)'s "binding of identity to actions." |
✓ |
| SI-7(6) | Cryptographic protection of software, firmware, and information integrity | Receipt payload_hash captures the raw request body. Sequence integrity is enforced by the gate. Tampering is cryptographically detectable. DOD: $200M agentic-AI contracts. CMMC assessors now expect "cryptographic chaining or write-once." |
✓ |
SEC Rule 17a-4 + PCI DSS
| Regulation | Requirement | How AgenticRail satisfies it | |
|---|---|---|---|
| SEC 17a-4(f)(2)(i) | Electronic recordkeeping: complete time-stamped audit trail with cryptographic identity binding (path A) OR WORM (path B) | AgenticRail satisfies BOTH simultaneously. Receipts = path A (audit trail). Immutable R2 storage = path B (structurally WORM). FINRA Rule 4511 and Advisers Act Rule 204-2 share the same requirement architecture. Dual path: Receipts satisfy audit-trail requirement. R2 object immutability satisfies WORM requirement. No choosing required. Attestation: SEC 17a-4(f)(2)(i) requires the audit trail be "complete." Embedding a trade authorisation ID, compliance check result, or pre-trade approval token at each step makes the record complete by construction — regulators see the decision and the evidence in a single signed artifact. |
✓ |
| PCI DSS 10.3.4 | File integrity monitoring on audit logs | Receipt chain linkage IS file integrity monitoring. Every receipt verifies the previous receipt's hash. Any alteration is instantly detectable. Chain: receipts[i].prev_receipt_id === receipts[i-1].pack_id — structural FIM. |
✓ |
| PCI DSS 10.7.2 | Detection and alerting of critical security control failures | DENY and HALT receipts ARE control-failure detections. Generated at infrastructure level at failure time. Include timestamp, reason code, and sequence context. | ✓ |
EU Product Liability Directive 2024/2853
| Article | Requirement | How AgenticRail satisfies it | |
|---|---|---|---|
| Art. 9 | Courts may order disclosure of evidence on a plausible claim | Receipts are court-disclosable evidence. HMAC-signed, chained, immutable. Can be produced without exposing model weights, training data, or proprietary system internals. Strategic: Receipts are the evidence you want to disclose — they prove correct operation without exposing IP. |
✓ |
| Art. 10 | Rebuttable presumption of defectiveness if disclosure fails, if mandatory safety requirements are breached, or if technical complexity makes it hard for claimants | Receipts pre-empt ALL THREE presumptions. (1) They satisfy disclosure obligations. (2) They prove safety requirements were met. (3) They make the system's operation understandable without requiring expertise in the underlying AI model. Litigation insurance: Receipts transform "the AI did something wrong" claims into falsifiable statements — the receipt shows exactly what happened. Attestation: Embed the safety check result, conformity assessment reference, or human sign-off at each step. Under Art. 10(1)(a)–(c), the presumption is rebutted when you can show the product met safety requirements. A receipt chain with attestation is that showing — litigation-ready, signed, and complete before any claim is filed. |
✓ |
Singapore IMDA Agentic AI Framework
| Requirement | How AgenticRail satisfies it | |
|---|---|---|
| Agent identity tied to human accountable parties | Every API key is bound to a client identity in D1. Every receipt includes model_id and sequence_id — traceable to the accountable party. The chain proves who authorised what. | ✓ |
| Lifecycle technical controls — "granular identity, bounded access, traceability, and auditable decision-making" | Verbatim AgenticRail. Granular identity (API keys with per-plan rate limits). Bounded access (the gate denies anything not in sequence). Traceability (HMAC-signed receipt chain). Auditable decision-making (public verification portal). Attestation: The Framework specifically requires "auditable decision-making" — knowing not just what the agent did, but why. Attestation closes this gap: embed the inputs, scores, or approvals that drove each decision. Auditors see the evidence, not an assertion. |
✓ |
US State AI Employment Laws
| Regulation | Requirement | How AgenticRail satisfies it | |
|---|---|---|---|
