Responsible Governance
Guardrails
الحوكمة الذكيةA governance console watching the agent's traffic moment by moment: a live audit trail, PII detection, risk scores and a human review queue — every control traced to its regulatory source.
No sessions yet — start a conversation in Journey and it appears here instantly.
Policy registry
14 controls from accredited regulatory sources, each linked to a live signal in the platform.
| Control | Source | Check type | Linked signal |
|---|---|---|---|
Personal data is processed on the basis of the data subject's consent, save for the cases the Law expressly permits. Personal Data Protection Law — Article 5GR-PDPL-01 | Personal Data Protection Law | Human | Synthetic data |
Collection is limited to the minimum personal data necessary for the purpose; any personal data entering the conversation is flagged the moment it arrives. Personal Data Protection Law — Article 11GR-PDPL-02 | Personal Data Protection Law | Automated | PII detection |
Notify the competent authority of any personal-data breach within no more than 72 hours of awareness; high-risk sessions are escalated for review. (Our contractual commitment for this tender: 24h.) Personal Data Protection Law — Article 20, with Implementing Regulation — Article 24GR-PDPL-03 | Personal Data Protection Law | Human | Risk score |
Personal data is transferred outside the Kingdom only under the conditions and safeguards the Law prescribes; this demo's data is fully synthetic and hosted locally. Personal Data Protection Law — Article 29GR-PDPL-04 | Personal Data Protection Law | Human | Synthetic data |
Data subjects can exercise their rights to be informed, access, correct and destroy their data, with exportable evidence of every response. Personal Data Protection Law — Article 4GR-PDPL-05 | Personal Data Protection Law | Human | Evidence export |
The agent is designed and operated to avoid unjustified bias across users, regions and facilities, with periodic behavioral review from the audit trail. AI Ethics Principles v2.0 — FairnessGR-SDAIA-01 | SDAIA AI Ethics Principles | Human | Audit trail |
Every agent step — tool calls, their inputs and their results — is surfaced moment by moment in an auditable trail. AI Ethics Principles v2.0 — Transparency & ExplainabilityGR-SDAIA-02 | SDAIA AI Ethics Principles | Automated | Audit trail |
Explicit human approval is required before any user-impacting action executes; the decision and its time are recorded in the audit trail. AI Ethics Principles v2.0 — Humanity (human oversight)GR-SDAIA-03 | SDAIA AI Ethics Principles | Automated | Approval gate |
Facility licenses are verified before recommendation; touching an expired or suspended license raises the risk score automatically. AI Ethics Principles v2.0 — Reliability & SafetyGR-SDAIA-04 | SDAIA AI Ethics Principles | Automated | License checks |
A complete evidence chain is kept per session, attributing every step to its context and decision, exportable for review. AI Ethics Principles v2.0 — Accountability & ResponsibilityGR-SDAIA-05 | SDAIA AI Ethics Principles | Automated | Evidence export |
Access to the platform and this console is governed by unified identity and scoped permissions (in this demo: a clearly labeled SSO simulation). Essential Cybersecurity Controls (ECC) — Identity & Access Management control familyGR-NCA-01 | NCA Essential Cybersecurity Controls | Human | Session scope |
Event logs are enabled on every agent step with strictly ordered timestamps and continuously monitored through this console. Essential Cybersecurity Controls (ECC) — Cybersecurity Event Logs & Monitoring Management control familyGR-NCA-02 | NCA Essential Cybersecurity Controls | Automated | Audit trail |
No raw personal data is stored in the audit log: masked samples of detector matches, plus SHA-256 fingerprints of tool inputs. Essential Cybersecurity Controls (ECC) — Data & Information Protection control familyGR-NCA-03 | NCA Essential Cybersecurity Controls | Automated | Input fingerprint |
All demo data is classified as synthetic, non-personal data, and that classification is disclosed on every surface of the platform. National Data Management Office — Data Management Standards: Data Classification domainGR-NDMO-01 | NDMO Data Management Standards | Human | Synthetic data |
Information-security controls anchor to the NCA (ECC); data-management standards anchor to the NDMO.