Nobody owns the answer today.
Across CISO, CDO, DPO and Head of AI conversations, when asked "if the ICO calls tomorrow, whose desk does it land on?", the answer is honestly "I'm not sure" more often than not.
We're in open beta with a small number of UK fintech and insurtech firms. Below is what we're learning from those engagements — minus the names, until each partner is comfortable being public.
"We've been logging AI agent activity to Datadog for eighteen months, thinking that was enough. The first time our compliance officer asked us to produce a quarterly evidence pack for a specific customer, it took three weeks and a consultant. With this, it's literally one click."
Head of Compliance, UK fintech (Series B)
"The hash chain proof was what convinced our external auditor. Compliance teams already trust written attestations. The auditor wanted something independently verifiable — they ran the verification themselves against a read-only copy. That changed the procurement conversation."
CISO, UK insurtech (private)
"The submission for our cyber renewal previously included a paragraph about AI governance with no evidence. This year we attached the Article 12 pack. Our broker fed back that it materially shifted the loading."
Head of Risk, UK regtech (post-Series A)
Across CISO, CDO, DPO and Head of AI conversations, when asked "if the ICO calls tomorrow, whose desk does it land on?", the answer is honestly "I'm not sure" more often than not.
Every firm with a recent cyber or E&O renewal has been asked about AI logging in the submission questionnaire. Most answered with a paragraph. None had evidence to attach.
Datadog and Splunk capture HTTP-level activity. Drata and Vanta collect static control evidence. None of them produce runtime agent action records in a regulator-acceptable format.
We take three beta users onto the platform each quarter. Each engagement is self-serve with full docs and your auditor.
Start free about a beta slot