The independent governance layer for AI

Know what AI is doing inside your company.

PanelSec gives mid-market companies a single system of record to inventory, govern, and audit all AI usage — by employees and autonomous agents.

Request Early AccessRead the Manifesto
EU AI Act readyGDPR compliantNIS2 alignedHosted in Frankfurt

The Problem

AI is in your organisation.
You just don't know it yet.

76%

Shadow AI

of employees use AI tools without approval. You can't govern what you can't see.

↑ 4×

Uncontrolled Agents

Teams are deploying AI agents connected to CRMs, email, and customer data — often without IT knowing.

€35M

Regulatory Exposure

Under the EU AI Act, you're liable for every AI system you deploy. Fines up to €35M or 7% of global turnover.

The Platform

Three capabilities.
One system of record.

Complete visibility and control over every AI tool and agent your organisation uses — from shadow IT to autonomous agents.

01

AI System Register

A live inventory of every AI tool and agent in your organization. Each system has a business owner, risk classification, and policy configuration.

02

Policy Engine

Enforce governance rules across all AI interactions — employee and agent. Block, warn, or require approval based on data sensitivity, system risk level, and regulatory requirements.

03

Audit Trail

Immutable, regulator-ready logs of every AI interaction. Generate compliance reports for EU AI Act, GDPR, and NIS2 in one click.

Why It Matters

AI governance can't live inside the AI tool.

Microsoft Copilot bypassed its own DLP policies for weeks. Salesforce Agentforce was exploited through a $5 prompt injection. Vendor-side controls fail silently.

PanelSec sits outside the vendor stack — an independent layer that verifies, enforces, and logs what AI systems actually do, not what they're supposed to do.

Copilot
ChatGPT
Custom Agent

⬡ PanelSec

Independent Governance Layer

VerifyEnforceLog
CRM
Email
Customer Data

Regulatory Coverage

Pre-built for the regulations
you already face.

EU AI Act

In force
  • AI system register
  • Risk classification (minimal → unacceptable)
  • Prohibited practice detection
  • Conformity documentation

GDPR

Since 2018
  • PII scanning & flagging
  • Data flow mapping to AI systems
  • DPA verification tracking
  • Data residency enforcement

NIS2

Oct 2024
  • Incident reporting workflows
  • Supply chain risk for third-party AI
  • Audit logging
  • Continuity planning support

EU data residency by default. PanelSec is hosted in Frankfurt, Germany. Your data never leaves the EU/EEA.

Who It's For

Built for mid-market,
not Fortune 500.

Most AI governance tools require a dedicated security team and a six-figure budget. PanelSec deploys in minutes, ships with pre-built policy packs, and is priced for companies with 50–300 employees.

CTOs

Who need to prove AI governance to enterprise customers and board members asking hard questions.

Compliance Leads

Preparing for EU AI Act obligations, GDPR audit cycles, and NIS2 incident reporting.

IT Managers

Trying to get visibility into shadow AI and rogue tool adoption across business units.

Security

Your governance layer should be as secureas the data it protects.

PanelSec is built with a zero-knowledge, EU-native security architecture. We protect your data without asking you to manage it.

Zero-Knowledge Content Processing

We scan it. We don’t store it.

PanelSec’s policy engine evaluates prompts and AI responses in memory. We extract metadata — data category tags, policy decisions, risk flags — and log the result. Raw content is never persisted. Your sensitive data never sits in our infrastructure.

EU Data Residency

EU-only. No exceptions.

All data is processed and stored exclusively in EU data centres (Frankfurt). No transatlantic data flows. No US-based sub-processors for core platform operations. This is an architectural commitment, not a configuration toggle.

Encryption

Encrypted everywhere.

AES-256 encryption at rest. TLS 1.3 in transit. All managed by PanelSec — no key management overhead for your team.

Tenant Isolation

Your data is yours alone.

Every customer runs in a logically isolated environment. Dedicated storage per tenant. No shared tables. No cross-tenant data exposure risk.

Certification (Roadmap)

SOC 2 Type II in progress.

We’re on the path to SOC 2 Type II certification. Our security architecture and processes are designed to meet the standard from day one — not retrofitted later.

Our commitment

“Security isn’t a feature we add at the end. It’s the constraint we design inside of from the start.”

— PanelSec Engineering

Early Access

Get governance
before you need it.

We’re onboarding design partners now. Early access includes hands-on support and input into the product roadmap.