Pre-execution policy enforcement
Every inference call is policy-checked before the model responds. Allowlist models per route, set per-user budgets, declare PII rules, gate tool calls behind approvals. Bad requests never reach the provider.
Financial services
AI in finance, with the audit trail your tender already requires.
AqtaCore sits in front of every LLM the bank uses and writes a single tamper-evident audit trail of every AI decision. One signed receipt format, every provider, regulator-verifiable offline.
Maps to the EU AI Act (Article 50 transparency from 2 August 2026, Annex III from 2 December 2027 under the Digital Omnibus phased rollout), DORA Article 6, and MiFID II Article 16. Equivalent recordkeeping in other jurisdictions on request.
What ships in the pack.
Signed at inference, chained at export
Each cleared decision returns a cryptographically signed receipt. Receipts are hash-chained at audit export so any insertion, deletion, or edit is detectable by any reader. Regulators verify offline against a published public key, no Aqta server in the trust path.
DORA Article 28 register, generated as it happens
Article 28 requires banks to maintain a Register of Information of what every ICT third party did. Receipts are that register, written the moment the decision happens. Exit strategy is built in: the verifier is open source on public registries, so the bank keeps the evidence after switching providers.
Compliance pack mapped to the actual articles
EU AI Act Articles 12 + 14. DORA Articles 6 + 28 ICT-risk evidence and third-party register. MiFID II Article 16 automated record-keeping. NIS2 incident handling. Export the evidence the supervisor asks for, in the shape they ask for.
Vendor-neutral, model-agnostic
You do not standardise on one provider to get evidence. AqtaCore sits in front of every major LLM (OpenAI, Anthropic, Google, Mistral, Bedrock, Azure, xAI, Cohere). The signed receipt is identical regardless of which model served the call.