---
title: "Govern AI agents in production with shared operating signals"
description: "Govern AI agents in production for security, legal, audit and platform teams, covering data movement, provider choice, policy, signals, review and EU AI Act readiness."
lang: en
lastUpdated: 2026-06-07
url: https://duale.ai/en/solutions/governance
---

## AI-generated summary

Explains Duale AI’s governance approach for production AI agents, detailing shared responsibilities, the Germany‑hosted data location, audit events recorded, the absence of formal security certifications, and how policy, provider selection, and review paths are defined for security, legal, and audit teams.

- Defines the agent work boundary, specifying permissible inputs, outputs, tools, and which results need project‑specific review.
- Clarifies that customers own agent code, prompts, tools, inputs, and provider contracts, while Duale handles runtime, tenant isolation, audit events, and German‑hosted data.
- Specifies that managed application data is hosted by Hetzner in Germany, Duale AI is French, and subprocessors may change with 30‑day notice for EU/EEA and 90‑day notice otherwise.
- Outlines that the runtime logs tenant‑scoped create, update, delete, recover, and access actions, each with action type and a content hash stored in a Merkle‑tree log.

Summaries were generated by AI. Generative AI is experimental.

---

<Hero
  eyebrow="For security and governance teams"
  title={
    <>
      Govern AI agents while they <AccentText>move to production</AccentText>
    </>
  }
  subtitle="Duale AI gives security, legal, audit, and platform teams a shared operating model for agent work: data movement, provider choices, policy decisions, available operating signals, and project-specific review paths."
  primaryCta={{ label: "Review the control model", dialog: "contact" }}
  secondaryCta={{ label: "Security Trust Center", href: "https://duale.ai/en/product/security.md" }}
/>

<Section
  title="Governance as production enablement"
  subtitle="The goal is not to block agent projects. The goal is to make them understandable enough to run, review, and improve."
>
  <CardGrid columns={3}>
    <Card title="See the work boundary" icon="file-text">
      Define what an agent can receive, what it can return, which tools it can use, and which outputs require
      project-specific review.
    </Card>
    <Card title="Review provider choices" icon="layers">
      Understand which model providers may be used, which policy inputs affect routing, and what data movement follows
      from that selection.
    </Card>
    <Card title="Define review paths" icon="eye">
      Identify which results should stop, retry, use a safer route, or move into project controls before the workflow
      expands beyond a pilot.
    </Card>
  </CardGrid>
</Section>

<Section
  title="Where Duale runs and what stays customer-owned"
  subtitle="For the managed service, application data is hosted by Hetzner in Germany, and Duale AI is a French company. Customers choose and contract with model providers; customer-managed deployment remains a design-partner roadmap topic."
>

```mermaid
flowchart LR
    %% WHAT: Governance posture: customer-owned policy and provider choices, Duale-managed infrastructure, and requestable review inputs.
    %% WHO: Security, audit, privacy, and legal teams evaluating hosting and processing fit.
    %% WHY: Lead with bounded current posture: managed application data hosted in Germany, French company, tenant isolation, access controls, audit events, scoped retention, and customer-selected providers.
    %% NOT: Certification attestation map, vendor-named nodes inside the diagram, long autonomous-run claim, or customer-managed deployment as shipped.
    accTitle: Duale AI governance posture
    accDescr {
      Your team owns policy choices, provider contracts, and retention
      requirements. Duale AI is a French company operating the managed
      service with application data hosted in Germany, tenant isolation,
      access controls, audit events, and scoped retention options. Model-provider traffic follows the
      providers selected and contracted by the customer.
    }

    Consumers(Your audit and SIEM consumers)
    subgraph Duale[Duale AI platform]
        subgraph Configured[Configured by your team]
            Policy(Policy choices, retention requirements, provider selection)
        end
        subgraph Managed[Managed by Duale; Germany-hosted application data]
            Iso(Tenant isolation and access controls)
            Audit(Audit events and scoped retention)
        end
    end
    ModelProvider(Selected model providers)

    Consumers <-.-> Duale
    Configured --> Managed
    Duale --> ModelProvider
```

</Section>

<Band>
  <Section
    title="Shared operating signals for all teams"
    subtitle="Engineering, security, audit, and business teams should not maintain separate narratives about the same agent task."
  >
    <CardGrid columns={3}>
      <Card title="Available task context" icon="commit">
        Use task submissions, retries, failures, terminal results, and review handoff context where captured by the
        integration.
      </Card>
      <Card title="Policy decisions" icon="mixer-horizontal">
        Review the policy inputs that shaped routing, provider selection, review paths, and operating context.
      </Card>
      <Card title="Incident readiness" icon="exclamation-triangle">
        Give the teams responsible for risk and reliability enough context to understand degraded providers, failed
        executions, and recovery paths.
      </Card>
    </CardGrid>
  </Section>
</Band>

