Isolated tenant. No shared infrastructure.·EU AI Act enforcement begins August 2, 2026.

Your agents do not follow policy.
They carry it.

The enforcement control room for autonomous AI agents in the regulated enterprise. Every tool call enforced. Every block cited. Every decision hashed.

Request a demo Try the Playground

phronedge.com / studioUS · 2 agents · 3 tools · signed

PhronEdge Studio: signed agent canvas with credential JSON, OPA Rego policy artifact, framework chips (EU AI Act, GDPR, ISO 42001, NIST AI RMF, GLBA, DORA, PCI-DSS, SOX, SR 11-7), and live system status.

● 3 governed policies · signed and deployedpolicy_hash · 10dd89feebf07666 · ES256 signed

Sovereignty

Within 24 months, your AI agents will outnumber your employees.

They will process claims. Move money. Delegate tasks to other agents you did not build. Operate in jurisdictions where you have never registered.

When something goes wrong, it will be a breach, a lawsuit, or a headline.

Compliance does not solve this. The real question is sovereignty.

Agents do not read documents. They do not attend training. Today's governance infrastructure was designed for humans. Every PhronEdge agent carries its own credential, co-signed before deploy, enforced before the call returns.

The product surface

Four pillars. One signed runtime.

What ships at sign time. Every agent registered. Every tool declared. Every policy resolved against your scope.

01

Agent Registry

Every agent under one ledger.

Identityrole · tier · owner

Enrollmentcryptographic, co-signed

Lifecyclespawn to revoke, hashed

02

Tool Registry

Every callable function declared.

SurfaceSDK · MCP · HTTP

Data classPUB · PII · PHI · FIN · SPC

Permissionscoped at sign time

03

Live Policy

Resolved at sign time. Enforced in memory.

Frameworks36+ pre-mapped

Ceremonycompliance · architect · CISO

Amendmentsdiff · revoke · reissue

04

Jurisdiction Intelligence

195 jurisdictions, resolved live.

Privacy regimeslive database

Corridor matrixtransfer windows

Citationcontrolling statute at denial

195

Jurisdictions

36+

Frameworks

7

Checkpoints

<50ms

Gateway latency

P-256

ECDSA signing

The control room

An air traffic control tower.
Not a compliance dashboard.

Compliance writes the flight rules. The architect designs the routes. The CISO has the radio and the kill switch. Every plane in the air is signed, tracked, and accountable to the same control room. Nothing flies without a signed flight plan. Nothing changes course without a co-signed amendment.

01

Sign together. Or not at all.

Compliance signs the policy. The architect signs the build. The CISO signs the risk acceptance. No single role can deploy alone. Every amendment requires the same co-signature ceremony that produced the original.

Amendment ceremonyv1.2 → v1.3

3 of 3 required

Compliance

Sarah Chen

Wrote the rules.

signed14:02:18

Architect

Marcus Reid

Designed the build.

signed14:14:53

CISO

Eva Lindqvist

Accepted the risk.

signingnow

policy_hash on completion · sha256:9d2e…4c81No single role can deploy alone.

02

Watch every plane.

The CISO sees every action every agent takes in real time. Allow, block, citation, timestamp. Streamed and chained.

Live event feedSHA-256 chained

ALLOWED

search_claims

claims-investigator

14:32:08

ALLOWED

lookup_patient

medical-reviewer

14:32:06

BLOCKED

access_records

claims-investigator· GDPR Art. 9

14:32:01

ALLOWED

fraud_score

fraud-detector

14:31:58

BLOCKED

transfer_pii

claims-investigator· PIPL Art. 38

14:31:49

03

Act from anywhere.

Quarantine suspends tool access. Kill revokes the credential globally. The agent stops at the next call.

ciso console / incidentlive

● kill executed · credential revoked globallyagent stops at next call

Open the Console →

See it sign

The ceremony, in motion.

Co-signed credential. From draft to deployable in minutes.

screen recording · signing ceremony

awaiting capture

draft → compliance signs → architect signs → CISO signs → live

00:00
02:14

Corridor enforcement

An agent in Germany delegates to sub-agents in the UK and France.

Different data classifications. Different consent rules. Different AI regulations. The agent needs permission to delegate. The sub-agent needs permission to escalate. The tool needs permission to execute.

All resolved and enforced in memory before the tool call returns. Cited the same instant. Hashed before the next call. At the moment of action.

Now extend the corridor to China.

phronedge.com / risk-map195 jurisdictions · live

Risk Map: Germany to China data transfer status PROHIBITED. PIPL, DSL, CSL citations rendered live.

● Germany → China · PROHIBITED · PIPL Art. 38resolved at sign time · cited at denial

risk-map / us → cn7 of 7 blocked

Corridor intel panel: US to China BLOCKED. Permitted exporter, high-restriction destination. 19 frameworks, 3 corridors. All seven data classes (PUB, INT, PII, PHI, SPC, FIN, RST) blocked.

● US → CN · per data class19 frameworks · 3 corridors

Every cross-border action triggers a different statute. PhronEdge resolves them before the call returns.

What ships

Sign. Block. Cite. Hash.

01 · Signed

Cryptographic credentials, not policy documents.

Every agent receives an ES256 signed credential listing its tools, models, jurisdictions, and the statutes its policy resolves against. Co-signed before deploy. Rendered as Rego, YAML, or JSON. Byte-identical every time.

