WHAT THE REGULATOR ASKS YOU TO PROVE

Your agents, audit-ready by default.

Kernel doesn't bolt compliance on after deployment. When you use Kernel, the obligations your agents create are satisfied by the architecture, before your first production deployment.

ANNEX III

CREDIT_SCORING

KYC_VERIFICATION

AUTOMATED_DECISIONS

EU Artificial Intelligence Act

Annex III classifies credit scoring, KYC, and automated decisions as high-risk AI. Four articles apply directly to agent deployments.

EU AI ACT · ARTICLE 14 · HUMAN OVERSIGHT

Kernel AppAPP2:34 PM

Approval required

agent
stripe-billing-bot-v2

action
refund.create

amount
$4,200.00 USD

customer
ACME Corp (cus_8a2f...)

policy_anchor
fintech.refund.threshold

Above $1,000 threshold. Customer rate: 2 refunds in 7 days.

Decision ID: kr_dec_8a2f9c1e · routed via #ops-payments

REQUIRE_HUMAN, the third verdict.

The decision routes to a reviewer in Slack before the agent acts. Every approval is logged with identity and timestamp.

EU AI ACT · ARTICLE 9 · RISK MANAGEMENT

GUARDRAILS · IMMUTABLE

🔒

LLM01LLM04LLM06LLM09+6 more

POLICY · CONFIGURABLE

🔧

FintechHealthcareCustom DSL+ Tier 3

Evaluation order: top to bottom

Two layers, different lifecycles.

Guardrails cover OWASP Agentic Top 10 immutably. Policy packs configure domain risk per agent type.

EU AI ACT · ARTICLE 12 · RECORD-KEEPING

EXPORT · EU AI ACT FORMAT
1{
"timestamp": "2026-05-06T14:23:01.847Z",
"agent_id": "stripe-billing-bot-v2",
"action": "refund.create",
"verdict": "REQUIRE_HUMAN",
"regulatory_anchor": "EU_AI_ACT_ART_12",
"policy_evaluated": "fintech.refund.threshold",
"approval_id": "kr_apv_8a2f9c1e",
"latency_ms": 0.84,
"execution_chain": [
  "guardrail.owasp_llm04: pass",
  "policy.fintech.threshold: require_human",
  "human.approval: granted"
]
15}

Every decision, sub-millisecond, immutable.

Verdict, governance layer, regulatory anchor, execution chain. Exportable in EU AI Act format on demand.

EU AI ACT · ARTICLE 13 · TRANSPARENCY

DECISION NARRATIVE · kr_dec_8a2f9c1e

Declared intent

Refund customer for documented service outage

OWASP risk

LLM06 · Excessive Agency

Regulatory anchor

EU AI Act, Article 13 (Transparency)

Verdict

REQUIRE_HUMAN

Every decision, in plain language.

What the agent declared, which OWASP risk applied, which regulation it satisfied. Auditors can read it.

WHAT THE REGULATOR ASKS YOU TO PROTECT

Your data, protected by design.

Kernel doesn't move your data into a vendor perimeter. Field-level tokenization happens at the agent boundary, with encryption keys you custody. Minimization by design, not by discard.

GDPR · ARTICLE 25 · PRIVACY BY DESIGN

ARTICLE 25

FIELD_LEVEL_TOKENIZATION

DATA_MINIMIZATION

AGENT_BOUNDARY

GDPR Privacy by Design

The agent processes only what it needs. Everything else stays tokenized at the field level, never reaching the model. Minimization isn't a post-hoc filter — it's the architecture.

GDPR · ARTICLE 25 · FIELD-LEVEL TOKENIZATION

Kernel SDKTOKENIZED14:23:01

Agent payload · field-level encryption

agent
stripe-billing-bot-v2

action
refund.create

customer_email
tok_a8f2c9e1...
TOKENIZED

customer_name
tok_3d7b4f12...
TOKENIZED

card_number
tok_9c1e8a2f...
TOKENIZED

amount
$4,200.00 USD
IN_CLEAR

currency
USD
IN_CLEAR

refund_reason
"service outage"
IN_CLEAR

Only fields required for the action reach the agent. Tokens resolve at the customer boundary.

Boundary: customer-kms · Decision ID: kr_dec_8a2f9c1e

Tokenization at the field, not the payload.

The agent sees what it needs to act. PII, PAN, and identifiers stay tokenized until they cross back into your perimeter. The regulator's question — 'what data did the model see?' — has a precise, auditable answer.

GDPR · ARTICLE 32 · ENCRYPTION OF PROCESSING

ENCRYPTION · APPROPRIATE TO RISK

AES-256-GCM

Asymmetric wrap

Per-field keys

FIPS 140-2 ready

Standard algorithms, standard primitives. No proprietary crypto.

Appropriate to risk, without debate.

AES-256-GCM with asymmetric key wrap is the encryption standard auditors expect. When the DPO asks, the answer is the one they've already approved a hundred times.

PCI DSS · REQ. 3.5 · KEY CUSTODY

KERNEL SDK

orchestrates

BOUNDARY

CUSTOMER KMS

custodies keys

keys.generated_at: customer-kms

keys.never_egress: true

kernel.role: orchestrator

Your keys never leave your KMS.

Kernel orchestrates the encryption boundary. You hold the keys. The PCI obligation stays where it should — with you — and Kernel makes it easier to meet, not harder to scope.

WHAT THE REGULATOR ASKS YOU TO LOG

Your operations, traceable on demand.

Every decision, every escalation, every policy violation — signed, timestamped, exportable. Self-governance isn't compliance. External attestation is.

AIUC-1

AGENT CODE · YOUR INFRASTRUCTURE

agent.process()

BOUNDARY

→

KERNEL SDK · INDEPENDENT

Kernel.check(
  agent_id,
  action,
  context
)

→ ALLOW | DENY | REQUIRE_HUMAN

AIUC-1 · POINTS C & D

Third-party enforcement by architecture.

Self-governance is not compliant. Kernel runs as an external SDK, independent from the agent's own code.

DORA

DORA · ICT Audit Trail Export

v2.5.0

2026-05-06 14:23:01.847

decision_loggedstripe-billing-bot-v2

ALLOW

2026-05-06 14:18:44.122

escalation_routedkyc-verifier-prod

REQUIRE_HUMAN

2026-05-06 14:11:05.998

policy_violationtreasury-bot

DENY

Retention: 2,555 days · Tamper-evident · DORA Article 12

Download .csv

DORA · ICT AUDIT TRAIL

Same audit log, DORA-formatted on demand.

Tamper-evident trails for ICT operations and incidents. 7-year retention by default.