INFORMATION ONLY · BUILDS IN ACTIVE DEVELOPMENT

Decision
Intelligence
Infrastructure
as Code

AI speed. Governance discipline. Both.

The gap between AI capability and governance accountability. Closed. Azure-hosted and infrastructure-as-code governed, every decision is evidence-bound, human-reviewable, cryptographically signed, and independently verifiable.

Explore Platform Watch Demo
IT Enterprise & Services Pharma & Medical Research
SCROLL
PLATFORM DEMO

See the complete
governance workflow.

Watch an end-to-end simulated walkthrough — from natural language intent capture through all seven governance stages to a cryptographically signed, board-ready decision report. Available for both builds.

Watch IT Enterprise Demo Watch Pharma Demo
Intent capture through all 7 governance stages
Live evidence collection and scoring visualised
policy/control gates enforced at compile time
Final board-level report: signed, verifiable, human review required
01 FREEZE 02 COLLECT 03 NORM. 04 BIND 05 GEN. 06 ENFORCE 07 RENDER
WATCH DEMO — 65 SECONDS
Simulated demo · No customer data · No live system access required
THE SOUL OF THE PRODUCT

How a governed decision is born

THE AI REASONS  ·  YOUR TEAM DECIDES  ·  DIIaC MAKES IT PROVABLE

WATCH THE M² TEASER
Research preview · Synthetic activations · No customer data
M-SQUARED — ADVISORY REVIEW

Review the structure
before reliance.

M² is an advisory interpretability and behavioural-review layer for governed AI decision artefacts. It helps reviewers inspect structure, salience, and divergence signals before reliance while DIIaC preserves evidence, approval, signatures, and ledger controls.

Watch the M² Advisory
Advisory structure and salience signals visualised
Governance checkpoints remain anchored to DIIaC evidence and approval
Divergence detection — review where artefacts differ in emphasis
GOVERNANCE INFRASTRUCTURE — SHARED ACROSS BOTH BUILDS

One governance engine.
Three guarantees.

Not an AI assistant. Not a document generator. Not a GRC checklist. A decision governance control layer — infrastructure for the decision process itself. Controlled confidence for organisations that need to move faster without giving up accountability.

— 01
Governed Compile
Intent is frozen. Evidence signals collected. Inputs normalised. Evidence bound to outputs. Recommendation generated. Regulatory controls enforced. Governed report rendered. Seven deterministic stages. Same governed inputs always produce the same governed outputs.
— 02
Cryptographically Signed
Every decision pack signed with Ed25519 signatures. Merkle tree proofs confirm artefact integrity. A hash-chain ledger records every governance event. Tamper-evident — proves nothing has been modified since compilation.
— 03
Independently Verifiable
Every signed pack verifiable offline — no platform access required. Give the artefact to a regulator, auditor, or board member. They verify its integrity in their own environment, at any point in the future, without needing you in the room.
SEVEN-STAGE GOVERNANCE PIPELINE

The same path. Every compile.

The same deterministic path for every decision — both builds. Reproducible, replayable, and auditable.

01
Freeze
Intent frozen
02
Collect
Evidence signals
03
Normalise
Inputs standardised
04
Bind
Evidence bound to outputs
05
Generate
Recommendation produced
06
Enforce
Regulatory controls applied
07
Render
Governed report signed
WHAT DIIaC DELIVERS
Human intent capture in natural language and structured form
Conversational AI partner that enriches decision intent before compilation
Deterministic governed compilation with mandatory policy controls
Evidence-bound outputs with quality gates and freshness checks
Multi-role review and accountability state
Signed decision packs independently verifiable offline
Replayable audit context across the full decision path
Board-ready reports with evidence traceability and policy compliance
Institutional Bayesian intelligence that improves with every compile
WHAT DIIaC NEVER DOES
Autonomously approve decisions
Replace operational systems of record
Certify regulatory compliance
Weaken or bypass policy controls silently
Generate ungoverned AI outputs
Train on customer data without explicit governance
Eliminate the need for human review
Honest framing
DIIaC is not trying to replace expert judgement. It is not a regulatory certification service. It does not guarantee compliance outcomes. It makes decision governance more disciplined, more traceable, and more defensible — the accountability stays with the people who use it.
COMPETITIVE POSITIONING — FACTUAL, NON-DISPARAGING

Where DIIaC sits.
What others don't do.

