Compliance

One runtime, mapped to every framework your auditors use.

Cortex doesn't just claim alignment — it enforces it at runtime and exports the proof. Pick a framework below to see exactly how controls map, then export an evidence pack straight from the Trust Ledger.

Aligned with — never certified-claimed · EU AI Act · NIST AI RMF · ISO 42001

audit/verify
#101hash ✓#102hash ✓#103hash ✓#104hash ✓#105hash ✓
head 0x9f3a…c1ok: true
verifyChain ▸ chained SHA-256 · signed receipts
Framework explainers

The regulations that govern enterprise AI — and how Cortex aligns.

Plain-language guides to the frameworks regulated teams answer to, each paired with the exact Cortex controls that satisfy them. Honest framing: Cortex is built for and aligned with these standards — it does not assert certification on your behalf.

How the mapping works

From a written requirement to an enforced control to provable evidence.

Every framework reduces to a set of requirements. Cortex turns each one into a fail-closed runtime gate — and records the verdict in a tamper-evident ledger you can hand an auditor.

RequirementEnforced Cortex controlLedger evidence
Human oversight of high-risk decisionsOversight modes + approval gate409 hold · approver receipt
Logging & traceability of every runTrust Ledger (hash-chained)verifyChain ▸ ok: true
Access limited to authorized rolesAgent IAM + ontology permissions403 on restricted read
Spend / resource limits enforcedCost governance hard cap402 over budget
Decisions grounded in real sourcesDatapoint provenance + citations10-hop lineage to source
Records are complete & tamper-evidentSigned receipts, sealed chainhashOk: false flags edits
Compliance Packs

One-click evidence export, straight from the Trust Ledger.

Stop assembling screenshots before an audit. A Compliance Pack bundles the control-to-framework mapping table with the live, hash-chained run records that prove each control fired — exported on demand, verifiable offline.

  • Control map per framework (EU AI Act · ISO 42001 · NIST AI RMF and more)
  • Sealed run records with signed receipts you can verifyChain offline
  • Datapoint provenance: every fact threads back through a 10-hop lineage to its source
  • Honest by construction — evidence is generated, never asserted
01 · Humanrisk-ops@nw02 · AgentFraud Triage03 · Skilltriage.v404 · Promptsha 0x3a…05 · Policyapprove≥5k06 · Modelclaude-opus07 · ToollookupCase08 · Artifactmemo #447109 · Outcomeapproved10 · Approvalj.lee
Getting audit-ready

Three steps from policy to provable.

  1. 01

    Map

    Pick your frameworks. Cortex lines each requirement up against the runtime gate that enforces it — no spreadsheet archaeology.

  2. 02

    Enforce

    Every agent run passes the same fail-closed gates. A denied control returns a real code (402 / 403 / 409) — never a silent pass.

  3. 03

    Prove

    Export a Compliance Pack: the mapping table plus the sealed ledger records that show each control fired, verifiable offline.

Turn compliance from a burden into a button.

See how Cortex maps your frameworks to enforced controls and exports auditor-grade evidence on demand.