Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Regulated Execution

Regulated execution lets organizations enforce privacy, compliance, and auditability controls on AI agent workflows. When enabled, the platform tokenizes sensitive data at the network edge, generates signed compliance evidence, and enforces residency and retention policies — all without changing how you interact with agents.

Use this page when

  • You need to process sensitive data (ePHI, PII, protected IP) through AI agents without exposing it to model providers.
  • You are evaluating deployment profiles for data residency, air-gapped operation, or zero-retention requirements.
  • You want to configure human approval controls for high-risk agent actions or export signed compliance evidence.

Primary audience

  • Primary: Compliance Officers and Technical Leaders evaluating regulated AI deployment options
  • Secondary: Technical Engineers enabling profiles, Security Engineers reviewing evidence exports

When to Use Regulated Execution

Enable regulated execution when your organization needs to:

  • Process sensitive data (ePHI, PII, protected IP) through AI agents without exposing it to commercial model providers
  • Generate cryptographic evidence of data handling for compliance audits (SOC 2, HIPAA, GDPR, FedRAMP, NIS2)
  • Enforce data residency requirements (EU-only, US-gov-only, sovereign regions)
  • Operate in air-gapped or offline environments with zero internet dependency
  • Require human approval before agents execute destructive or high-risk actions

Enabling a Deployment Profile

Your organization admin selects a deployment profile that matches your compliance requirements. Six pre-built profiles are available:

ProfileBest for
Regulated SaaSEnterprises on Keeptrusts-managed infrastructure needing privacy filtering and evidence generation
Private CloudOrganizations running Keeptrusts in their own cloud with optional shared caching
Sovereign RegionDeployments requiring hard region-lock with no cross-border data movement
Fully Air-GappedEnvironments requiring zero internet dependency for all operations
Clinical Zero RetentionClinical environments processing ePHI with mandatory deletion attestations
Financial (Shared Cache Disabled)Financial services requiring entity isolation and no shared-cache semantics

How to enable

Regulated execution is configured through declarative config, not through a console settings page.

  1. Open your organization configuration in Configurations or the managed manifest repository.
  2. Set the regulated_execution block to the deployment profile and control values you need.
  3. Apply the updated declarative config.
  4. Verify the rollout through the configuration status, gateway reload, and compliance evidence outputs.

Example:

regulated_execution:
  deployment_profile: sovereign_region
  workload_class: regulated
  fail_mode: closed
  local_only_processing: false
  cross_border_policy: deny

Once enabled, the profile applies to all agent workflows in your organization. Standard (non-regulated) workloads continue to use existing behavior unless your org admin explicitly extends the profile.

How Privacy and Tokenization Work

When regulated execution is enabled, the platform protects sensitive data automatically:

  1. Classification: Every request is analyzed to identify sensitive content (ePHI, PII, financial data, intellectual property) based on your organization's data classification rules.

  2. Tokenization: Sensitive content is replaced with secure surrogate tokens before the request reaches any commercial model provider. The original data never leaves your trust boundary.

  3. Processing: The model provider receives only tokenized content and returns a response based on the surrogate tokens.

  4. Detokenization: If your policy allows, the response is detokenized back to the original content for display to authorized users only.

  5. Destruction: In zero-retention profiles, all sensitive data is destroyed after the response is delivered. A signed deletion receipt is generated as proof.

What you see: Your conversation looks normal — you type natural language and receive natural language responses. The tokenization happens transparently at the network edge.

What the model provider sees: Only sanitized content with surrogate tokens. No raw sensitive data.

How Approval Controls Work

Regulated execution can require human approval before agents execute high-risk actions. This keeps you in control of what your agents do.

What triggers an approval request

Your organization admin configures which actions require approval. Common examples:

  • Deleting files or directories
  • Writing to external systems through connectors
  • Sending notifications or messages
  • Executing privileged tools
  • Network egress to external destinations

The approval flow

  1. Agent encounters a restricted action: While working on your task, the agent attempts an action that requires approval (for example, deleting a file).

  2. Action is blocked: The agent pauses and creates an approval request. You see a notification in your task panel.

  3. You review the request: The approval card shows exactly what the agent wants to do — the specific action, the target resource, the risk level, and why it was blocked.