The gap between AI capability and governance accountability. This is where DIIaC lives.

Capability Native LLM Tools GRC Platforms AI Governance Overlays DIIaC™ IT Enterprise DIIaC™ Pharma
Natural language intent capture
Deterministic governed compilation
Evidence binding and quality gatesPartial✓ + GxP classes
Policy-pack enforcement✓ EU AI Act + UK AI✓ + GMP/GCP/GVP
Cryptographically signed outputs
Offline independent verification
Multi-role accountability statePartial✓ pharma roles
Institutional Bayesian learning
Board-ready report with evidence tracePartial
AI output assurance / verificationPartial
Research advisory intelligence (PRIA)
GxP / Annex 11+15 / ALCOA+ controls
Pharmacovigilance governance
UK Public Sector bid intelligence
GxP validation baseline

Comparison based on published vendor documentation, March–May 2026. ChatGPT Enterprise / Microsoft Copilot: strong for general-purpose assistance, drafting and knowledge work. Not designed to emit deterministic signed decision artefacts or enforce policy-pack controls. GRC platforms (ServiceNow, IBM OpenPages, MetricStream): strong for controls management, risk registers, and audit workflows. Not decision-compilation engines. AI Governance Overlays (IBM watsonx.governance, Credo AI, OneTrust, ValidMind): strong for AI policy management and model risk monitoring. Sit around decisions, not inside the decision workflow.

BUILD ONE — v1.7.0

IT Enterprise
& IT Services

From intent to signed board report. Governed end to end. The accountability infrastructure your technology strategy decisions have always needed — and never had.

DECISION_PACK.jsonSIGNED
{
  "build": "it_enterprise_v170",
  "decision_type": "cyber_platform_assessment",
  "regulatory_controls_enforced": 19,
  "governance_gates_passed": true,
  "evidence_bound": true,
  "human_accountable": true,
  "signature": "ed25519",
  "offline_verifiable": true
}
DECISION DOMAINS
Cyber Platform Assessment
Governed selection and assessment of cyber security platforms — scored, evidenced, signed. Every recommendation traceable to defined evaluation criteria.
Cloud Architecture & Migration
Cloud migration and platform strategy decisions with integration risk, architectural alignment, and operational resilience evidence bound at compile time.
Enterprise Technology Strategy
CIO and CTO-level technology roadmap and investment decisions compiled through governance gates with board-ready output and full evidence traceability.
Supplier & Managed Service Risk
Supplier qualification and managed service selection with deterministic scoring across security, resilience, interoperability, operations, and commercial dimensions.
AI Governance & Adoption
Enterprise AI adoption decisions governed against EU AI Act Deployer (10 controls) and UK AI Governance (9 controls) — enforced at the compile path.
IT Service-Provider Governance
Customer-impacting technology decisions with demonstrable governance evidence. Customers ask for assurance. DIIaC generates customer-ready decision artefacts.
REGULATORY CONTROLS

19 controls enforced across every IT Enterprise compile. Hard gates — cannot be softened or bypassed.

EU AI Act — Deployer Requirements 10 controls
UK AI Governance — National Framework 9 controls
Ed25519 Signing · Merkle Integrity · Hash-Chain Ledger Always
EVIDENCE MODELS

Selected automatically based on decision intent. Procurement always retains the strictest gates.

