Polyant is the software to build AI agents inside multi-regulator compliance flows. Immutable audit registry of runtime decisions, article-by-article mapping of the applicable regulators, DORA and NIS2 reporting with mandatory timers, validation of new AI systems against the AI Act.
What changes is the availability of audit evidence: standard SQL queries vs weeks of manual consolidation. What changes is the moment of DORA and NIS2 reporting: mandatory timers active from the first moment of the incident. What changes is the pre-screening of AI systems: AI Act classification before deploy, not post-incident. What changes is the monitoring of the MDR boundary for healthcare agents: automatic validation at deploy, not retroactive assessment.
For the head of compliance at a large regulated organisation, a squad of agents covers the multi-regulator perimeter. Each agent does its part on its applicable regulation and hands the work over to the next, under the same configuration and the same audit registry.
Immutable audit registry of every runtime decision, queryable via standard SQL for internal audit or the regulator.
See the agentArticle-by-article mapping of the applicable regulators (DORA, IDD, MDR, AI Act, GDPR) onto the runtime audit registry.
See the agentPre-screening of regulated contracts and communications before sending. Decision traced article by article for audit.
See the agentValidation of new AI systems against the AI Act Annexes, FRIA workflow, explainability, and human oversight.
See the agentFor the head of compliance and the DPO at a European mid-sized bank, a squad of agents covers audit, mapping, DORA incident, and AI Act validation under one registry.
For the head of compliance at a European mid-sized bank, the week starts on the runtime audit registry. Audit Recorder logged every decision made by the deployed agents over the weekend: Compliance Scan intercepted 12 commercial contracts, Lead Scoring issued 340 decisions with reason codes, and KYC/AML completed 47 new account openings. Policy Mapper added the regulatory article reference to each decision.
Tuesday a GDPR article 15 request arrives in the DPO's mailbox. The DPO opens the standard SQL client and runs the query on the audit registry filtered by the specific customer and regulatoryReference containing GDPR. The output is 8 automated decisions with all the evidence: rule applied, model output, and human oversight where active. The response to the customer is ready within 24 hours.
On Wednesday, the SIEM identifies a cybersecurity incident in the DORA perimeter. NIS2 Incident Reporter activates, classifies the event as significant, triggers the 24h national-authority timer, and in parallel DORA Incident Reporter prepares the early notification to the central bank with the pre-filled RTS 2024/1772 template. The head of compliance sees everything in the work channel.
Audit Recorder, Policy Mapper, DORA Incident Reporter, and AI Act High-Risk Validator interact with different systems — the runtime database, the applicable regulations, the SIEM, and the new systems being considered for deployment — but follow the same instance configuration and trace every decision in the audit registry. A squad of agents working under the same rules and the same evidence, across multiple regulators.
DORA Incident Reporter, AML Screening Real-Time, Sanctions Watchlist Multi-Layer, MiFID II Disclosure Gate, Model Risk Inventory: the banking regulatory perimeter is structural, and the agents are dedicated to mandatory timers.
See the industry →IDD Gate for mandatory disclosure, IVASS Reg. Reporter for periodic reporting, Solvency II Validator for capital requirements: vertical agents tuned to the insurance regulator's guidelines.
See the industry →MDR-SaMD Avoidance Checker at deploy, EHR Audit for access logs, Patient Communication Reviewer for privacy: the boundary between support tool and medical device must be monitored continuously, not retroactively.
See the industry →Other regulated industries
Utility with ARERA Disclosure Validator and NIS2 Incident Reporter. Public Sector with dedicated variants (AI Act Annex III Validator PA, Public IT Compliance). Cross-industry: AI Act High-Risk Validator and NIS2 Incident Reporter.
The customer's compliance systems (AML systems, specific management systems, regulatory reporting systems) are integrated through delivery by the Exelab team. Audit Recorder is native to the runtime; for other agents, the integration is delivered case by case.
The typical pattern varies per agent: 8-12 weeks for horizontal agents (Compliance Scan, Audit Recorder, Policy Mapper); 14-22 weeks for industry-specific vertical agents (DORA Incident Reporter, IDD Gate, NIS2 Incident Reporter). The duration is defined during discovery on the actual case.
No. Reporter agents (DORA, NIS2, IVASS) prepare the structured reports and trigger the mandatory timers. Formal submission to the regulator follows the customer's official procedures.
A 30-45 minute conversation to understand how Polyant for Compliance applies to the customer's case and how long it takes for the first agent in production.
