Governance infrastructure for AI agents in regulated organizations

Your AI agents operate without governance.
FluxAI is the layer that enforces it.

Deterministic enforcement and automated regulatory incident response across DORA, NIS2, GDPR, and the EU AI Act.

What governance failure looks like

Three industries. Three failures. One architecture.

Ninety seconds. What happens when an AI agent acts in finance, law and healthcare without governance — and what changes when DARMA is in place.

FluxAI

What happens when an AI agent
acts without governance?

Three regulated industries. Three failures. One architecture.

01 / 09

Product · Runtime

DARMA Runtime Governance

Deploy AI agents. Keep the audit clean.

AI agents act; DARMA decides whether to let them. Every action is checked at the boundary before it lands. Deterministic, not an LLM judging another LLM. The agent proposes, the policy engine validates, the human approves where required. The three roles never merge. The same architecture protects a payments pipeline, a case-management system, or a clinical workflow.

For CTO, CISO and platform security leads.

Every action is checked before it lands.

Every action an agent attempts is routed through DARMA before it touches anything outside the boundary. The decision lands in under a millisecond, so the agent does not feel the check and nothing bypasses it.

The model never sees regulated data.

Sensitive fields are redacted before the prompt reaches the model, replaced with tokens that preserve the prompt structure. The model works on what it is authorised to see, nothing else.

Every decision is on the record.

Every agent decision is cryptographically chained and tamper-evident, exportable in formats an auditor expects. When the regulator asks who authorised the agent and what it touched, the answer is one query away.

When governance breaks, the agent stops.

If the policy engine is unreachable, the action is denied. There is no silent failure mode and no 'allow by default' fallback that lets actions through when nothing is watching.

Pricing

Pilot

30,000 DKK / month

Up to 5 agents. All 5 DARMA layers, Audit Ledger export and email support. 90-day pilot scope.

Standard

75,000 DKK / month

Up to 25 agents. All 5 DARMA layers, Audit Ledger export, production SLA and business-hours support.

Enterprise

From 125,000 DKK / month

Unlimited agents. Everything in Standard plus a dedicated engineer, code review, custom policy authoring and dedicated support with onboarding.

How DARMA runs in production

Five layers between your AI and your business.

Your agent proposes. DARMA decides at every layer. The audit holds. Below is what each of DARMA's five layers does on every action, in real time.

Wants to look at data or take an action

Your AI agent

Request or proposed action
D

Before the agent is activated

Check who is allowed to use it.

Authenticated identity, time-bounded scope. The same agent acting on behalf of two different users is treated as two different agents.

Airlock

A

At deploy and at runtime

Define what the AI is allowed to do.

Policy declared as code, reviewed before deploy, evaluated at every step against the agent's current permissions and capabilities.

Agent Shield

R

On every data access and every action

Filter inputs, gate outputs.

Sensitive fields are redacted before the prompt reaches the model. Every action is evaluated against your policy before it lands. Sub-millisecond, deterministic, not another LLM.

Gateway Scrubber + Agent Firewall

M

Continuously, in the background

Check that the model has not drifted.

Behavioural baselines. Sleeper agent detection. Alignment-faking checks. Periodic automated reviews against the model's expected behaviour.

Swarm Auditor

A

Across the full lifecycle

Record every decision, tamper-evident.

Every action, every decision, every alert is cryptographically chained. Auditors and regulators read one record. Nothing can be quietly altered later.

Audit Ledger

Allowed or blocked

The action runs only if it was allowed

Your live systems

DECISIONS ARE MADE BY FIXED RULES, NOT BY ANOTHER AI

DARMA Runtime in practice

Two production moments. Two answers a regulator can verify.

Bank · payments authorization

A Nordic bank's agent proposes a 50M DKK transfer. DARMA checks the bank's risk rules in real time, then either lets the transfer move or routes it to a human approver. When the regulator asks who authorised the transfer, the answer is in the chain, not in someone's memory.

Advisory · confidential client data

An agent drafts client correspondence at an advisory firm. The brief contains confidential content. DARMA strips the confidential fields before the prompt reaches the model. When the regulator asks whether confidential data was shared with a third-party model, the answer is no, and the audit log proves it.

Product · Compliance

Compliance Mapper™

One incident, every regulator, on the clock.

When something goes wrong, regulators want a report within hours. Compliance Mapper takes the one confirmed incident and produces the exact filing each authority asks for. NIS2 to the national CSIRT, GDPR Article 33 to the DPA, DORA major-incident to the FSA. Each draft is built field-by-field against ENISA, ESMA, and Datatilsynet's own published submission requirements. Bank MRM handles the governance side before that point. Together, the two flows write to one tamper-proof audit trail: one record that answers what happened, when, who did it, and what was approved.

