Live connectors for every data source
Direct connectors to your existing stack — no manual mapping. 22 frameworks, 441 clauses, and a custom-build pathway for anything not on the list.
Manual, expensive and Risky
The Regulation Layer
Regulation governs the work — but it arrives as documents. Frameworks that overlap, internal policies that contradict each other, obligations that change without warning. Every update triggers another round of manual interpretation before anything changes in practice. The gap between what the regulation says and what the business does is where risk lives.
The Software Layer
Software systems try to codify the regulation — GRC platforms, sanction-screening tools, case management systems, and custom automations to tie them all together. Each was built for a specific problem. None shares a common ruleset. Every integration is a bespoke project, and every change to regulation means another round of configuration across systems that were never designed to talk to each other.
✗ GRC sync failed — schema mismatch ✗ sanction list: 3 days out of date ~ case mgmt: pending manual import ~ 14 automations: untested coverage: partial
The People Layer
People use the software according to the regulation — reading documents, filling in forms, cross-checking databases, writing reports. The volume of decisions requiring human review grows faster than headcount. The compliance team spends most of its time on work that has already happened, reviewing alerts that are already stale, and writing reports that document the gap rather than closing it.
The Platform
Rail converts your regulatory obligations into enforceable rules, drafts policy automatically, and keeps everything organised in a single auditable library.
Regulatory frameworks are built directly into AuthRail. Select the ones that apply and the platform maps your compliance obligations automatically — no manual cross-referencing required.
Upload your documents or describe your organisation and AuthRail drafts the policies, controls, and procedures you need — structured, cited to the relevant clause, and ready for review.
When a regulation changes, AuthRail detects it and surfaces exactly what needs updating. Your compliance library stays current without manual monitoring.
Describe your agent or software scope
Describe a rule in plain English and get deployable policy code instantly.
Describe the guardrail you need and Rail generates and deploys it.
One API call attaches any agent to its layer. No configuration required.
| AGENT | CALLS | AUTHORIZED | BLOCKED | REVIEW | p95 |
|---|---|---|---|---|---|
| ap-payments-bot | 12,481 | 11,902 | 311 | 268 | 62 ms |
| claims-triage | 8,994 | 8,701 | 144 | 149 | 48 ms |
| kyc-onboarding | 4,217 | 3,980 | 201 | 36 | 71 ms |
| treasury-ops | 1,118 | 972 | 33 | 113 | 55 ms |
Direct connectors to your existing stack — no manual mapping. 22 frameworks, 441 clauses, and a custom-build pathway for anything not on the list.
Trace rail generates a signed certificate per decision, streamed to your warehouse, SIEM, and GRC platform within milliseconds. Auditors get evidence by clause.
Rail never stores prompts, completions, or connector responses. SOC 2 Type II in flight. The system that takes the action cannot rewrite its own audit log.
The opportunity
Compliance was built for a world where humans made consequential decisions. That world is ending. AI agents are already making thousands of decisions a day across enterprise operations — approvals, transactions, communications, assessments.
The compliance stack built for humans does not govern agents. The guardrails built for models do not produce compliance evidence. The observability tools built for developers do not satisfy regulators.
The infrastructure layer that governs AI agent decisions — before they execute, independently, across every environment — does not exist inside any model, any prompt, or any existing compliance tool.
It is Rail.
Rail closes the gap between compliance, engineering, and operations for the AI era. Compliance teams turn policy documents into enforced rules without writing code. Developers extract governance logic from plain English without rebuilding it per project. Business operations get a single authorisation record for every AI-driven decision — signed, cited, and queryable.
Configure rules in plain English. Rail enforces them automatically — you review only the decisions that genuinely require human judgement.
Rail handles the rules, thresholds, approval routing, and audit trail. You build the agent — no governance logic to rebuild per project.
Every AI decision your organisation makes is certified by a system independent of the one that made it. When a regulator asks for proof, you produce it in seconds.