SAIG by Terraxon
Control, protect, and audit enterprise AI traffic before it reaches LLM providers. SAIG sits between your applications, AI agents, and LLM providers — enforcing policy, anonymizing sensitive data, controlling provider residency, and creating signed audit evidence.
Enterprise AI Creates Risk Without Governance
Regulatory Pressure
EU AI Act, GDPR, DORA, FADP — organizations must prove governance over AI systems. Certain EU AI Act infringements can lead to fines up to EUR 35M or 7% of worldwide annual turnover.
Data Sovereignty Risk
Sensitive customer data — names, emails, health records — flows to AI providers without controls. One leaked prompt can trigger a GDPR breach notification.
No Audit Trail
AI is a black box. No policy enforcement, no evidence of what data went where. Compliance teams cannot answer regulator questions about AI usage.
SAIG: AI Governance Runtime
A runtime layer between your applications and AI providers that enforces governance policy on every request.
Not a Chatbot. Not a Generic Proxy. Not Just DLP.
SAIG is a runtime governance layer that makes a policy decision on every AI request before it reaches an LLM provider.
Not a Chatbot
SAIG governs AI traffic from applications, copilots, backend services, and agents. It is not the end-user assistant.
Not a Generic API Proxy
SAIG does more than forward requests. It detects sensitive data, classifies intent, enforces policy, routes providers, and signs audit evidence.
Not Just DLP
SAIG combines PII protection with sovereignty controls, provider routing, abuse detection, governance receipts, and compliance evidence.
Core Capabilities
Sensitive-Data Handling
Hybrid NER + regex detection across 6 EU languages (EN, DE, FR, IT, CS, SK). Reversible anonymization with stable placeholders. Detected PII is anonymized before provider egress, with final outbound verification.
Runtime Policy Enforcement
Deterministic 6-rule decision matrix. Same input = same decision. Actions: ALLOW, ANONYMIZE, DENY, SYNTHETIC_ONLY. Intent classification across 24+ business categories.
Provider Routing & Sovereignty
5 modes: Standard, EU-Only, Swiss-Only, Air-Gapped, Custom. Provider residency enforcement blocks non-compliant egress. Multi-provider routing with circuit breaker.
Signed Audit Evidence
Every governance decision is appended to a SHA-256 hash chain with Ed25519 cryptographic signatures. Tamper-evident audit evidence for regulator reviews.
OpenAI-Compatible API
Drop-in replacement. Change only the base URL — no library changes, no code rewrite. Works with any OpenAI-compatible client (Python, TypeScript, Java, cURL).
Tenant Isolation & RBAC
Multi-tenant with per-tenant policies, sovereignty modes, and audit trails. OIDC/PKCE authentication via Keycloak. Role-based dashboards for 8 roles.
Governance Console & Governed Chat
Console for platform admins, security analysts, compliance auditors, and developers. Governed chat where every request passes through the full governance pipeline.
Observe Mode
Run SAIG in observe mode first. See what would be allowed, anonymized, denied, or routed differently — before enforcing policy in production.
Fail-Closed Governance & Kill Switch
Unknown operations are denied by default. An emergency kill switch can instantly block all AI traffic across the organization.
Model Aliases
Use saig-default, saig-fast, saig-sensitive-data, and saig-low-cost to decouple applications from provider model names. Switch providers without code changes.
Attachment Governance
Extract text from PDF, DOCX, XLSX, PPTX, images, and code files locally, then run the same governance pipeline before anything reaches an LLM provider.
Agent Security Preview
Govern agent-originated requests with actor tracking, agent identity metadata, tool access policy findings, and delegation audit evidence. Currently in preview — not yet production-ready.
How It Works
Connect Your App
Point your AI client to SAIG instead of the provider directly. One line change — base_url = "https://api.your-domain.eu/v1". No additional libraries required.
SAIG Governs Every Request
Each prompt is analyzed for PII, classified by intent and ownership, evaluated against policy, anonymized if needed, routed to the approved provider, and audited with a signed receipt.
You Get Evidence
Every decision is logged with a hash-chained audit trail. Compliance teams get decision traces, risk assessments, and exportable evidence for regulators.
Every AI Request Gets Evidence
For each governed request, SAIG returns decision metadata and writes a tamper-evident audit record with a hash-chain reference and Ed25519 signature.
{
"request_id": "req_7h2k9...",
"tenant_id": "acme-eu",
"action": "ANONYMIZE",
"risk": "MEDIUM",
"rule": "THIRD_PARTY_PII_TO_EXTERNAL_PROVIDER",
"intent": "document_generation",
"provider": "azure-openai-eu",
"sovereignty_mode": "EU_ONLY",
"pii_detected": ["PERSON", "EMAIL"],
"audit_hash": "sha256:...",
"signature": "ed25519:..."
}Example governance receipt shape — not a real customer record.
Decision Trace
Deterministic step-by-step record for compliance teams to review every policy decision.
Signed Audit Evidence
Hash-chained and cryptographically signed records for tamper-evident regulator reviews.
Request Metadata
Structured data for developers and SIEM workflows — via X-SAIG-* headers and response body.
Start With a Proof of Value
Evaluate SAIG in your environment before committing to full deployment.
Observe Mode
Run SAIG in observe mode to see what would be allowed, anonymized, or denied — without affecting production traffic. Understand governance impact before enforcing.
Policy Evaluation
Test your governance policies against real traffic patterns. See decision traces, risk signals, and provider routing before going live.