ModelDecision TypeRigour
Procurement evaluationVendor selection, supplier shortlistingStrictest
Vendor assessmentTechnology comparison, platform reviewProportionate
Risk reviewRisk assessment, threat analysisProportionate
Strategy assessmentStrategic planning, roadmapsProportionate
GeneralDefault fallbackBaseline
KEY CAPABILITIES
AI Output Assurance
Upload a raw AI-generated document — draft report, analysis, or proposal. DIIaC extracts material claims, maps citations, flags unsupported statements, and generates a deterministic governed rewrite. Output: a signed verification pack with human review state, ready for board or customer review — not autonomous submission or approval.
UK Public Sector Bid Intelligence
Customer catalogue, opportunity discovery, and bid-readiness assessment for UK public sector markets. Dynamic source watchlists, requirement extraction from framework sources, and evidence maps binding supplier capabilities to live opportunities. Advisory bid-readiness indicators — not automated submission.
Confidence Gate & Auto-Routing
Every decision intent is automatically classified into the right decision category and evidence model. A Bayesian inference engine improves classification accuracy with every compile. Manual overrides available. The system gets sharper to your organisation's context over time.
Replayable Audit Trail
Every decision pack includes full replay and verification artefacts. Reconstruct the exact governance path months or years after the original compile — every governance event in the hash-chain ledger, every evidence binding traceable.
Multi-Role Accountability
CIO, CISO, COO — multiple accountable roles can contribute to and sign off on a single governed decision pack. Human review and challenge preserved at every high-assurance step.
WHO IT'S BUILT FOR
CIO / CTO
Technology decisions are taking too long and producing outputs that don't survive board challenge. DIIaC produces a governed, evidence-bound board report from natural language intent — the same quality regardless of who runs the process.
Procurement & Supplier Governance Lead
Vendor evaluations are unstructured and indefensible. Spreadsheet scoring. Verbal rationale. DIIaC delivers structured, traceable, auditable vendor selection with quality checks and signed export.
Risk & Compliance Lead
Decision-making leaves no audit trail. AI tools generate outputs that aren't traceable. Regulatory scrutiny is increasing. DIIaC enforces hard governance gates and produces hash-chain ledger artefacts that cannot be altered after signing.
CISO / Security Assurance Lead
Technology decisions affecting security posture are made informally. DIIaC applies cyber-native decision models, sector-native IT policy/control gates and deterministic scoring — signed artefacts independently verifiable against challenge.
IT Service Provider
Customer-impacting technology decisions need to be demonstrably governed. Customers are asking for assurance evidence. DIIaC generates customer-ready decision evidence and scales governance practice across the organisation.
Head of IT / Technology Director
Operational resilience, continuity, and cloud architecture decisions need rigour and replay. DIIaC structures intent across accountable roles, enforces relevant controls, and produces a signed pack with risk register and implementation guardrails.
USE CASES
Vendor Selection & Down-Select
Structuring a cyber platform shortlist, cloud provider comparison, or managed-service evaluation. DIIaC takes natural language intent, builds the evidence plan, enforces evaluation controls, and produces a board-ready signed recommendation with ranking table and policy compliance matrix.
AI Governance Decision
Governing an enterprise AI adoption decision — Microsoft Copilot, a generative AI platform, or an AI-powered operational tool. DIIaC compiles a governed decision pack covering technical controls, data-residency obligations, regulatory context, and risk register, ready for board submission.
AI-Drafted Report Assurance
A team used an AI tool to draft a market assessment or proposal. Before submission to a customer or board, run it through DIIaC AI Output Assurance. Claims are extracted, sources mapped, unsupported statements flagged, and a signed verification pack generated. The customer or board receives a governed review pack with explicit caveats, evidence state, and human-review requirements.
Cloud Architecture Governance
A contested cloud migration decision with three competing architectures. DIIaC structures the intent, maps the evidence, runs the governed compile, and produces a recommendation with explicit rationale, disqualifiers, and what evidence would change the outcome.
Public Sector Bid Readiness
Assessing positioning against a UK central government framework opportunity. DIIaC scans capability evidence against extracted requirements and provides a bid-readiness advisory before commitment of proposal effort.
Operational Resilience Planning
Governing a business continuity or DR architecture decision. DIIaC structures intent across CTO, CISO, and COO roles, enforces relevant controls, and produces a signed decision pack with risk register and implementation guardrails.
What DIIaC IT Enterprise does not replace
DIIaC IT Enterprise sits above your operational systems of record. It creates governance artefacts for decisions those systems don't document.
Not a ticketing, ITSM, or CMDB replacement
Not a SIEM, SOAR, or monitoring system
Not a cloud management platform
Not a procurement execution system
Not a generic AI assistant or LLM wrapper
BUILD TWO — v1.8.0

