Enterprise AI Governance

AI systems need a trust layer.
Gradaris is that layer.

Register, assess, and certify every AI system with verifiable Trust IDs, auditable evidence, and public trust validation aligned to the EU AI Act.

Create Trust ID — Free Book a Demo

No credit card  ·  2 minutes  ·  Real governance record

Public, tamper-evident verification EU AI Act, NIST AI RMF, ISO/IEC 42001 SAML SSO, RBAC, and audit controls
Live product
Gradaris AI system registry and governance scoring dashboard Gradaris governance assessment and evidence workflow Gradaris Trust ID and certification report

Live control plane showing AI system registry, governance scoring, evidence status, and certification workflow.

Platform Demo

The System of Record
for AI Governance

See how Gradaris registers, assesses, and verifies AI systems — turning regulatory requirements into auditable, regulator-ready evidence.

app.gradaris.com
Request Access

Up and running in under 30 minutes

Regulatory Alignment
EU AI Act
NIST AI RMF
ISO/IEC 42001
OECD AI Principles
Trust Layer

The AI Trust ID

Every AI system registered in Gradaris receives a unique Trust ID — a tamper-evident governance record linked to scoring, evidence, certification status, and public verification.

VerifiablePublic trust record with current certification state
Tamper-evidentBacked by cryptographic integrity and auditable history
OperationalContinuously updated as systems change and are re-evaluated
Search Registry Explore FAQ
Trust ID Certified
TRST-AI-2026-00421
GradeA
Score92.4
Frameworkv1.0
Governance Hash · SHA-256 · a3f8c2e1d7b4920f6e3a1c8d5f2b9e4a
QR-linked verification • public record • audit-backed evidence
The Problem

AI agents are proliferating faster than governance can track

The EU AI Act creates real legal exposure. Most organizations aren't prepared — not because of the AI systems IT built, but because of the agents finance, marketing, and operations quietly created that nobody is tracking.

73%
of enterprises have ungoverned AI agents in production
~$38M
maximum EU AI Act fine for serious non-compliance
60%
of AI in your organization is running outside IT's visibility — Netskope, 2025
Aug '26
EU AI Act high-risk provisions fully applicable
CRITICAL

Ungoverned agents in production

AI agents making business decisions without documented oversight or audit trails — creating silent liability.

Regulatory exposure · Article 9 violation risk
HIGH

No EU AI Act evidence trail

Compliance teams unable to demonstrate conformity when regulators ask — no records, no defence.

Audit failure · Remediation cost
MEDIUM

Shadow AI in every department

Finance, HR, and marketing agents built outside IT visibility — impossible to govern what you can't see.

Inventory gap · Unknown risk surface
How It Works

From AI system to trusted record

Gradaris connects to your AI agents however they were built, then continuously monitors and scores them against the EU AI Act and your own governance policies.

STEP 01

Connect your agents

Engineers use the Python SDK. Power users use a webhook. Non-technical teams register through a plain-English form. All three paths produce the same governance record.

STEP 02

Continuous assessment

Every agent run generates telemetry. Gradaris scores it across 12 criteria in three tiers — Verified Controls, Empirical Benchmarks, and Structured Assessment — mapped to EU AI Act articles.

STEP 03

Auditable evidence

Each agent gets a Gradaris Governance Score (A–F), a cryptographically-signed evidence package, and a PDF report you can hand directly to a regulator or auditor.

Integration

Works for every team,
not just engineering

The biggest governance gap isn't the AI systems IT controls — it's the agents everyone else built. Gradaris has a path for every creator.

For Engineers

Python SDK

Drop into any Python agent in minutes. Zero dependencies. Automatic fraud and bad-actor signal detection. Async telemetry — never slows your agent.

  • pip install gradaris-sdk
  • Integrity hash on every input and output
  • 12 auto-detected risk signal types
  • Works with LangChain, AutoGen, custom agents
For Power Users

Webhook Connector

Built your agent in Make, Zapier, Power Automate, or n8n? Add one HTTP step and paste your webhook URL. No code required.

  • Compatible with any platform that can POST JSON
  • Pre-built blueprints for Make and Zapier
  • Same governance data as the SDK
  • Setup in under 5 minutes
For Everyone Else

Register Without Code

Finance, marketing, or accounting teams built an agent in ChatGPT or Copilot? Fill in a plain-English form. Gradaris creates the governance record automatically.

  • No technical knowledge required
  • 5-minute registration form
  • Governance baseline assessment generated automatically
  • Compliance team notified and can review
Governance Score

A–F grades backed by a three-tier methodology

Every Gradaris Governance Score is more than a number. It comes with a tier breakdown, confidence levels, EU AI Act article mapping, and a cryptographic integrity hash — so you can defend it in front of any auditor.