  4. You decide: Click Approve to let the agent proceed, or Deny to block the action permanently. For high-risk actions, you may need to add a decision note.

  5. Task continues or stops: If approved, the agent resumes from where it paused and completes the action. If denied, the task fails safely — no destructive action is taken.

Where to review approvals

  • In chat: Approval requests appear in the task panel as inline cards. You can approve or deny without leaving your conversation.
  • In console: Go to Approvals to see all pending requests for your organization, configure approval policies, and manage approver assignments.

Dual approval

For critical actions, your organization may require two separate approvers. In this case, the first approval moves the request to "awaiting additional approval" and a second approver must also approve before the agent can proceed.

Exporting Compliance Evidence

Regulated execution generates signed evidence for every governed workflow. This evidence supports compliance audits and regulatory reviews.

What evidence is generated

  • Deletion receipts: Cryptographic proof that sensitive data was destroyed after processing
  • Execution manifests: Tamper-evident records of all operations performed during a workflow
  • Retention attestations: Signed assertions that your retention policy was applied correctly
  • Approval decision records: Signed records of every approval, denial, and expiry

How to export

  1. Go to Settings in the console.
  2. Navigate to the compliance or evidence section.
  3. Select the date range and scope for your export.
  4. Click Export to download a signed evidence pack.

Evidence packs include machine-verifiable signatures so auditors can independently confirm the evidence has not been tampered with.

Evidence formats

  • JSON: Machine-readable format with DSSE envelopes and SHA-256 digest chains
  • PDF summary: Human-readable summary suitable for audit reviews

Frequently Asked Questions

Does regulated execution affect my agent's capabilities? Agents work the same way. Regulated execution adds privacy and compliance controls transparently. Some actions may require approval, and responses may be slightly slower due to tokenization processing.

Can I use regulated execution for some agents but not others? Regulated execution is configured at the organization level through deployment profiles. Contact your organization admin to discuss agent-level or team-level policy options.

What happens if I don't enable regulated execution? Standard Keeptrusts governance features (policy enforcement, event logging, spend tracking) continue to work as before. Regulated execution adds the additional privacy, evidence, and approval controls described on this page.

Can I switch profiles after enabling? Yes. Your organization admin can change the deployment profile at any time. The new profile takes effect for subsequent workflows. Existing evidence from the previous profile is preserved.

For AI systems

  • Canonical terms: regulated execution, deployment profile (Regulated SaaS, Private Cloud, Sovereign Region, Fully Air-Gapped, Clinical Zero Retention, Financial Shared Cache Disabled), tokenization, detokenization, trust boundary, surrogate tokens.
  • Approval controls: approval request, dual approval, approve/deny actions, Approvals page in console.
  • Evidence types: deletion receipts, execution manifests, retention attestations, approval decision records — all DSSE-signed with SHA-256 digest chains.
  • Console navigation: Configurations → declarative config editor or managed manifest repository; Approvals (sidebar).
  • Best next pages: Security Settings, Compliance Reporting, Export Workflows (CLI).

For engineers

  • Enable a profile: update the regulated_execution block in declarative config, apply it, and verify the resulting policy through runtime evidence and approvals behavior.
  • Tokenization is transparent — no code changes required; sensitive data is replaced with surrogates at the network edge.
  • Approval controls: configure which actions require approval (file deletion, external writes, privileged tools) via the admin console.
  • Export evidence: Settings → compliance/evidence section; select date range and scope; download signed evidence packs (JSON with DSSE envelopes or PDF summary).
  • Profile changes take effect for subsequent workflows; existing evidence from the previous profile is preserved.

For leaders

  • Regulated execution enables AI adoption in industries with strict data-handling requirements (healthcare, finance, government, defense) without exposing raw sensitive data to model providers.
  • Cryptographic evidence (DSSE-signed) is independently verifiable by auditors — satisfies SOC 2, HIPAA, GDPR, FedRAMP, and NIS2 evidence requirements.
  • Deployment profiles provide a one-click compliance posture aligned to your regulatory environment.
  • Human approval controls keep destructive agent actions under human oversight — critical for enterprise risk management.
  • Air-gapped and sovereign-region profiles support national-security and data-sovereignty requirements.

Next steps