How a regulator,
an auditor, or your CISO
should read us.
Plain answers to the questions you will be asked. Data residency, EU AI Act mapping, GDPR Article 22 auditability, DORA compatibility, provenance contracts, and responsible disclosure.
Data residency
All Helios substrates run inside European data perimeters. Customer data does not leave the jurisdiction of the deploying institution. No model weights are exported. No prompts are mined.
EU AI Act · Risk classification
Helios world models deployed for institutional decisions are designed against the obligations of a high-risk AI system under the EU AI Act: risk management, data governance, technical documentation, transparency, human oversight, robustness, and post-market monitoring.
GDPR Article 22 · Auditability
Every recommendation is traceable to the data, evidence, ontology version, and reasoning composition that produced it. No purely automated decision is made without explainable rationale at the level the regulator and the data subject require.
DORA compatibility
For financial sector clients, the substrate maps to DORA obligations across ICT risk management, incident reporting, resilience testing, and third-party risk. Audit artefacts are generated as a property of the runtime.
Provenance contracts
Every signal binds to its source. Every fact carries when it was true and when we learned it. Every decision carries the evidence and policy that justified it. Provenance is a property of the substrate, not a dashboard feature.
Responsible disclosure
Security researchers, auditors, and customers who discover a vulnerability are asked to contact hello@heliosbrain.com. We acknowledge within 48 hours and credit on disclosure unless requested otherwise.
Found something?
Tell us first.
Security researchers, auditors, and customers who discover a vulnerability are asked to write to us before any public disclosure. We acknowledge within 48 hours and credit on disclosure unless requested otherwise.
security@heliosbrain.comRegulators
welcome.
For regulators, DPAs, internal audit teams, and customer compliance officers: technical documentation, audit logs, and a working substrate walkthrough are available on request. We do not hide behind NDAs to refuse review.
compliance@heliosbrain.com