Tier 1 — Verified Controls
Binary pass/fail verified from system logs. High confidence. Any failure caps maximum score at 59 (Grade D).
Tier 2 — Empirical Benchmarks
Statistical tests against versioned, published test suites. Reproducible by any party. Medium-high confidence.
Tier 3 — Structured Assessment
Fixed, versioned rubric with weighted sub-criteria. Assessor-reviewed. Fully auditable process. Medium confidence.
Gradaris Governance Score
Framework v1.0
A 91/100
Customer Risk Scoring Agent
Assessed: 1 Mar 2026 · 5 Tier 1 controls verified
EU AI Act: Articles 9, 10, 13, 14, 15 mapped
Next review: 1 Jun 2026
Data Access Control
100%
Human Override
100%
Output Consistency
94%
Bias Variance
88%
Transparency
85%
Human Oversight Design
82%
Governance Hash · SHA-256
a3f8c2e1d7b4920f6e3a1c8d5f2b9e4a · Framework v1.0 · 2026-03-01T09:14:22Z
A  90–100 Certified B  80–89 Good Standing C  75–79 Conditional D  60–74 Review Required F  <60 Critical Risk
Platform Security

Enterprise Trust
Infrastructure

Gradaris is built for regulated environments. Every layer of the platform reflects the security and compliance requirements of enterprise and financial services deployments.

Audit Logging
Immutable, tamper-evident event logs for every governance action. Exportable for external audit review.
SHA-256 · APPEND ONLY
Role-Based Access
Granular RBAC across compliance, engineering, and operations. Superadmin and org-level isolation enforced at the database layer.
RLS · MULTI-TENANT
Session Controls
Configurable session timeouts per organisation, grace-period warnings, and forced re-authentication. Compliant with financial services security policies.
15 / 30 / 60 MIN TIMEOUT
Credential Rotation
Automatic database credential refresh from AWS Secrets Manager. Zero-downtime rotation with connection pool auto-refresh on rotation events.
AWS SECRETS MANAGER
Verification Layer
Public Trust IDs with cryptographic governance hashes. QR-linked evidence packages verifiable by any regulator or auditor — no login required.
verify.gradaris.com
Gradaris Enterprise Trust Architecture — From registration to public verification, a continuous auditable trust lifecycle for every AI system
Enterprise Ready
SAML SSO Role-based access Administrative controls Audit logging Secure multi-tenant architecture
Plans

Sized to your organization,
not your headcount

Enterprise deployments scale based on AI estate complexity and regulatory scope. Every plan includes the full Gradaris governance platform, all three integration paths, and auditor-ready evidence exports. Pricing is tailored to your AI estate — book a demo to discuss what fits.

Free
Free Verification
Your first Trust ID
$0
No credit card required
Verify one AI system in minutes. Get a real governance grade, Trust ID, and public registry listing — with limited visibility until you upgrade.
  • 1 AI system verification
  • Governance grade A–F
  • Trust ID on public registry
  • SHA-256 governance hash
  • Limited visibility (org identity hidden)
  • No PDF report
Create free Trust ID →
Foundation
Governance essentials
$699 / mo
or $599/mo billed annually ($7,188/yr)
Establish your first defensible AI governance record. Ideal for governance pilots, designed for initial certification and initial AI system portfolios (typically 1-5 systems).
  • Core AI system registry
  • Standard governance scoring
  • Public Trust ID + QR verification
  • Certification report (PDF)
  • Shareable verification link
  • Designed for small governance teams
  • Email notifications
Get started
Governance
Operational AI Governance Platform
$2,800 / mo
or $2,500/mo billed annually ($30,000/yr)
Govern AI agents across every department with full three-tier methodology, cryptographic evidence, and multi-user access. Designed for organizations governing multiple AI systems across departments.
  • Designed for organizations governing multiple AI systems across departments
  • Everything in Foundation, plus:
  • Advanced scoring & framework alignment
  • Tamper-proof audit history for regulatory defense
  • Historical tracking & score trends
  • Multi-user RBAC (Admin / Viewer)
  • Assessment versioning & re-certification
  • Enhanced versioned reports
  • API access
Get started
Enterprise
Custom pricing
Unlimited AI systems, custom regulatory requirements, on-premises deployments, and dedicated support. Built around your program.
  • Unlimited AI systems
  • Everything in Governance, plus:
  • Full AI system of record (org-wide)
  • Advanced RBAC (Admin / Auditor / Viewer)
  • Access & Security
  • SAML SSO integration
  • Admin configuration portal
  • Role-based access control
  • Audit logging
  • Custom compliance frameworks
  • Full audit export & regulatory reporting
  • Multi-org / multi-department support
  • Enterprise security & private deployment
  • SLA-backed support & onboarding
Contact Sales
Not sure which tier fits?
Book a 30-minute demo and we'll walk you through the platform and recommend the right fit for your AI estate.
Built For

Designed around the people
who carry AI risk

Three audiences, one problem — AI deployment outpacing the governance needed to defend it.

Chief Compliance Officer

Needs a defensible governance record

When a regulator asks which AI systems you operate, you need to answer in minutes. Gradaris gives you a live registry of every governed agent, mapped to EU AI Act obligations, with auditor-ready evidence on demand.

The scenario: Your legal team has 72 hours to respond to a regulatory request. Gradaris produces the evidence package — governance scores, control verification, article mapping — without an emergency audit.
Engineering & AI Teams

Needs instrumentation that doesn't slow them down

Governance can't be a bottleneck. The Gradaris Python SDK adds continuous monitoring in under an hour — async telemetry, zero external dependencies, automatic signal detection from data you're already logging.

