Use Cases / Compliance
Compliance in Motion
Intended does not generate compliance reports after the fact. It produces cryptographic evidence of correct authority decisions as they happen — hash-chained, replayable, and exportable.
Audit, Not Theater
Most AI governance tools produce dashboards. Intended produces mathematically verifiable evidence. Every authority decision is appended to a SHA-256 hash chain. Any insertion, deletion, or modification breaks the chain and is immediately detectable.
SHA-256
Hash algorithm
Each entry hashes the previous entry, forming a tamper-evident chain.
HMAC-SHA-256
Evidence signing
Self-contained evidence bundles are independently verifiable.
RS256
Token signing
Per-tenant RSA key isolation. 300s TTL. Single-use nonces.
API endpoint
Chain verification
GET /audit/chain-verification walks the full chain and reports integrity.
Framework Mapping
Intended maps authority decisions directly to regulatory requirements. Each framework entry describes the requirement and the specific evidence Intended produces to satisfy it.
EU AI Act — Article 14
Generally AvailableHuman oversight of high-risk AI systems
Escalation workflows route high-risk actions to human approvers. Every escalation decision is recorded with approver identity, rationale, and timestamp in the hash-chained audit ledger.
NIST AI RMF
Generally AvailableQuantitative risk measurement for AI systems
Eight-factor risk scoring model produces a 0-100 score for every AI action. Risk factors, weights, and thresholds are auditable. Policy rules bind directly to risk tiers.
SOX / SEC Controls
Generally AvailableImmutable evidence chain for financial operations
SHA-256 hash-chained audit ledger with HMAC-signed evidence bundles. Chain integrity is verifiable at any time. Evidence bundles are self-contained and exportable for external audit.
SOC 2 Type II
Generally AvailableContinuous control monitoring and evidence
77 compliance controls mapped to authority rules. When a rule triggers, the compliance controls it satisfies are recorded alongside the decision. Continuous evidence generation, not periodic collection.
HIPAA
Readiness ModeAccess controls and audit logging for PHI
Tenant-scoped RBAC with 20 permissions. AES-256-GCM encryption at rest. TLS 1.3 in transit. Every access to sensitive data produces an audit entry. HIPAA BAA-eligible infrastructure planned.
FedRAMP
PlannedFederal security standards for cloud services
AWS GovCloud deployment path architected. FIPS 140-2 endpoints available. Infrastructure designed for FedRAMP High authorization without re-platforming.
Replay for Examiners
Authority Replay API
Reconstruct the complete decision path for any execution: intent, LIM classification, risk score, policy evaluation, approval workflow, token issuance, and adapter result.
Evidence Bundle Export
Download a self-contained, HMAC-signed evidence package for any execution. Verifiable independently by external auditors without database access.
Chain Integrity Verification
Run on-demand or scheduled integrity checks against the full audit chain. Any tampering is detected and reported immediately.