HEX 165

AI governance platform. 648 compliance criteria across four frameworks. Deterministic. Auditable. No AI interprets law.

The AI Governance Engine

HEX 165 scans agentic AI systems against 648 compliance criteria across four live modules, with 12 more frameworks in development. One scan produces assessments across every active framework simultaneously.

  • Policy Engine — encodes regulatory requirements, deadlines, and submission formats as deterministic rules
  • Agent Scanning — reads code and documentation, auto-detects frameworks, exports only normalised metadata
  • Human-in-the-Loop — sign-off gates built into every workflow. Nothing submits without approval
  • Full Audit Trail — every action logged with timestamp and user attribution. Audit-ready at all times
  • Cross-Framework — overlapping controls mapped automatically. One finding satisfies multiple frameworks
See How It Works Book a Demo

One scan. Multiple frameworks.

HEX 165 evaluates your systems against all applicable modules simultaneously. Add new regulations without re-engineering.

EU AI Act
348 criteria — Live
DORA
131 criteria — Beta
GDPR
97 criteria — Beta
NIST AI RMF
72 criteria — Beta

12 additional frameworks in development including NIS2, ISO 42001, ISO 27001, PRA SS1/23, HIPAA, SOC 2

Deterministic Rules

No AI interprets law. The compliance engine is static rules derived from legislation. Same input always produces the same output. Auditors can verify every decision.

Agentic Risk Detection

15 architecture-specific risk flags for multi-agent systems — missing stop mechanisms, dynamic spawning, deceptive instructions, autonomous decisions without oversight.

Your Data Stays With You

The HEX 165 agent runs in your environment. Source code never leaves. Only normalised metadata is transmitted. Run offline first, review the output, then decide whether to upload.

Regulatory Modules

Each module is primarily data work, not platform engineering. The shared infrastructure — connectors, rules engine, agents, API — stays the same. Adding a new regulation means structuring its requirements, not rebuilding the platform.

  • EU AI Act — live, 348 criteria
  • DORA — beta, 131 criteria
  • GDPR — beta, 97 criteria (AI-scoped)
  • NIST AI RMF — beta, 72 criteria
  • NIS2, ISO 42001, ISO 27001, PRA SS1/23 — in development
  • HIPAA, SOC 2, CDDO/GDS, FCA AI — in development
EU AI Act DORA GDPR NIST RMF NIS2 ISO 42001

See HEX 165 in action

Book a demo and see how the platform handles your specific regulatory requirements.

Book a Demo How It Works