Governance Packs
Governance Packs provide modular compliance controls that map directly to regulatory requirements. Enable the packs your organization needs, configure them to your policies, and generate audit-ready reports.
Enterprise customers can monitor governance packs in the Compliance Cockpit, which provides real-time compliance scoring, evidence collection, and audit support for all enabled packs.
Overview
MeetLoyd's governance system has two layers:
- Compliance Packs — Pre-configured bundles for specific regulations (GDPR, HIPAA, EU AI Act, etc.)
- Governance Modules — Individual controls that can be enabled, disabled, or configured
When you enable a pack, it automatically enables and configures all required modules. You can then override individual settings as needed.
Available Packs
GDPR Pack
EU General Data Protection Regulation
Enables:
- Data Loss Prevention (DLP) with EU-specific patterns
- BYOK Memory Architecture for data sovereignty
- Comprehensive Audit Logs (7-year retention)
- Data Residency Controls
- Breach Notification workflows
- Right to Erasure support
HIPAA Pack
US Health Insurance Portability and Accountability Act
Enables:
- DLP with PHI (Protected Health Information) detection
- BYOK Memory Architecture
- Audit Logs with tamper-evident storage
- Enterprise SSO (SAML/OIDC)
- Encryption at rest and in transit
- Access controls with minimum necessary principle
EU AI Act Pack
European Union Artificial Intelligence Act
Enables:
- Kill Switch Hierarchy (human oversight)
- Chain of Thought Logging (AI transparency)
- Prompt Versioning with approval workflows
- 4-Eyes Principle for sensitive changes
- Multi-LLM Verification (accuracy & robustness)
- Complete reasoning audit trail
SOX Pack
Sarbanes-Oxley Act
Enables:
- Chain of Thought Logging (corporate responsibility)
- Prompt Versioning (internal controls)
- 4-Eyes Approval workflows
- 7-year audit retention
- Incident workflows for real-time disclosures
- Tamper-evident logging
DORA Pack
Digital Operational Resilience Act
Enables:
- Kill Switch for incident response
- DLP and Multi-LLM Verification
- BYOK for third-party risk management
- Anomaly Detection
- Incident workflows with regulatory reporting
- Budget controls for ICT risk management
ISO 27001 Pack
Information Security Management System
Enables:
- Kill Switch (incident management)
- Chain of Thought Logging
- Prompt Versioning (change management)
- RBAC with minimum privilege enforcement
- Anomaly Detection
- Data Classification
NIS2 Pack
Network and Information Security Directive 2
Enables:
- Kill Switch (cybersecurity risk management)
- Comprehensive Audit Logs
- SIEM Integration
- Anomaly Detection
- Incident workflows with authority notification
- Breach notification (24/72 hour requirements)
ISO 42001 Pack
AI Management System (ISO/IEC 42001:2023)
The world's first international standard specifically for AI management systems. Essential for organizations developing or deploying agentic AI.
Enables:
- Kill Switch Hierarchy (human oversight - 6.1.4)
- Chain of Thought Logging (AI explainability - 8.4)
- Prompt Versioning (AI lifecycle management - 8.2)
- 4-Eyes Principle (human oversight for high-risk decisions)
- Multi-LLM Verification (AI performance evaluation - 9.2)
- Anomaly Detection (drift monitoring, bias detection - 9.1)
- Approval Workflows (risk management - 6.1)
- Incident Workflows (corrective action - 10.2)
- Data Classification (data quality for AI - 7.4)
- RBAC (roles & responsibilities - 5.3)
AI-Specific Features:
- Model drift detection and alerts
- AI decision audit trail with hash chain
- Root cause analysis for AI incidents
- Autonomy boundary change approvals
- 3-year retention for AI audit logs
AMF/CIF Pack
French Wealth Management Compliance
For French CGP (Conseiller en Gestion de Patrimoine), CIF (Conseiller en Investissements Financiers), and MFO (Multi-Family Office) firms.
Enables:
- Comprehensive Audit Logs (conseil duty traceability)
- DLP (client data protection)
- RBAC (access controls)
- Retention Policy (5-10 year legal retention)
- Data Classification
- 4-Eyes Principle (material recommendation approval)
- Approval Workflows (KYC/AML workflows)
Specific Thresholds:
- Material recommendation threshold: €10,000
- AML vigilance threshold: €10,000 (Art. L561-15 CMF)
- Tracfin declaration threshold: €50,000
- Annual KYC renewal required
Governance Modules
Kill Switch Hierarchy
Emergency shutdown at agent, team, or tenant level with cascade controls.
