What is Adjudon?
Adjudon is a Decision Audit Layer for regulated AI. The product records every AI-agent decision into a tamper-evident SHA-256 hash chain on EU-resident infrastructure, evaluates it against a deterministic policy engine, and ships an export bundle a regulator can replay offline — without an Adjudon login. The four regimes the system is built around are the EU AI Act (Regulation (EU) 2024/1689), DORA (Regulation (EU) 2022/2554), the Medical Device Regulation (Regulation (EU) 2017/745), and GDPR (Regulation (EU) 2016/679). We do not market the layer; we document it.
What Adjudon is
A Frankfurt-based SaaS that sits between your AI agents and the
evidence chain a regulator will eventually read. The system holds
three latency targets end-to-end through ingestion, scrubbing,
confidence scoring, policy evaluation, and chain append:
p50 < 10ms, p95 < 25ms, p99 < 45ms. The chain is per-organization,
SHA-256, append-only, and replay-verifiable offline against a published
algorithm. Retention is configurable up to 3,650 days (10 years)
on Enterprise plans.
The split is the same on every page that follows. We host the chain; you operate the agent. We ship the row; you file the register (DORA Article 28(3)). We hash whatever the trace contains; you decide what crosses the boundary.
| What we ship | What you do |
|---|---|
Trace ingestion at api.adjudon.com | Send every AI decision via POST /api/v1/traces |
| 3-pillar Confidence Engine (base + variance + historical) | Configure policy thresholds dashboard-side |
Policy Engine returning HTTP 201 / 202 / 403 | Define the rules the engine evaluates |
| SHA-256 hash chain row per decision | Hand the export bundle to your auditor |
| Multi-Clock Incident Hub (5 regulators in parallel) | Open the incident; mark checkpoints with evidence |
| FRIA chain anchored separately (EU AI Act Art. 27) | Run the FRIA before deploying an Annex III system |
The system covers EU AI Act (Art. 13 / 14 / 27 / 73), DORA (Art. 17 / 19 / 28 / 30), MDR Class IIa/IIb (Art. 10(8) + Annex IX
- MDCG 2019-11), GDPR (Art. 9 / 17 / 28 / 32 / 33), NIS2 (Art. 23), and CRA (Art. 11), each mapped article-by-article on the corresponding compliance page.
What Adjudon is not
- Not a runtime firewall. Lakera, CalypsoAI, and NeMo Guardrails inspect prompts and outputs at the LLM rail. We sit downstream of that rail, on the decision-audit layer. A regulated stack typically wants both layers; they cover disjoint regulatory pillars.
- Not a blockchain. We use a SHA-256 hash chain. There is no consensus mechanism, no mining, no public ledger. A hash chain is tamper-evident, not tamper-proof.
- Not a model vendor. Adjudon does not train or serve foundation models. The Confidence Engine triangulates against signals the model is not the source of, but the model itself runs on your side.
- Not white-labeled. We do not run on customer-cloud. We do not
offer on-premise. The SaaS deployment at
api.adjudon.comis the only deployment. We document this so procurement does not arrive expecting a self-hosted variant that does not exist.
Who reads what
| For | Start here | Then read |
|---|---|---|
| CISO / Head of Compliance / Procurement (T1) | Architecture, Compliance, Security & Trust | The DORA, MDR, and Data Residency pages |
| Integration Engineer (T2) | Quickstart, Authentication, SDKs | Hash Chain API, Error Codes, Cookbook |
| Compliance Engineer (T3) | Audit Log & Security, Multi-Clock Incidents | FRIA Wizard, Hash Chain API, the regulator-specific compliance pages |
A first call
The system has one ingestion endpoint a procurement reviewer can verify is alive without an account:
curl https://api.adjudon.com/health
Past the health check, the integration begins at
Quickstart — record one trace, get back its
chainHash, verify the row offline against the published algorithm.
Time to first success: under 60 seconds on a clean install.
Honest disclosures
- OpenAI is the one documented sub-processor outside the EU. The
Confidence Engine's third pillar uses OpenAI's
text-embedding-3-smallfor embedding generation under GDPR Chapter V Standard Contractual Clauses; the call sends only PII-scrubbed text and is opt-in per organization. See Sub-Processors. - The 99.99% Enterprise SLO is on the roadmap, not live today. The live SLO on Scale and Governance plans is 99.9%.
- Adjudon is built and operated by a small founding team. Reports
and procurement questions reach the founding engineer directly via
[email protected], not an SDR funnel. - No paid bug-bounty programme today. The responsible-disclosure policy is at Responsible Disclosure.
Read next
- Architecture — the production stack, the HTTPS boundary, and the three latency SLOs
- Quickstart — record your first trace in under 60 seconds
- Compliance — the article-by-article mappings for EU AI Act, DORA, MDR, and Data Residency
- Security & Trust — the sub-processor list with geography per row, encryption, and uptime