StackLens

GovernAI

GovernAI is the compliance and governance layer for your AI stack. It detects PII before it leaves your infrastructure, enforces policies on LLM traffic, and generates audit-ready reports.

What it does

  • PII detection — identify and flag personally identifiable information in LLM requests and responses before they reach external models
  • Policy enforcement — define policies as code; GovernAI enforces them on every request
  • Audit log — a tamper-evident record of every flagged event, accessible to your compliance team
  • EU AI Act compliance reports — generate Article 13 transparency reports for auditors with one click

Why it matters

The EU AI Act enforcement deadline is August 2026. Article 13 requires organisations deploying AI systems to document which models process personal data, under what conditions, and with what safeguards. GovernAI automates that documentation.

PII detection

GovernAI inspects LLM requests and responses for common PII patterns:

  • Email addresses
  • Phone numbers
  • Names in context
  • National ID numbers (passport, SSN, etc.)
  • Financial identifiers (card numbers, IBANs)
  • IP addresses and device identifiers

When PII is detected, GovernAI logs the event with metadata (type, location, timestamp, policy applied) but never stores the raw PII value.

Audit log

Every flagged event is written to the audit log with:

  • Timestamp
  • PII type detected
  • Policy applied (allow, redact, block)
  • Model and provider that received the request
  • Trace ID (links to StackTrace for the full request context)

The audit log is read-only and retained according to your data retention policy.

EU AI Act compliance reports

From the GovernAI dashboard, select Reports → EU AI Act Article 13 to generate a report covering:

  • Which AI models your organisation uses and for what purposes
  • What categories of personal data may be processed
  • What safeguards are in place (detection, policies, audit trail)
  • Flagged events summary for the selected reporting period

Reports are exported as PDF and JSON.

Dashboard

The GovernAI dashboard shows:

  • Violations — recent PII detections with policy outcome
  • Audit log — full searchable event history
  • Policy management — view and manage active policies
  • Reports — generate and download compliance reports

SDK

GovernAI operates as a gateway-level intercept — no SDK calls needed for PII detection. Requests flowing through StackLens are automatically inspected.

Policy configuration is done via the dashboard or configuration file (policy-as-code support documentation coming soon).