For GRC, CISO, DPO and incident-response teams in regulated organisations.

New

Bank MRM Programme Pack

A new way to turn AI risk into something a regulator can audit. Built for banks under EU AI Act and DORA, it operationalises the model risk framework the industry is starting to be measured against.

Read about the product and test how your AI will hold up when the regulator walks in →

Write the incident once.

All framework drafts pull from one shared incident record, so when the facts change every draft updates from the same source. Nothing is copy-pasted between reports, and version drift cannot creep in.

No deadline can slip.

GDPR runs at 72 hours, NIS2 at 24, DORA at 4. Every clock starts at confirmation and runs on the database, not on a reviewer's laptop, so a paused review or a sleeping computer cannot make you late.

Every change is provable.

Every change is signed and appended to the chain, so you can recall any past state of the audit and detect tampering after the fact. This is the record the supervisor reads.

Only the right person can sign.

GDPR drafts route to the DPO and DORA and NIS2 to the CISO, and any approval from outside the framework's authorised role is blocked at the system level and logged. Approval is a system event, not an email reply.

Pricing

Pilot

20,000 DKK / month

Single legal entity. All framework drafts (NIS2, GDPR, DORA), tamper-evident audit trail and email support. 90-day pilot scope, production deployment.

Standard

45,000 DKK / month

Up to 5 entities. All framework drafts, cross-jurisdiction reporting, tamper-evident audit trail and business-hours support.

Enterprise

75,000 DKK / month

Group level, unlimited entities. Everything in Standard plus dedicated review queues per entity, the Bank MRM module and dedicated support with onboarding.

How an incident flows through Compliance Mapper

Five steps from confirmation to audit-ready evidence.

When something goes wrong, regulators expect a report within hours. Below is the path from confirmation to a tamper-proof evidence bundle.

1

Mark and classify

Someone confirms the incident is real. The tool checks it against each authority's rules and identifies who needs to know. One incident often triggers two or three regulators at once.

2

Start every clock in parallel

Each authority's deadline runs independently on the database, not on a reviewer's laptop. GDPR at 72 hours, NIS2 at 24, DORA at 4. Nothing slips because two clocks did not sync.

3

Draft and review

Each authority's official form is filled from one shared incident record. Your specialist reads each draft and adds what needs interpretation. Every edit is recorded.

4

Approve and submit

Only the right approver can sign off, enforced by the system rather than by an email reply. You submit through each regulator's channel and the receipt is captured against the case.

5

Hand the auditor one file

Later, when an auditor asks what happened, who did what, and what was approved, you hand them one tamper-proof file that answers all of it.

Every step writes to the same tamper-proof record. Years later, an auditor can read one complete answer to what happened, when, who did it, and what was approved.

Failure modes

How compliance reports actually fail.

None of these failures involve an attacker. All of them involve a tired human, a tight deadline, and a missing safeguard. Mapper closes all six.

The midnight typo

Someone fixes a small mistake in an already-submitted report. No one logs it. Six months later the regulator finds the original copy. Here, the chain shows the edit the moment anyone tries.

The wrong sign-off

The DPO is on holiday. IT approves the GDPR notice to make the 72-hour window. The DPA later asks who authorised it. Here, only the DPO can. The system blocks the rest.

The erased past

A minor incident is reclassified as major three days in. The old draft is overwritten. The supervisor asks what changed and when. No one can answer. Here, reclassification adds to history. It never replaces it.

The deadline that slipped

The 72-hour timer runs on a reviewer's laptop. The laptop sleeps overnight. The notification goes out six hours late. Here, timers run on the database. No laptop in the path.

The report that disagrees with the log

The submitted PDF says the breach was discovered at 14:00. The internal log says 11:00. The regulator notices. Here, the PDF and the audit chain carry the same metadata. They cannot disagree.

Four hours pasting from Slack

DARMA flags a policy breach at 02:00. An engineer pastes context from Slack into Mapper, types up the incident, and the 4-hour DORA window closes at 06:00. Here, Runtime sends the incident straight in. No paste.

How this works

Three steps from first conversation to production.

Three defined steps. You can stop after any one and walk away with what you have.

Step 1 · Assessment

Honeypot Assessment

5 business days · 25,000 DKK

The audit tests your AI agents in a controlled environment to find where governance is missing and what would have to change. The result establishes the right scope and price for the pilot, and it stands on its own as a baseline you can show your board or your auditor.