Pharma &
Medical Research

Governed decision assurance for regulated pharmaceutical organisations. Deterministic, evidence-bound, signed governance for research discovery, operational compliance, and supplier qualification — built for the regulated environment.

RESEARCH_ADVISORY.jsonPRIA
{
  "build": "pharma_v180",
  "archetype": "research_discovery",
  "pria_advisory": true,
  "pharma_hard_gates": "enforced",
  "human_scientific_review": "required",
  "gxp_controls": "enforced",
  "signature": "ed25519",
  "offline_verifiable": true
}
DECISION ARCHETYPES
ARCHETYPE // 01
Research & Discovery
Governed advisory for target viability, target-to-lead progression, ADMET profiling, biomarker evaluation, and translational readiness — structured through the PRIA Research Intelligence Advisory layer. Human scientific review is always required and explicitly preserved. PRIA does not approve targets, compounds, or candidates.
ADVISORY ONLY  ·  HUMAN SCIENTIFIC REVIEW REQUIRED
ARCHETYPE // 02
Operational Governance
GxP validation, inspection readiness, pharmacovigilance exchange, and regulated change decisions — compiled through pharma-specific hard gates with operational evidence controls enforced at the compile path. Outputs designed to survive regulatory inspection.
PHARMA HARD GATES  ·  GxP CONTROLS ENFORCED
ARCHETYPE // 03
Supplier Qualification
Supplier shortlist, RFP governance, and vendor selection for regulated systems (eTMF, CTMS, QMS, LIMS, PV platforms) under GxP context. Procurement mode activates only through explicit intent. Research packs and supplier artefacts are architecturally separated — never commingled without authorisation.
PROCUREMENT-GATED  ·  EXPLICIT ACTIVATION ONLY
REGULATORY FRAMEWORKS ENFORCED

Policy rigour is not configurable at runtime. Controls are enforced as never-softened hard gates.

