Built by regulatory practitioners.
Hael is built by people who have authorised and supervised regulated firms under FCA, EU and US regimes since 2013. We build AI governance the way regulators actually assess it — not the way generic compliance vendors model it.
The document is the obligation.
Existing GRC tools tell you which documents you are missing. They surface the gap and ask you to fix it elsewhere. That model worked when the obligation was a policy. It does not work when the obligation is a generated Annex IV technical file, an Article 27 fundamental-rights impact assessment, an ISO/IEC 42001 AIMS record, or a US Treasury FS AI RMF examination pack — substantive documents the regulator opens and reads.
Hael creates those documents and runs the controls behind them. The classification, the control evidence, the runtime telemetry, the artefact itself — generated from the system's real configuration and sealed with hash-chained provenance. Not a tracker. A producer.
We built this because we have spent over a decade producing the regulatory artefacts authorisation bodies actually open — FCA permissions, Section 166 skilled-person reviews, MiCA whitepapers, FinCEN MSB filings, CASS safeguarding frameworks. The standard the regulator applies is the standard of the artefact. Nothing else clears the bar.
Three principles, applied everywhere.
Regulators evaluate the substantive artefact, not a tracker showing that a policy exists somewhere.
Every file Hael produces is derived from the actual system's classification, controls and runtime — not authored prose.
Designed from day one for autonomous and tool-using systems, where prompts, scopes and runtime are the controls.
Held to the standard we produce.
The same regulatory rigour we apply to artefact production applies to how we run Hael itself.
See how we approach AI governance.
Built by the people who produced the artefacts. For the firms that will be assessed on them.