Assessment details

Step 2 · Pilot

Pilot in your environment

90 days · From 20,000 DKK / month

The chosen product runs in your environment for 90 days, in production, not a demo or a slide deck. DARMA Runtime governs up to 5 agents. Compliance Mapper handles incident reporting for one legal entity. Either side can end the engagement at 90 days.

Step 3 · Production

Standard or Enterprise

Month-to-month · From 45,000 DKK / month

Full month-to-month deployment. Standard scales DARMA Runtime to 25 agents or Compliance Mapper to 5 legal entities. Enterprise covers larger scope and dedicated support.

Why organizations buy FluxAI now.

EU AI Act

High-risk obligations: December 2027

The delay is not permission to wait — it is implementation runway. Article 14 human oversight, Article 15 accuracy and robustness, Article 12 logging still apply. Retrofitting is harder than designing in.

EU AI Act, Article 9(2)

The risk management system shall be understood as a continuous iterative process planned and run throughout the entire lifecycle of a high-risk AI system, requiring regular systematic review and updating.
Jesca Martaeng

About

I have seen what happens when compliance fails from the inside.

I am Jesca Martaeng, founder of FluxAI. Fifteen years inside Danish public administration as financial consultant, masterdata consultant, and AI implementation lead took me from sensitive personal data in child welfare to municipal budgets and regulatory compliance. I shipped AI invoice processing at Fredensborg Municipality in two months, and my governance advisory at Gentofte Municipality contributed to its first clean external audit in four years.

Across those systems I have seen that the model is almost never what fails. When AI goes wrong in production, the postmortem usually points to something operational: missing logs, no clear agreement on who owned which decisions, or behaviour that drifted while nobody was watching. FluxAI runs the policy engine inside the system at runtime, which is how it stops those failures from happening unnoticed in the first place.

Currently

This June I present research at the AI Transparency Conference in Nürnberg on why human oversight of AI does not survive production. The more tools in use, the higher the error rate. The conclusion is architectural: the system has to enforce what people stop checking. Conference details →

My submission to the UN Global Dialogue on AI Governance (Geneva, July 2026) has been accepted for publication. It argues that agentic AI systems need runtime enforcement and cross-jurisdictional audit log standards, not policy documentation alone.

FluxAI is an acknowledged contributor to IMDA Singapore's Model AI Governance Framework for Agentic AI, listed under its earlier name Flux AI. View the framework →

Insights

Latest from the FluxAI Substack.

I write about what I see breaking in AI governance, and what the fixes look like. Follow along on Substack.

Read all posts on Substack →

Questions

What buyers ask.

Where does our data go?

DARMA Runtime is deployed inside your environment — on-premises, in your VPC, or in your existing cloud account. Compliance Mapper deploys the same way, or as a managed service within EU jurisdictions. Specifics are confirmed at pilot scoping.

Does the model see our PII?

No. The Gateway Scrubber filters PII fields out of the prompt before it reaches the model. Filtered fields are replaced with tokens that preserve the prompt structure without exposing personal data. The model never sees what it is not authorized to see.

What happens if the policy engine is unreachable?

Fail-closed by default. The agent action is denied. Silent failure is not a state the system allows. The fail mode is configurable per policy if you have a different requirement.

Do you have SOC 2 or ISO 27001?

FluxAI provides a GDPR-compliant DPA. The architecture is designed for SOC 2 certification and aligns with EU AI Act Article 14 on effective human oversight. Audit timeline shared at pilot scoping.

Doesn't ISO 27001 already cover this?

Your organization may already hold ISO 27001 or similar certifications. DARMA does not replace them. It covers the AI-specific risks they were not designed for: model drift, autonomous agent decisions, PII exposure through inference, and behavioral integrity over time.

Can we audit your code?

Yes. Code review is part of the Enterprise tier engagement. The Airlock policy specification is open source on GitHub.

What happens to our data if we end the engagement?

All customer data and audit trails are exportable in standard formats. No lock-in by data format. Audit ledgers can be self-hosted from day one if you prefer.

Who maintains the system in production, and what is the SLA?

DARMA Runtime is deployed inside your environment, so day-to-day operation sits with your team. FluxAI provides incident response and policy updates against a response-time SLA defined per tier. The architecture is documented and the policy spec is open source, so your team can self-manage. Escalation paths and response windows are agreed at pilot scoping.

See where you stand.

Together we walk through where your agents stand, which DARMA layer is missing enforcement, and whether Runtime Governance or Compliance Mapper is the right place to start.

Book a conversation