SIGNED CREDENTIALCONSTITUTIONAL POLICYJURISDICTION INTELLIGENCEDATA CLASSIFICATIONBEHAVIORAL BASELINERUNTIME ENFORCEMENTCHAIN ANCHOR
Runtime Enforcement Layer

Between your AI agents
and the world.

€35MEU AI Act maximum penalty

Every call enforced. Every decision anchored. Every block cited by statute.

What We Enforce Across Your Fleet
PIPL Art. 38GDPR Art. 9HIPAA §164.514DORA Ch. IIINYDFS Part 308SR 11-7BCBS 239MiFID IIEU AI Act Art. 6ISO 42001SOC 2 CC9.2FedRAMP HighCMMC L3FDA 21 CFR Part 11GxPICH Q9NAIC AI Model LawSolvency IIITAR §120HITECHOWASP Agentic Top 10NIST AI RMFOECD AI PrinciplesBletchley DeclarationPIPL Art. 38GDPR Art. 9HIPAA §164.514DORA Ch. IIINYDFS Part 308SR 11-7BCBS 239MiFID IIEU AI Act Art. 6ISO 42001SOC 2 CC9.2FedRAMP HighCMMC L3FDA 21 CFR Part 11GxPICH Q9NAIC AI Model LawSolvency IIITAR §120HITECHOWASP Agentic Top 10NIST AI RMFOECD AI PrinciplesBletchley Declaration
Studio

Where the constitution is signed.

The policy canvas. Compliance officers register every agent, tool, jurisdiction, and data class. When signed, the policy is a cryptographically binding contract. The gateway enforces it. The chain proves it.

01
Agent Registry
Every agent declared. Purpose, autonomy tier, permitted tools.
02
Tool Registry
Every function listed. Data classes touched, jurisdictions operated in.
03
Constitutional Policy
Scope, jurisdictions, data classes, prohibited practices. Enforced at every clause.
04
Signed Credentials
ML-DSA-65 quantum-safe signing. Co-signed by three roles before any agent ships.
PhronEdge Studio: signed agent canvas with constitutional policy, agent registry, tool registry, and ML-DSA-65 credentials.
Live regulatory intelligence

Fluent in the regulators that govern your industry.

195Jurisdictions enforced
36 frameworks·4,360 statutes·23 industries

Compliance reviewed yesterday cannot enforce tomorrow.

We save you from

Your team stops cross-referencing 36 frameworks by hand. The constitution carries them. GDPR, HIPAA, PIPL, DORA, EU AI Act, ISO 42001. Already enforced on every call your agent makes.

36 frameworks enforced · 195 jurisdictions resolved · day one

Audit prep stops eating weeks. Every call your agent makes is already signed, already cited, already chained. When the regulator asks, you export the chain. The defense is already written.

ML-DSA-65 signed · SHA-256 chained · regulator-exportable

A German agent calling a Chinese tool no longer waits for legal review. The gateway resolves the jurisdiction at sign time, cites the statute, and either permits or blocks. Your legal team reviews the verdict, not the question.

GDPR Art. 46 · PIPL Art. 38 · Schrems II · DORA Ch. III

When a regulator amends a statute, the change lands in the constitution before it lands in your inbox. Your agents inherit the update automatically. No re-architecting. No re-deployment.

live regulatory feed · co-signed policy amendments · zero downtime

When an agent tries an unauthorized action, the gateway blocks it before the call returns. The breach never reaches the tool. The chain records the block, not the breach. Your CCRO answers a regulator with the denial, not the disclosure.

8 pre-call checkpoints · sub-50ms enforcement · the unauthorized call never returns

What you get

Four pillars. One signed runtime.

Every agent registered. Every tool declared. Every jurisdiction resolved. Every credential signed. The constitution is the runtime your agents inherit.

ONE SIGNED RUNTIME01Agent RegistryEvery agent under one ledger02Tool RegistryEvery function declared03Live PolicyResolved at sign time04Jurisdiction Intelligence195 regimes, live
195
Jurisdictions
36+
Frameworks
8
Checkpoints
<50ms
Gateway latency
ML-DSA-65
Quantum-safe signing
Oversight

The enforcement cockpit.

Oversight is the live control room. Every agent in the fleet is signed, tracked, and accountable. The Chief Information Security Officer sees every action in real time. Suspends. Reinstates. Pulls the kill switch. Every command hash-chained to the agent it touched.

Live Fleet
Every active agent. Status, calls, blocks, PII detections in real time.
Streamed Events
Allow, block, citation, timestamp. Chained before the next call returns.
Quarantine
Suspend tool access. The agent enters respond-only mode.
Kill Switch
Revoke a credential globally. Permanent. The agent stops at the next call.
PhronEdge Oversight: live event chain showing every tool call, every block, with severity, checkpoint, agent, and hash.
The platform in motion

See it sign. See it stop.

Amend a policy. Quarantine an agent. Reinstate it. Pull the kill switch. Every action signed, chained, and rendered in real time across Studio, Oversight, and Intelligence.

Corridor enforcement

Cross-border decisions, resolved at sign time.

An agent in Germany delegates to sub-agents in the UK and France. Different data classifications. Different consent rules. Different AI regulations. Every transfer is resolved against the corridor matrix and cited the instant it happens.