| Illinois HB 3773 | AI anti-discrimination in employment. Employer must demonstrate AI hiring tools are free from discriminatory impact. | Receipts prove the hiring pipeline followed the validated sequence for every candidate. If a bias audit finds disparity, the receipt chain shows exactly which steps ran and in what order — making the audit structural, not speculative. Proof: "This candidate was evaluated identically to that candidate." Receipt chains prove it. |
✓ |
| Colorado SB 24-205 | Comprehensive AI anti-discrimination. Developers and deployers must document risk management. | The gate is the risk management mechanism. Every ALLOW/DENY is a documented control decision. The receipt chain is the documentation. | ✓ |
| Texas TRAIGA | Responsible AI Governance. Risk management, documentation, transparency. | Same architecture satisfies all three. Receipts = documentation. Gate = risk management. Verification portal = transparency. | ✓ |
| NYC Local Law 144 | Automated Employment Decision Tools. Bias audit required annually. | Receipt chains provide the evidence for bias audits. Every decision is logged. Every sequence is provable. The audit is a verification report, not a sampling exercise. | ✓ |
Canada Treasury Board Directive on ADM
| Requirement | How AgenticRail satisfies it | ||
|---|---|---|---|
| §6.3.11 | "Measures to secure data and model integrity to prevent tampering and unauthorized modifications" | Second-strongest verbatim language match after 21 CFR Part 11. HMAC-signed receipt chain with canonical JSON prevents tampering. Immutable R2 storage prevents unauthorised modification. Sequence gating prevents unauthorised execution. Deadline: Legacy-system compliance due 24 June 2026. Two months away. |
✓ |
Emerging Standards
| Standard | Scope | How AgenticRail aligns | |
|---|---|---|---|
| IETF Agent Audit Trail | Standard logging format for autonomous AI systems (draft-sharif-agent-audit-trail) | Receipts are the implementation of the standard. Every receipt includes: decision timestamp, sequence identifier, step name, action type, signing key, signature algorithm, and chain linkage. All fields proposed by the draft. Position: AgenticRail receipts could become the reference implementation. |
✓ |
| ISO/IEC 42001:2023 | AI management systems — requires documented control of AI system behaviour | Receipt chains ARE the documented control evidence. Not a log generated after the fact — a gate decision recorded before the action ran. Audit: Receipts satisfy the "documented information" requirement of ISO 42001 Clause 7.5. |
✓ |
| ISO/IEC DIS 24970 | AI system transparency and traceability — the international logging standard underpinning EU AI Act Article 12 (Draft International Standard, Q4 2026 target) | The slp8_receipt_v2 schema (published May 2026) is a working pre-execution receipt structure for exactly the traceability events the standard addresses. Our published gap analysis identifies four structural absences in the current draft.Prior art: The schema predates the finalised standard — documented evidence, not retrofitted. See the DIS 24970 gap brief. |
✓ |
| CEN/CENELEC prEN 18229-1 | EU harmonised standard for Article 12 logging, Article 13 transparency, Article 14 human oversight (JTC 21; entered Enquiry ballot May 2026, Q4 2026 target) | Receipts provide the logging (Art 12) and the human-oversight evidence trail (Art 14) the standard frames. Published scope addresses event logging; the pre-execution enforcement receipt — the record produced before an action runs — remains an open structural area AgenticRail already implements. | ✓ |
Legal documents
| Document | Version | What it covers |
|---|---|---|
| Terms of Service | v1.5 |
Operating terms for use of the System. Deterministic enforcement, client responsibility, no guarantee of outcomes, fail-closed by design. Governed by New Zealand law. |
| API Terms of Use | v2.5 |
Request contract, rate limits, reason codes, idempotency. Read alongside the main Terms of Service. |
| Privacy Policy | v2.4 |
Data minimisation, GDPR and NZ Privacy Act 2020 alignment, no model training, no marketing sale. Metadata-only retention. |
| Data Processing Agreement | v1.6 |
GDPR Article 28 processor terms. Subprocessor list with flow-down liability. Delete-or-return at the controller's choice. SCCs by reference. Takes effect automatically on first paid API call. |
| EU AI Act Compliance Statement | v2.3 |
Article-by-article mapping: Articles 9, 10, 11, 12, 13, 14, 72 and Annex IV. AgenticRail as infrastructure component, not a high-risk AI system. |