Evidence Export
Export governance records during the pilot to demonstrate audit capability to compliance teams and regulators.
Integration Walkthrough
Change the base URL in your OpenAI-compatible client and see SAIG governance in action. Typical proof-of-value setup starts with a single API integration.
Runtime Controls & Compliance Evidence
174 automated compliance tests mapped to 26 regulatory controls. Machine-readable evidence generated on every run.
EU AI Act Support
Runtime controls and audit evidence supporting Articles 9-15, 17, and 52 — risk management, data governance, logging, transparency, human oversight, and accuracy workflows.
GDPR Support
PII detection, anonymization, data minimization workflows, and data subject access export support. 6-language coverage.
Swiss FADP / nDSG Support
Swiss-Only sovereignty mode, special category protection, cross-border transfer controls, and automated decision notification support (Art. 22).
DORA Support
Operational resilience controls including circuit breaker, rate limiting, incident management, and governance SLA tracking for financial sector workflows.
FINMA Support
Tamper-evident audit trail with cryptographic signatures, emergency kill switch, and governance receipts supporting financial AI oversight workflows.
Compliance-as-Code
Not documentation — executable tests. Every release generates updated compliance evidence automatically. Governance regression detection.
SAIG by Terraxon provides runtime controls, policy enforcement, audit evidence, and compliance-supporting workflows. It does not constitute legal advice, certification, or a guarantee of regulatory compliance.
Built for Regulated Industries
SAIG helps teams in regulated sectors govern AI traffic with evidence, not assumptions.
Banking & Financial Services
Govern AI assistants and internal copilots with DORA resilience signals, signed audit trails, provider controls, and budget visibility.
Insurance
Protect customer data, anonymize detected PII, enforce policy for claim workflows, and export evidence for compliance reviews.
Healthcare & Life Sciences
Govern sensitive document workflows with local text extraction, special-category data handling, and on-premise or air-gapped deployment options.
Public Sector
Deploy sovereign AI controls with EU-only, Swiss-only, or air-gapped modes and clear evidence of provider residency decisions.
Software Companies
Add OpenAI-compatible governance to existing applications with a base URL change — no rewrite, no agent, no code changes.
Deploy Where You Need It
EU SaaS
Hosted in EU (Hetzner, Germany). Fully managed. Fastest time to value.
Private Cloud
Your VPC, your rules. Docker Compose or Kubernetes. We support, you control.
On-Premise
Governance, PII detection, OCR, and policy evaluation run locally. Forwarding to configured LLM providers is controlled by sovereignty policy.
Air-Gapped
Fully isolated deployment with no external provider calls. Suitable for local or approved in-environment model setups.
Hybrid
Gateway on-prem for data sovereignty, management plane in cloud for convenience.
What SAIG Does Not Claim
We believe in precise, evidence-based claims. Here is what SAIG does not do.
No Compliance Guarantee
SAIG supports compliance workflows and creates audit evidence. It does not guarantee GDPR, EU AI Act, DORA, FADP, or FINMA compliance. Consult qualified legal counsel.
No Certification Claim
SAIG is not a certified compliance product. No third-party compliance certification currently exists for the product.
No Absolute Detection
PII detection uses hybrid NER and regex methods. No system detects all PII in all contexts. Prompt injection detection is pattern-based, not absolute.
Frequently Asked Questions
What is SAIG?
SAIG by Terraxon is an AI governance runtime that sits between applications, AI agents, and LLM providers. It evaluates every request against policy, protects sensitive data, controls provider routing and residency, and creates signed audit evidence.
Is SAIG a chatbot?
No. SAIG is not a chatbot. It governs AI traffic from applications, backend services, copilots, governed chat interfaces, and agent-originated requests before requests reach an LLM provider.
Does SAIG help with EU AI Act compliance?
SAIG provides runtime controls, logging, policy enforcement, risk classification, technical documentation support, and machine-readable evidence for EU AI Act governance workflows. It does not provide legal advice, certification, or a guarantee of compliance.
How does SAIG protect sensitive data?
SAIG detects PII using hybrid regex and NER methods, classifies ownership and risk, anonymizes detected sensitive data when policy requires it, and performs outbound verification before provider egress.
Can I use my existing AI provider?
Yes. SAIG supports provider abstraction and routing across OpenAI-compatible providers including OpenAI, Azure OpenAI, Anthropic Claude, and Google Gemini through a unified API.
Can SAIG be deployed on-premise?
Yes. SAIG can run as EU SaaS, private cloud, on-premise, air-gapped, or hybrid deployment depending on sovereignty, security, and operational requirements.
How long does integration take?
For OpenAI-compatible clients, integration usually starts with changing the base URL and API key. More advanced deployments can add tenant policies, provider bindings, RBAC, SIEM export, and custom sovereignty rules.
Does SAIG govern AI agents?
SAIG can track actor type and agent metadata in audit records. Agent Security features such as tool access policy findings and delegation audit evidence are available as Preview capabilities.
Does SAIG guarantee GDPR compliance?
No. SAIG supports GDPR workflows through PII detection, anonymization, data minimization patterns, consent-related controls, and audit evidence, but it does not replace legal counsel or guarantee regulatory compliance.
What evidence does SAIG create?
SAIG creates governance metadata, decision traces, risk explanations, and tamper-evident audit records using a SHA-256 hash chain and Ed25519 signatures.
Ready to Govern Your AI Traffic?
See exactly what happens with your enterprise AI requests.
Operated by Terraxon s.r.o. • EU-hosted • Built for regulated enterprises.