Skip to main content

Governance

Governance in MeetLoyd is built in, not bolted on. Instead of trusting that agents will behave, you set the rules once and the platform enforces them on every action — automatically, consistently, and with a record.

You can just ask Loyd

"Which governance packs apply to a French bank?" or "Turn on GDPR in audit mode for this workspace." Loyd knows the catalogue and can configure it with your approval. Meet Loyd →


Two layers of control

MeetLoyd governs agents at two levels that work together:

  1. Governance packs — pre-built bundles of rules for a specific regulation or standard. Switch on "GDPR" and the relevant controls apply without you wiring each one.
  2. Policy cascade — your own org-specific rules (budgets, tool access, approvals, data handling) that flow down a hierarchy and can be tightened anywhere.

Governance packs

MeetLoyd ships 32 regulatory packs covering the major regimes worldwide, so a multinational can run one platform and still meet local rules:

RegionExamples
EU & UKGDPR, UK GDPR, EU AI Act, NIS2, DORA, ISO 27001, ISO 42001, ISAE 3402, AMF/CIF
AmericasHIPAA, SOX, SOC 2, NIST CSF, NIST AI RMF, CCPA, PCI DSS, LGPD, PIPEDA, Quebec Law 25
APACMAS TRM, PDPA, PIPL, APPI, Australia Privacy, CPS 234, India DPDPA, Korea PIPA
Middle EastUAE PDPL, DIFC, ADGM, Saudi PDPL, Qatar AI

Each pack bundles concrete controls — data minimization and right-to-erasure for GDPR, four-eyes approval and separation of duties for SOX, PHI access logging for HIPAA, and so on.

Three enforcement modes

Every pack runs in one of three modes, so you can adopt safely:

ModeBehaviourWhen to use
AuditLog violations, change nothingStart here — learn your baseline without disruption
WarnAlert the right people on a violationBuild awareness before you block
EnforceBlock the violating actionOnce you trust the rules

The policy cascade

Your own policies resolve through a five-level hierarchy. The most specific level wins, so you set a sensible default once and override only where you need to:

Policies govern budgets and spend limits, which tools an agent may use, rate limits, data handling, and which actions need human approval. Set "no external email without approval" at the tenant level, then relax it for one trusted team — the rest of the org keeps the stricter rule.


What you get

  • Compliance that travels — one platform, every region, no per-country rebuild.
  • Safe adoption — audit → warn → enforce means you're never surprised by a hard block.
  • Provable enforcement — every governance decision is recorded in the audit trail, which is exactly what regulators and your own risk team want to see.
  • No black box — system prompts and policies are visible and editable. There's no hidden behaviour you can't inspect.

Next steps