Modify it, the signature breaks. Revoke it, the agent stops at the next call.

patient-care-coordinator

Credential

# ═════════════════════════════════════════════════
#  PhronEdge Governance Policy — OPA Rego
# ═════════════════════════════════════════════════
#  Policy hash:   c1a2a613da20329d99f3ebb8e4a9a85cd
#  Signed at:     1777234342.8973188
#  Jurisdiction:  US
#  Industry:      FS
#  Frameworks:    EU AI Act, GDPR, ISO 42001, NIST
#                 AI RMF, GLBA, DORA, PCI-DSS, SOX,
#                 SR 11-7
#  Anchor hash:   941ca00e826c4e98
#  Signature:     ES256:3045022100c2b56250ce86d8...
# ═════════════════════════════════════════════════

package phronedge.policy.patient_care_coordinator
import rego.v1

policy_hash := "c1a2a613da20329d99f3ebb8..."
authorized_agents := [
  "billing-specialist",
  "diagnostic-router",
  "patient-care-coordinator",
  "records-handler"
]

default allow := false

allow if {
  agent_authorized
  tool_permitted
  data_classification_valid
  tier_sufficient
  model_permitted
  jurisdiction_allowed
  deny_patterns_clean
  oversight_satisfied
  approval_satisfied
  within_amount_limit
}

policy_hash · c1a2a613da20329d● signed · ES256 · key v2

02 · Blocked

At the boundary. Before the action.

7 checkpoints in under 50 milliseconds. Unauthorized actions are blocked before the tool fires.

The block is the action. The dashboard is the receipt.

Gateway · 7-checkpoint pipelineaccess_records · claims-investigator

01

Credential

→

02

Tier

→

03

Tool

→

04

Jurisdiction

→

05

Data class

→

06

Statute

→

07

Output

evaluation halts at first deny · checkpoints 06 and 07 not reached

✕BLOCKED at checkpoint 05

latency · 38ms

Cited statute

GDPR Article 9

Processing of special categories of personal data requires explicit consent or specific legal basis.

hashed to chain · sha256:9f3c…44e2tool never executed

03 · Cited

The law that prohibits the action. By name.

When PhronEdge blocks, the denial names the controlling statute. PIPL Article 38. GDPR Article 9. HIPAA 45 CFR 164.514. The platform ships with 195 jurisdictions and 36 frameworks pre-resolved against your scope.

Your compliance team gets the citation it needs to defend the action to a regulator. Without writing one.

✕Action denied

14:23:07 UTC

Tool

cross_border_transfer

Agent

claims-agent

Corridor

EU → CN  ·  PII data class

Cited statute

PIPL Article 38

Cross-border transfer requires CAC security review. 45 to 60 working days before the corridor enables.

chained · sha256:9f3c8b…44e2exportable to regulator

Live runtime

Watch enforcement happen.

Every active agent. Every tool call. Every block. Streamed in real time, signed and chained. Tamper one event and the chain breaks.

claims-investigatorACTIVE

342

calls · 4 blocked

medical-reviewerACTIVE

128

calls · 2 blocked

fraud-detectorQUARANTINED

0

calls · 0 blocked

By the time the audit runs, the data has already left. By the time the dashboard updates, the wire has already cleared.PhronEdge resolves and enforces before the call returns.

Architecture

Separation of duties by design.

5 components, each with one job. Policies are signed by one. Enforced by another. Recorded by a third. No component can perform another's role. The separation is built in.

01

The Brain

Signs

ECDSA P-256 signing

Policy authoring

Co-signature ceremony

Cannot enforce calls

02

The Gateway

Enforces

7 checkpoints

Sub-50ms latency

Block at boundary

Cannot sign policy

03

The Anchor

Proves

SHA-256 chain

Tamper-evident

Per-tenant isolation

Cannot rewrite history

04

The Enforcer

Revokes

Kill switch

Quarantine

Credential revocation

Cannot view chain

05

The Observer

Reports

Real-time telemetry

Anomaly detection

Drift alerts

Cannot revoke or block

The contract

A signed runtime emerges only when all five separations hold.

No shortcut. No exception.
The chain proves it.

Operational flowpolicy lifecycle

Audit chainruns through all five.

No component can rewrite the chain it observes.

For your engineers

Three lines. Any framework.

Three lines wrap a function. The Console decides what each agent is permitted to do. The CLI catches ungoverned code before it deploys.

LangChainCrewAIGoogle ADKOpenAIPydantic AIAutoGen

Read the SDK reference →

your_agent.py

$ pip install phronedge

from phronedge import PhronEdge
pe = PhronEdge(api_key="pe_live_...")

@pe.govern("lookup_claim")
def lookup_claim(claim_id: str) -> str:
return db.query(claim_id)  # 7 checkpoints. under 50ms.

Industries

For regulated industries, the rules already exist.

Each regulation ships with its policy rules and statute citations already written. We update them. You pull the latest. On the Enterprise plan, the gateway runs inside your network. Traffic never touches our infrastructure.

Financial Services

DORA · SR 11-7 · BCBS 239 · MiFID II

Healthcare

HIPAA · HITECH · FDA SaMD · 21 CFR Part 11

Insurance

NAIC AI Model Law · Solvency II · NYDFS 308

Defense

FedRAMP High · CMMC L3 · ITAR · IL5

Pharmaceutical

FDA 21 CFR Part 11 · GxP · ICH Q9

Enterprise tech

ISO 42001 · SOC 2 · GDPR · OWASP Agentic

The hard part

Anyone can build an agent. Governing it is what every production team gets stuck on.

Hosted, or deployed in your environment.
Your keys. Your audit chain. Per tenant. Same enforcement either way.

Your agents arrive at production already governed.

Signed. Carrying their policy. Accountable from the first call.

Request a demo Try the Playground

EU AI Act enforcement begins August 2, 2026 · 7% of global revenue