The scenario: A loan approval agent goes live in two weeks. The SDK instruments it in a morning, governance data flows immediately, and compliance gets a full GGS score before it touches production traffic.
Finance, Marketing & Operations

Needs to register without involving IT

The highest-risk agents are often the ones built outside IT — the ChatGPT workflow in finance, the Copilot agent in HR. Gradaris gives these teams a plain-English registration form. Five minutes, no technical knowledge required.

The scenario: Your Head of Finance has been running a budget-forecasting agent for six months — unknown to IT. The no-code form puts it on the governance record in five minutes.
Public Trust Registry

Every certified agent gets a permanent public identity

When an AI agent passes governance assessment, Gradaris issues it a unique Trust ID — publicly verifiable by anyone, no login required. Regulators, counterparties, and auditors can confirm governance status in seconds.

Permanent public URL — every certified agent gets a page at verify.gradaris.com/GRD-AI-YYYY-NNNNNN
Live governance status — grade, score, and certification date update automatically on each assessment
JSON API — machine-readable verification endpoint for automated compliance workflows
QR code on every report — governance certificates embed a scannable link to the public verification page
View the Trust Registry
G Public Trust Registry
Verified
GRD-AI-2026-001000
Claims Processing Agent
Veriton Insurance
Certified
Grade
A
Score
91/100
Assessed
2026-03-12
Maintained by Gradaris · Updated on each assessment · Certified since 2026-03-12
verify.gradaris.com/GRD-AI-2026-001000 ↗
Make Verification Visual

From QR scan to verified
governance — in seconds

Every Gradaris governance report embeds a QR code. Anyone — a regulator, auditor, or counterparty — can scan it and see live certification status. No login. No friction.

Governance Report PDF
Claims Processing Agent
GRD-AI-2026-001000
Governance Grade
A
verify.gradaris.com/GRD-AI-2026-001000
Scan the QR on any report
INSTANT
REDIRECT
verify.gradaris.com
VERIFIED
Live status
GRD-AI-2026-001000
Claims Processing Agent
Veriton Insurance
A
Grade
91
Score
ACTIVE
Status
Live status — no login required
See a live verification page
FAQ

Common questions about
Gradaris

Everything you need to know about AI Trust IDs, scoring, certification, and the public registry.

Core Concepts

An AI Trust ID is a unique identifier assigned to an AI system that links to its verified governance record. It provides a public, tamper-evident reference to that system's grade, certification status, and evaluation history.

Traditional tools focus on internal policy management and documentation. Gradaris adds an external verification layer — combining structured evaluation, scoring, certification, and a public trust registry. It functions as a system of record for AI governance, not just a workflow tool.

Gradaris is both. It performs structured evaluations that result in certification, and it supports ongoing reassessment to reflect changes in system behavior, controls, or risk posture over time.

Scoring & Evaluation

Grades are calculated using a structured evaluation framework across multiple criteria, including governance controls, transparency, reliability, and operational safeguards. Each criterion contributes to a composite score, with certain high-risk gaps capping the overall grade.

No. Organizations provide inputs and evidence, but scoring is determined independently based on evaluation criteria. Results cannot be directly modified by the organization.

Systems can be re-evaluated on a defined cadence or when material changes occur — such as model updates, policy changes, or new risk signals. Grades are updated whenever a re-evaluation is completed, ensuring the published record reflects the current state of the system.

Certification Lifecycle

If a system no longer meets required standards, its grade and certification status may be updated, downgraded, or revoked. The public record always reflects the most current evaluation.

Revocation may occur due to significant control failures, loss of required safeguards, material risk exposure, or failure to maintain evaluation standards over time.

Transparency & Public Registry

The public registry displays summarized results such as grade, status, and key attributes. Detailed internal evidence, sensitive configurations, and proprietary information are not exposed.

Gradaris does not assess business performance, financial outcomes, or non-AI operational processes. Its focus is on governance, risk, and trust characteristics of AI systems.

Data, Security & Integration

Gradaris is designed to minimize sensitive data exposure. Only required evaluation inputs and metadata are processed, and organizations maintain control over what is submitted.

Yes. Organizations can provide evidence and inputs without exposing sensitive internal details publicly. Public outputs are limited to verification-relevant information.

Gradaris can integrate through APIs and structured data inputs, enabling connection with existing governance, monitoring, and operational systems.

Gradaris aligns with industry-standard security practices and is designed to support frameworks such as SOC 2, NIST, and ISO-based controls. Security architecture emphasizes data protection, access control, and auditability.

Yes. Gradaris supports enterprise SSO via SAML 2.0, enabling integration with identity providers such as Okta, Azure AD, Google Workspace, and others. Administrators can configure and manage SSO directly through the admin portal, including role mapping, domain hints, and enforcement policies.

View all FAQs
Get governed today

Your regulators are asking questions.
Make sure you have the answers.

Book a 30-minute demo and we'll show you how quickly you can build a defensible AI governance program — even if your AI estate is already in production.

Book a Demo Read the docs