Evidence with citations
Every control finding is grounded in a source document and section. Reviewers and auditors can trace any claim back to where it came from - not to a model's recollection.
Governed run replay
Live - no signup
Govern AI systems under your controls.
Watch a governance officer sign off.
A governed AI-governance run, replayed end to end: source-grounded evidence, deterministic control checks across multiple frameworks, then a human approval gate where a governance officer signs off - obligations phase in over multiple milestones.
Read-only replay of an illustrative run - no inputs, no production credentials.
- Source-grounded control evidence with citations
- A human sign-off gate across multiple frameworks
- A tamper-evident proof packet
- Self-hosted, EU-hosted - under your controls
EU AI Act governance
run_3c77abai-governance/v2
Run receivedstatus
Control evidence extractednode
Framework controls checkednode
Cross-border data policy triggernode
Readiness score 88/100 - strongnode
Human approval gateapproval
A real governed run, replayed in full below - ending in a human sign-off and an auditable proof packet.
Ready to run - press play
Run received
Control intake & evidence extraction
Deterministic control checks
Policy-trigger checks
Readiness scoring
Human approval gate
Proof packet recorded
Review complete
Watch a governed run, end to end
Eight events, exactly as the platform recorded them - from intake to a human sign-off gate across frameworks. Nothing is simulated past what you see here.
status - seq 1
Run received
An AI-system governance review was submitted across multiple control frameworks. The run is registered against flow ai-governance/v2 and begins under the workspace's controls - every step from here is recorded.
SubjectAI-system governance review
Flowai-governance/v2
Run idrun_3c77ab
RegionEU
node - seq 2
Control intake & evidence extraction
Three artifacts were parsed and source-grounded control evidence was extracted - each finding carries a citation back to the document and section it came from.
Technical documentation - intended purpose and data governance
Risk register - residual-risk treatment and monitoring
Model card - evaluation, limitations, and human oversight
node - seq 3
Deterministic control checks
Deterministic checks ran against controls designed to support multiple frameworks. Most passed - one mitigation is outstanding, which the sign-off later accounts for.
Human-oversight control aligned with EU AI Act Article 14
Risk-management process aligned with NIST AI RMF and ISO 42001
One residual-risk mitigation outstanding
node - seq 4
Policy-trigger checks
Workspace policies were evaluated against the extracted evidence. One policy trigger fired on cross-border data transfer.
Data-quality control aligned with SOC 2 criteria
Cross-border training-data transfer requires sign-off
node - seq 5
Readiness scoring
The findings were combined into a composite readiness score. The score is strong but a mitigation is outstanding, so the run is routed to a governance officer rather than auto-cleared.
88/ 100Strong
0 - gaps75 - sign-off threshold100 - strong
Above the 75 threshold but with an outstanding item -> routed to a human sign-off gate. No attestation is issued automatically.
approval - seq 6
Human approval gate
Governance sign-off
gate: governance-signoff
A governance officer examined the run and signed off at the gate across EU AI Act, NIST AI RMF, ISO 42001, and SOC 2 controls designed to support compliance. The outstanding mitigation is tracked with an owner and due date as part of the sign-off.
Controls aligned with EU AI Act, NIST AI RMF, ISO 42001, and SOC 2 requirements
Outstanding logging-retention mitigation tracked with an owner and due date
output - seq 7
Proof packet recorded
ai-governance_run_3c77ab.packetsha256:3c77...ab19
Decision
SIGNED OFF
Sign-off recorded with one tracked mitigation. PrivateFlow is not certified; controls are designed to support compliance.SIGNED OFF
Reasons
Controls aligned with EU AI Act, NIST AI RMF, ISO 42001, and SOC 2 requirements
Outstanding logging-retention mitigation tracked with an owner and due date
Evidence (source-grounded citations)
Technical documentation annex-iv 2.1
Risk register risk-reg 12
Model card model-card 3
Written once to a tamper-evident, append-only audit ledger - decision, officer, reasons, and evidence.
done - seq 8
Review complete
Finished with a recorded, auditable human decision
The run ended exactly where governance required: a person decided, the decision is logged, and there is a proof packet anyone can audit later. The sign-off is a human decision, not an automated attestation.
OutcomeSigned off at human gate
Decided byAI governance officer
Proof packetrun_3c77ab
Events recorded8 of 8
What just happened
Three governance moments, in one run.
The replay is not a chatbot demo. It is the control plane doing its job: grounding, gating, and proof - the parts a regulator asks about.
A human gate across frameworks
A strong readiness score with an outstanding item routes to a governance officer, not an auto-attest. Here the officer signed off across EU AI Act, NIST AI RMF, ISO 42001, and SOC 2 controls designed to support compliance - with the mitigation tracked.
A tamper-evident proof packet
The decision, the officer, the reasons, and the cited evidence are written once to an append-only audit trail. Months later, you can prove exactly what was reviewed and signed off.
Built for regulated teams - designed to run under your controls
Self-hosted
EU AI Act controls
GDPR controls
Audit trail
Data sovereignty
PrivateFlow is not certified under any compliance framework. Controls are designed to support compliance preparation. Where the EU AI Act applies, high-risk obligations carry penalties up to the EUR 15M / 3% of worldwide annual turnover tier; this run is an illustrative, synthetic example.
See it on your own data
Run this on your own AI systems.
We'll stand up a governed pilot on your own data - sandbox first, no production credentials required. You decide what the gates do.