For Chief Technology Officer
Enforcement at the decision boundary.
OBEXGATE operates inside the decision loop, not alongside it. Every governed action is evaluated before it executes. The architecture is non-bypassable, the verdict is auditable, and the deployment topology fits the environment you already run.
If it is not in the execution path, it is not control.
Not outside the stack. Inside the execution path.
Observer Mode shows how your system behaves
Enforce Mode blocks actions before execution
If an action violates policy, it does not run
Where it sits
Inside the decision loop, not bolted to the side.
Most AI governance products observe. They tail logs, score outputs, and surface incidents after they occur. OBEXGATE evaluates before the action commits. The verdict is the gate. If the action does not meet requirements, it does not execute.
This is enforced through topology, not configuration. A non-bypassable execution boundary, a runtime-owned commit authority, no state mutation outside the verification gate.
Operational difference. Without enforcement: violations logged after execution. With enforcement: actions evaluated before execution, violations prevented, evidence produced as a side effect.
What it does in production
Eight things, running continuously.
→ Discovery
Identifies AI agents and workflows in operation: registered systems, unregistered agents, embedded AI inside workflows. Unmanaged systems are surfaced and classified.
→ Admission
Validates structural requirements, policy alignment, and operational readiness before a system is allowed to operate under governance.
→ Evaluation
Applies regulatory frameworks, internal policy, and control logic to every action. Real-time.
→ Enforcement
Non-compliant actions do not execute. No fallback. No silent failure.
→ Decision trace
Every decision produces a structured record: what was evaluated, which frameworks applied, why the decision was made. Audit-grade.
→ Continuous monitoring
Behaviour, system state, and compliance alignment tracked to ensure conditions remain valid.
→ Drift detection
Post-execution intelligence identifies drift, inconsistencies, and policy gaps. Read-only. Does not interfere with enforcement.
→ Decommissioning
Structured teardown of retired systems: access revocation, data removal, audit records sealed. Fully auditable lifecycle exit.
Deployment topology
Same enforcement. Different environments.
Deployment is driven by governance context, not technical preference. The evaluation layer is identical across modes.
| Mode | Where it runs | What you control |
|---|---|---|
| SaaS multi-tenant | OBEXGATE-hosted, shared infrastructure | Configuration, governed actions, audit access |
| SaaS dedicated | OBEXGATE-hosted, single-tenant | Tenant isolation, custom rules, dedicated support |
| SDK / library mode | Embedded inside your application stack | Full integration control, in-process enforcement |
| Partner cloud | Your AWS, Azure, or GCP account | Infrastructure, network policy, key management |
| Federated | Distributed across business units or regions | Local data residency, central policy authority |
| On-prem | Your data centre, your LLM | Full air-gap option, no external dependency |
| Sovereign cloud | Jurisdiction-bound deployment | Controlled encryption, in-region processing |
Adoption
Observer Mode first. Enforcement when ready.
For environments where switching enforcement on requires weeks of testing, Observer Mode evaluates every action and produces the verdict without blocking. Same evaluation engine. Different verdict treatment.
When the team is ready, enforcement activates. No redeploy. No second integration.
Observer Mode is available on every tier, including the free tier. It exists so the cost of testing enforcement is the cost of enabling a flag, not the cost of a parallel deployment.
See where it would sit in your environment.
Six questions. Personalised regulatory map, cost basis, statutory exposure. Or schedule 30 minutes with someone who has architected this before.