<Section
  title="Regulated work without certification overclaim"
  subtitle="The platform is designed to expose available review inputs for security and governance reviews, but this page does not claim current product certification."
>
  <CardGrid columns={3}>
    <Card title="European Union AI Act readiness" icon="reader">
      Use available review inputs to discuss risk management, logging, transparency, and human oversight expectations
      where those rules apply.
    </Card>
    <Card title="Data protection review" icon="id-card">
      Use documented processors, hosting, retention, and deletion paths as the starting point for privacy and
      data-processing reviews.
    </Card>
    <Card title="Operational resilience" icon="lock-closed">
      Make dependency, provider, recovery, and exit questions visible before a critical workflow becomes hard to
      replace.
    </Card>
  </CardGrid>
</Section>

<Section
  title="A better relationship with delivery teams"
  subtitle="Security and audit teams are rarely the primary buyer. They become more effective when the product already exposes the answers they need."
>
  <CardGrid columns={2}>
    <Card title="For platform teams" icon="code">
      Build once with the review inputs, routing, and governance context that reviewers will ask for later.
    </Card>
    <Card title="For security teams" icon="lock-closed">
      Review the product boundary early, then monitor the available runtime signals engineering uses in production.
    </Card>
  </CardGrid>
</Section>

## Governance questions

### What stays customer-owned versus Duale-managed

Shared responsibility. The customer owns agent code, prompts, tools, task inputs, expected result schema, routing
    policy and deadline, model-provider contracts, and project-specific review paths. Duale AI operates the managed
    runtime: task submission and identity, policy-mediated routing, tenant isolation, audit events, and the
    Germany-hosted application data boundary. Retention scope, subprocessor list, and incident-disclosure paths live in
    the data-processing agreement.

### Where is managed application data hosted, and what changes the subprocessors

Managed application data is hosted by Hetzner Online GmbH in Germany. Duale AI is a French company. The current list,
  the change-notice windows (30 days for European Economic Area subprocessors, 90 days otherwise), and the objection
  channel live on the [subprocessors page](https://duale.ai/en/legal/subprocessors.md).

### Does Duale AI hold any formal certifications today

No. Duale AI does not currently claim formal certification under SOC 2 (American Institute of Certified Public
  Accountants Trust Services Criteria), SOC 3, ISO/IEC 27001 (information security management), or the European Union
  Artificial Intelligence Act. No audit report, attestation, or certificate from a third-party auditor is published
  today. Readiness work on the security and privacy roadmap is not an audit and is not presented as one.

### Which signals does the runtime expose for audit and incident review

The managed runtime records tenant-scoped audit events for create, update, delete, recover, and access actions on the
  resources it owns. Each event carries the action, resource type and identifier, before and after state, and a content
  hash anchored in an append-only Merkle-tree log; sensitive user fields are encrypted per tenant. Customer-visible task
  trace, per-run inspection, and reviewer-facing artifact lists are not part of this page's claims today. Event scope
  and retention duration are defined in the data-processing agreement and the commercial agreement.

### What is the role under the European Union AI Act

Duale AI operates the managed runtime that executes your agents. The role under the European Union Artificial
    Intelligence Act — provider under Article 3.3, deployer under Article 3.4, or both — depends on the agent's purpose,
    the system it integrates with, and who places it on the market. The role is fixed for each workflow during the
    deployment review with your legal team, not asserted in advance by Duale AI.

<Cta
  title="Make governance a production capability."
  primaryCta={{ label: "Review the control model", dialog: "contact" }}
  secondaryCta={{ label: "Open Trust Center", href: "https://duale.ai/en/product/security.md" }}
/>

<JsonLd
  data={{
    "@type": "SoftwareApplication",
    name: "Duale AI",
    applicationCategory: "BusinessApplication",
    audience: {
      "@type": "BusinessAudience",
      audienceType: "Security, legal, audit, and platform teams",
    },
    offers: {
      "@type": "Offer",
      priceCurrency: "EUR",
      availability: "https://schema.org/PreOrder",
    },
    description:
      "Governance view for production AI agents covering data movement, policy decisions, provider choices, available operating signals, and project-specific review paths.",
  }}
/>

## Related content

- [Production runtime for durable AI agents](https://duale.ai/en/home.md)
- [Security Trust Center for production AI agents](https://duale.ai/en/product/security.md)
- [Role-based solutions for platform, business, and governance](https://duale.ai/en/solutions.md)
- [Turn AI pilots into a production portfolio](https://duale.ai/en/solutions/business.md)
- [Build Python agents with routing, retries, and task IDs](https://duale.ai/en/solutions/developers.md)
- [Terms of Use for platform services](https://duale.ai/en/legal/cgu.md)

---

## Sitemap

See the full [Markdown sitemap](https://duale.ai/sitemap.md) for all pages.