FrameworkScope
EU AI Act (2024/1689)Deployer responsibilities, human oversight (Art. 14), transparency
EU GMP Annex 11Computerised systems validation
EU GMP Annex 15Qualification and validation
MHRA GxP Data IntegrityALCOA+ controls
ICH E6(R3) GCPGood clinical practice for system selection
EMA GVPPharmacovigilance governance
EU CTR 536/2014Clinical trial governance
GDPR & UK GDPRClinical trial data protection
NIS2 DirectiveCybersecurity in regulated environments
UK AI GovernanceUK-specific AI assurance baseline
EVIDENCE MODELS
ModelDecision TypeNotable
Pharma supplier qualificationRegulated supplier & system vendor evaluationGxP gates required
Procurement evaluationExplicit RFP & vendor selectionStrictest gates
Research evidence reviewPRIA-backed discovery decisionsAdvisory only
Risk reviewCompliance, safety-system, change-riskProportionate
Strategy assessmentPortfolio, AI enablement, TOMProportionate
GeneralDefault fallbackBaseline
EVIDENCE CLASSES INCLUDE
ALCOA+ data integrity  ·  Validated system security  ·  Operational readiness  ·  Commercial terms  ·  Interoperability  ·  Target-disease evidence  ·  ADMET/toxicology readiness  ·  Data provenance / IP
FEATURE HIGHLIGHTS
PRIA
Research Intelligence Advisory
Advisory intelligence layer for research and discovery governance. Assesses research-readiness, evidence quality, ADMET/toxicology signals, translational stage-gate posture, and data-provenance risk. All outputs are advisory only. Human scientific review is explicitly required for every output.
PRIA-F2
Literature Catalogue
Governed research evidence catalogue for medical paper metadata and user-provided literature. Extracted claims are source-bound, uncertainty-labelled, and human-reviewable. The catalogue surfaces research evidence without making autonomous scientific truth claims.
PV GOVERNANCE
Pharmacovigilance Exchange
Structured governance for PV signal, case-transfer, safety escalation, and ICSR exchange decisions. Safety-specific evidence classes, QPPV-appropriate role accountability, and EMA GVP policy controls enforced.
GxP VALIDATION
System Validation Governance
Governed assessment of validated system readiness: CSV/CSA status, ALCOA+ data-integrity posture, Annex 11/15 controls, and intended-use documentation. Evidence gates enforce minimum validation and data-integrity evidence requirements before a governance recommendation is produced.
INSPECTION READINESS
Pre-Inspection Evidence Review
Structured pre-inspection evidence review. DIIaC assembles the governance posture across evidence classes, flags gaps against inspection-readiness criteria, and produces a signed assessment pack that can be submitted as audit-trail evidence.
VALIDATION BASELINE
Regulated Validation Baseline
Shipped with a GxP validation roadmap: URS, FRS, Design Specification, Requirements Traceability Matrix, Validation Plan, and IQ/OQ/PQ framework. Customer-executed validation evidence is required for formal qualification — the platform provides the structured baseline.
WHO IT'S BUILT FOR
Head of Quality / QA Lead
GxP decisions — system validation, supplier qualification, inspection readiness — need documented, evidence-bound governance. DIIaC enforces ALCOA+ data-integrity controls, quality evidence gates, and produces audit-ready decision packs for inspection-facing submissions.
QPPV / Head of Pharmacovigilance
PV exchange, safety signal escalation, and case-transfer governance decisions need structured evidence and explicit accountability state. DIIaC governs PV decision workflows with safety-specific evidence classes and EMA GVP controls enforced.
Regulatory Affairs Lead
Regulatory decisions require defensible evidence trails. AI tools produce outputs that cannot be traced or challenged. DIIaC produces policy-pack-enforced decision packs where every regulatory context claim is sourced and human-reviewable.
Research / Translational Science Lead
Research and discovery decisions need advisory intelligence grounded in source-bound evidence — not autonomous conclusions. PRIA provides research-readiness indicators, evidence-quality signals, and translational stage-gate assessments. Human scientific review always required and explicitly preserved.
Clinical Operations / Chief Medical Officer
Clinical system decisions — selecting a CTMS, integrating a trial data platform — need rigour and traceability. DIIaC compiles evidence-bound governance decisions with ICH GCP and EU CTR controls applied.
Procurement / Supplier Quality Lead
Regulated vendor selection — eTMF, QMS, LIMS, PV platform — demands structured evaluation. DIIaC applies the pharma supplier qualification evidence model, enforces GxP vendor evidence gates, and produces a signed selection recommendation you can stand behind.
USE CASES
Regulated Supplier Qualification
Qualifying a GxP system supplier — new CTMS, eTMF, QMS, or PV platform. DIIaC applies the pharma supplier qualification evidence model, enforces mandatory GxP vendor evidence classes, and produces a signed selection recommendation with supplier registry snapshot.
GxP Validation Readiness
Assessing whether a system is ready to enter validation. DIIaC compiles a governed assessment covering CSV/CSA readiness, ALCOA+ data-integrity posture, and Annex 11/15 control evidence, producing a signed readiness pack for the validation approver.
Inspection Readiness Assessment
Preparing for a regulatory inspection. DIIaC structures the evidence review across QA, Regulatory, and System Owner roles, flags evidence gaps against inspection criteria, and produces a signed assessment pack ready for submission as governance evidence.
Translational Research Governance
Assessing a new therapeutic target. PRIA provides advisory evidence-quality signals across target-disease evidence, ADMET/toxicology readiness, and data-provenance risk. Human scientific reviewers receive a structured advisory report — not an autonomous recommendation. All target-selection authority remains with the scientific lead.
AI Governance in Regulated Operations
Governing adoption of an AI tool in a regulated environment. DIIaC applies EU AI Act deployer controls, NIS2 considerations, and GxP data-integrity requirements, producing a signed decision pack with explicit human oversight documentation.
PV Platform Selection
Selecting a pharmacovigilance exchange or PV platform. DIIaC applies the pharma supplier qualification evidence model with EMA GVP and ICH GCP controls, enforces safety-system evidence gates, and produces a QPPV-appropriate governance pack.
SIGNED DECISION PACK — PHARMA ARTEFACT FAMILY
INTEGRITY VERIFIED
board_report            → generated
governance_manifest      → generated
verification_manifest    → generated
trace_map               → generated
evidence_objects         → generated
audit_slice             → generated
pria_advisory           → when applicable
research_catalogue       → when applicable
claim_review_events      → when applicable
supplier_registry        → gated — explicit only
cryptographic_signature  → ed25519_verified
offline_verifiable       → true
PACK SIGNATURE VALID  ·  MERKLE INTEGRITY ANCHORED  ·  REPLAY ARTEFACT INCLUDED  ·  VERIFY OFFLINE WITHOUT PLATFORM ACCESS
What DIIaC Pharma does not replace
DIIaC Pharma sits above operational systems of record. It may reference evidence from these systems and produce governance outputs for decisions involving them. Their regulated record-keeping functions are not replaced.
Veeva Vault, RIM, QualityDocs, eTMF
Medidata Rave, Rave CTMS, Sensor
Argus / Oracle Argus Safety (PV system of record)
Benchling or equivalent ELN/research platform
MasterControl or equivalent QMS
CTMS, eTMF, PV, eQMS, ELN, LIMS, EDC systems
Honest framing — Pharma build
DIIaC is not trying to replace expert judgement. It is not a regulatory certification service. It does not guarantee compliance outcomes. It makes decision governance more disciplined, more traceable, and more defensible — the accountability stays with the people who use it.
PRIA research intelligence is advisory only. It does not establish scientific truth. Drug targets, compounds, candidates, preclinical progression, and clinical decisions require human scientific review and remain subject to customer-controlled procedures and accountable human authority.
REAL AND VERIFIABLE

