Veridra
Built for regulated environmentsEU AI ActNIST AI RMFSR 11-7ISO 42001 (mapped)SOC 2 (in progress)
PlatformSolutionsArchitectureTrustDevelopersCompanyRequest review
Platform · Govern

Every AI system, mapped to the obligations that govern it.

Framework crosswalks, risk tiering, and policy-as-code. The governance substrate every other module builds on.

What Govern does

Govern is the inventory, classification, and policy surface for every AI system in your enterprise. It answers three questions auditors ask first: what systems do you have?, what risk tier is each?, and what obligations apply to each?

Every system registered in Govern is classified against the frameworks that apply to your jurisdictions. An underwriting model deployed in a US bank doing EU business gets SR 11-7 controls, EU AI Act Article 9 risk management, NIST RMF Govern/Map/Measure/Manage functions, and (if certifiable) ISO 42001 — all mapped to the same inventory record.

Policies are written once in Rego, versioned in Git, and enforced at inference time. The same policy that blocks a risky credit decision also generates the evidence that the policy was enforced.

Core capabilities

System inventory

Every AI system registered with owner, purpose, training data source, deployment region, risk tier. Changes tracked with signed diffs.

Framework crosswalks

EU AI Act Articles 9/12/14/15/72, NIST AI RMF functions and categories, SR 11-7 model validation requirements, ISO/IEC 42001 controls — all mapped to each registered system.

Policy-as-code

Rego policies version-controlled in Git. Breaking policy changes require signed approval. Every enforced decision references the policy version active at that moment.

Risk register

Risks identified, tracked, and linked to specific AI systems. Incidents, drift events, and policy violations feed into the register automatically.

Human-approval routing

High-risk decisions routed to named human reviewers with tenant-specific approval chains. Approvals are themselves signed evidence.

How Govern relates to Attest and Watch

Govern defines what should be true. Attest proves what actually happened at decision time. Watch detects when the two diverge.

A policy in Govern becomes an enforcement check in Attest's signer. A violation of that check becomes a signed incident in Watch. Evidence packs pull from all three.

Next: Attest Request a review