Notes a regulator would read.
One regulation, one argument, written by the engineer who built the chain. Slow cadence, no editorial team.
Five long-form notes at launch.
All five posts run 1,500–2,500 words and read like an engineer wrote them with a regulator in mind. No top-of-funnel listicles, no AI-generated SEO ballast. Cadence: monthly when there's something a regulator would read.
Reading BaFin's December 2025 ICT/AI guidance, clause by clause
What the German banking regulator wants from your AI vendor — paragraph by paragraph, mapped to DORA Articles 17, 19, and the 28–30 third-party block.
5 May 2026 · 12 min readWhy DORA Article 30 is the question your AI vendor can't answer
An exit plan for an AI-governance vendor isn't a CSV export. It's a chain you can replay against the published algorithm — without our login. Most vendors fail this test.
5 May 2026 · 10 min readWhy Article 13 transparency wants a hash, not a trust score
The EU AI Act asks your high-risk system to be “sufficiently transparent.” A hash chain proves it. A probabilistic “trust score” just hopes.
5 May 2026 · 10 min readThree regimes, one boundary: MDR, MDCG 2019-11, and GDPR Article 9
MDR Class IIa/IIb, MDCG 2019-11, and GDPR Article 9 collide at one decision: where you pseudonymise. The chain should hash the reference, never the patient.
5 May 2026 · 11 min readWe don't fight prompt injection — and what we fight instead
Lakera and CalypsoAI handle prompt injection. We handle the audit trail of what your agent decided afterwards. Both layers belong in a regulated stack.
5 May 2026 · 9 min readNo newsletter yet. Email works.
An email-subscribe form and an RSS feed are on the roadmap, no published timeline. Until then, email [email protected] to be told when a new note is published. Solo founder, real inbox, no automation in between.
An email-subscribe form (one note → one email) and an RSS feed (one item per published note). Both sit on the roadmap with no date. We name them here because every other vendor's blog implies both — and we don't.