Configuration:
- Cascade behavior (stop children when parent stopped)
- Notification channels (PagerDuty, email, Slack)
- Auto-restart rules
Chain of Thought Logging
Captures complete AI reasoning with cryptographic verification.
Configuration:
- Full reasoning capture vs. summary only
- Hash chain for tamper detection
- Retention period
- SIEM streaming
Prompt Versioning
Git-like version control for AI prompts with approval workflows.
Configuration:
- Approval requirements by role
- Staging environment support
- Rollback policies
- Diff notifications
4-Eyes Principle
Dual authorization for sensitive changes.
Configuration:
- Which actions require dual approval
- Reviewer role requirements
- Escalation on timeout
- Emergency bypass rules
Data Loss Prevention (DLP)
Pattern detection and automatic handling of sensitive data.
Configuration:
- Detection patterns (SSN, credit cards, PHI, custom)
- Action on detection (alert, redact, block)
- Severity thresholds
- Notification rules
Multi-LLM Verification
4-tier AI verification system for hallucination prevention.
Configuration:
- Which tiers are active
- Human review threshold
- Verification model selection
- Confidence requirements
BYOK Memory Architecture
Customer-controlled data storage with pointer separation.
Configuration:
- Storage provider (S3, GCS, Azure Blob)
- Encryption key management
- Data residency region
- Hash verification
Audit Logs
Comprehensive logging of all platform actions.
Configuration:
- Retention period (30 days to unlimited)
- Log detail level
- SIEM streaming target
- Export format
SIEM Integration
Real-time log streaming to security platforms.
Configuration:
- Target endpoint (Splunk, Datadog, etc.)
- Event filtering
- Format (CEF, JSON, Syslog)
- Batching settings
Anomaly Detection
Behavioral pattern monitoring for fraud prevention.
Configuration:
- Baseline period
- Alert threshold (standard deviations)
- Pattern types to monitor
- Response actions
Enabling Packs
Via Dashboard
- Navigate to Settings > Governance
- Select the packs your organization requires
- Review the modules that will be enabled
- Configure any overrides
- Set enforcement mode (Audit → Warn → Enforce)
- Save changes
Via API
# Enable GDPR and HIPAA packs
curl -X POST https://api.meetloyd.com/api/governance/packs \
-H "Authorization: Bearer $TOKEN" \
-d '{"enable": ["gdpr", "hipaa"]}'
Module Configuration
Each module has its own configuration schema. You can override pack defaults:
# Configure DLP with custom patterns
curl -X PATCH https://api.meetloyd.com/api/governance/modules/dlp \
-H "Authorization: Bearer $TOKEN" \
-d '{
"config": {
"patterns": ["ssn", "credit_card", "custom:EMP-\\d{6}"],
"action": "redact",
"severityThreshold": "medium"
}
}'
Enforcement Modes
| Mode | Behavior |
|---|---|
| Audit | Log violations but don't block actions |
| Warn | Show warnings to users, log violations |
| Enforce | Block non-compliant actions |
New modules start in Audit mode with a configurable grace period before enforcement begins.
Compliance Checking
Run on-demand compliance checks:
curl -X POST https://api.meetloyd.com/api/governance/check \
-H "Authorization: Bearer $TOKEN"
Response includes per-module status and any violations.
Compliance Reports
Generate audit-ready reports:
curl -X POST https://api.meetloyd.com/api/governance/reports \
-H "Authorization: Bearer $TOKEN" \
-d '{"packs": ["gdpr", "hipaa"], "format": ["pdf", "csv"]}'
Reports include:
- Overall compliance score per regulation
- Per-module status breakdown
- Violation history and remediation
- Configuration audit trail
Best Practices
- Start with Audit mode — Understand your baseline before enforcing
- Enable packs incrementally — Add one pack at a time
- Review violations weekly — Address issues before they accumulate
- Use custom patterns — Add industry-specific sensitive data patterns
- Generate monthly reports — Keep compliance documentation current
Pricing
| Plan | Included Packs | Additional Packs |
|---|---|---|
| Starter | - | - |
| Growth | 1 pack | $199/month each |
| Enterprise | Unlimited | Included |
Related
- Compliance Overview — Regulatory framework overview
- Compliance Cockpit — Real-time compliance monitoring
- Audit Logs — Logging and retention
- Governance Framework — Overall governance approach