Skip to content

Governance — controls for AI use in regulated organisations

Governance programme mark

Implemented infrastructure for browser-native DLP, policy enforcement, audit evidence, and controlled AI-workflow deployment.

cybiont Governance is built for organisations that need to let employees use AI systems without losing control over confidential data, policy boundaries, and audit evidence.

The substrate targets AI deployments in regulated industries — finance (FINMA), critical infrastructure (EU AI Act), Swiss and EU data residency.

Stack at a glance

  • Model layer. Foundation / fine-tuned LLMs and tool-use agents.
  • DLP layer. Browser-native enforcement at the human–AI boundary; semantic classification of outbound content. Implemented commercial product line.
  • Governance layer. Policy enforcement and audit evidence around the human–AI boundary. Implemented / controlled deployment.
  • Data and residency. CH/EU control; BYO-cloud datasets.
  • Deployment. Azure, AWS, GCP, on-premise / air-gapped.
  • Audit evidence. Tamper-evident records of inputs, outputs, and policy decisions, retained under client control.

The platform is infrastructure-agnostic: control and audit evidence remain with the client, not the hyperscaler.

Core modules

Data-leak prevention (DLP) — implemented commercial product line

Browser-native controls at the human–AI boundary. Sensitive content is classified before it leaves the tenant; policy decisions are recorded for audit and review.

Compliance ledger — implemented / diligence available

Tamper-evident evidence record for AI interactions and policy decisions, supporting regulator-facing and internal audit workflows. Technical diligence is available under mutual NDA.

Details →

Governance workflow — implemented / controlled deployment

Risk-adaptive policy and review workflow for human and AI-assisted work. It enforces access, review, escalation, and evidence capture across client-controlled deployments. Deployment scope is agreed case by case.

Details →

Trusted execution — deployment architecture / partner-dependent integration

Deployment pattern for workloads requiring stronger isolation, client-held key material, and deployment-specific evidence capture. Integration depends on the client environment and infrastructure partner.

Details →

Regulatory alignment

Designed for financial-sector AI governance and the risk-based compliance structure of Regulation (EU) 2024/1689 (EU AI Act). Swiss jurisdiction. nDSG / GDPR-compliant data handling.

Request a compliance briefing →