Risk Map: Germany to China data transfer status PROHIBITED. PIPL, DSL, CSL citations rendered live.
Intelligence

Every regulation in one place.

Know the regulator before the regulator knows you. 195 jurisdictions, 36 frameworks, 4,360 policy documents, fluent and ready for your industry.

Overview
Every regulation indexed. Search by name, framework, or article.
Jurisdictions
195 regimes enforced. Cross-border corridors resolved at sign time.
Evidence
Statute citations on demand. Exportable to your compliance team.
Risk Map
Visualize where your agents can operate. Live frontier of permitted scope.
What every call carries

Every call carries its own proof.

Every tool call passes through four guarantees. Signed by the constitution. Blocked at the gateway. Cited by statute. Hashed into the chain.

ML-DSA-65 · CRYPTOGRAPHIC SIGNATURE · ML-DSA-65PHRONEDGE · CERTIFIED AUTHORITY · PHRONEDGE
Sign
ML-DSA-65 credential per agent. Modify it, the signature breaks.
Block
Eight runtime checkpoints. Sub-50ms. The unauthorized call never returns.
Cite
Every block names the law. PIPL Art. 38. GDPR Art. 9. HIPAA 164.514.
Hash
SHA-256 chain. Tamper one row, the chain breaks. Mathematical, not curated.
How it holds

Separation of duties, enforced in the wiring.

Five components. One job each. Policies signed by one, enforced by another, recorded by a third. No component can rewrite the chain it observes. The audit trail is mathematical, not curated.

ONERUNTIMEBrainSIGNSGatewayENFORCESPROVESAnchorREVOKESEnforcerEvidenceREPORTS

Authors and signs every constitutional policy. ML-DSA-65 quantum-safe signatures, FIPS 204 compliant. Co-signed amendments require two principals; the gateway rejects any policy not bearing both seals.

cannot enforce calls · cannot rewrite the chain · cannot revoke credentials

Eight pre-call checkpoints intercept every tool invocation. Signed credential, constitutional policy, jurisdiction intelligence, data classification, prompt injection, behavioral baseline, runtime enforcement, chain anchor. Sub-50ms enforcement at the boundary.

cannot sign policy · cannot author credentials · cannot rewrite history

SHA-256 hash chain records every event in append-only order. Per-tenant isolation. Tamper one row, the chain breaks deterministically and the next read fails verification. Exportable to a regulator's audit format.

cannot rewrite history · cannot make enforcement decisions · cannot revoke

Quarantine an agent (suspend tool access, respond-only mode) or pull the kill switch (revoke the credential globally, permanently). The gateway honors the revocation at the next call; no in-flight call survives a kill.

cannot view the chain · cannot enforce policy · cannot author credentials

Streams every event into the regulator-ready record. Anomaly detection, behavioral drift alerts, fleet-wide telemetry. Read-only access to the chain; no write authority anywhere in the system.

cannot revoke · cannot block · cannot rewrite or amend any record

Resolved by industry

Your agent carries the global regulation affecting your industry.

Every regulation resolved to policy rules and statute citations. Day one, the gateway knows your obligations.

Financial Services
DORA · SR 11-7 · BCBS 239 · MiFID II
Healthcare
HIPAA · HITECH · FDA SaMD · 21 CFR Part 11
Insurance
NAIC AI Model Law · Solvency II · NYDFS 308
Banking
BSA · AML · FFIEC · OCC Heightened Standards
Pharmaceutical
FDA 21 CFR Part 11 · GxP · ICH Q9 · GMP
Aerospace & Defense
FedRAMP High · CMMC L3 · ITAR · IL5
Government
FedRAMP · FISMA · NIST 800-53 · StateRAMP
Legal Services
ABA Model Rule 1.6 · GDPR · Privilege Log · Bar Ethics
Real Estate
Fair Housing Act · RESPA · HMDA · ECOA
Agriculture
USDA APHIS · FIFRA · FSMA · EPA FIFRA
Automotive
FMVSS · NHTSA · UN R155 · ISO 26262
Construction
OSHA 29 CFR 1926 · Davis-Bacon · EPA RRP · ADA
Cloud & AI
ISO 42001 · SOC 2 · EU AI Act · OWASP Agentic Top 10
Education
FERPA · COPPA · Title IX · IDEA
Energy
NERC CIP · FERC Order 2222 · EPA CAA · PHMSA
Enterprise Tech
SOC 2 · ISO 27001 · GDPR · CCPA
Gaming
UIGEA · MGA · UKGC · GLI-19
HR
EEOC · Title VII · ADA · NYC AEDT Law 144
Manufacturing
ITAR · EAR · REACH · RoHS
Media
FCC 47 CFR · DMCA · COPPA · Broadcast Indecency
Retail
PCI-DSS 4.0 · CCPA · FTC Act §5 · CAN-SPAM
Telecommunications
CALEA · TCPA · Section 222 CPNI · FCC 47 CFR
Transport
DOT FMCSA · PHMSA HMR · MTSA · ISPS Code
Plus 15 more industries, each with their own statute map.
The production gap

Anyone can ship an agent. Enforcing it at runtime is the production gap.

Every agent signed. Every call cited. Every decision in a chain a regulator can verify.