Validated proof points.

The builds have validated live baselines and signed verification evidence. DIIaC is Azure-hosted using infrastructure-as-code deployment patterns for repeatable environments, controlled release evidence, reduced configuration drift, and audit-ready operations. E20 AI Output Assurance is live in the production-grade IT build.

IT Enterprise v1.7.0
Live production deployment on Azure, UK South region
Signed decision packs passing offline verification on every compile
Expanded IT policy/control coverage across EU/UK AI governance and IT assurance frameworks; controls are mapped and enforced according to decision mode
Decision-specific evidence models across cyber, cloud, service transition, change advisory, incident/problem, resilience, AI governance, public-sector bid intelligence, and AI-output assurance
Governance hard gates that correctly withheld a recommendation when evidence conditions were not met — real production example
AI Output Assurance live and verified on real AI-drafted documents with signed assurance-pack export
UK Public Sector Bid Intelligence validated for framework opportunity tracking and review-bound source records
Pharma v1.8.0
Live production deployment on dedicated Azure stack, isolated from IT build
Signed decision packs verified offline for supplier qualification outputs
Nine pharma-specific decision categories supported with distinct evidence models
GxP validation baseline (URS/FRS/DS/IQ/OQ/PQ framework) shipped as structured documentation
PRIA advisory layer live and producing research-readiness signals — advisory only, non-authoritative
Pharmacovigilance exchange governance validated in production
GxP validation, inspection readiness workflows validated in production
INFORMATION

DIIaC™ is currently in
active development.

Both builds — IT Enterprise and Pharma & Medical Research — are being developed and validated. This site provides information about the platform, its architecture, and its governance capabilities. Access details will be published here when available.

Watch Platform Demo Compare Capabilities Legal & Disclaimers