AI Governance for Automated Decision Technology

Is your AI compliant?

Enter your company domain. Our AI agent reads your product positioning and delivers an Automated Decision-Making Technology (ADMT) risk assessment in minutes.

Results in minutes. No account required.

Or talk to us directly →

THE AUTOMATED DECISION‑MAKING TECHNOLOGY PLATFORM

Advisor | Auditor | Trainer
One ADMT lifecycle.

Advisor

Advisory-only enforcement

Middleware between your AI and decision database. Write isolation, dwell-time enforcement, three-prong cryptographic proof per CPRA §7150.

Auditor

§7155 assessment generation

Guided intake interviews, multi-stakeholder input, AI-drafted assessments structured to CPPA specifications. Full lifecycle management.

Trainer

Advisory → Automated

Every human review generates labeled training data. Decision corpus analytics, automation readiness scoring, transition evidence packages.

app.admt.ai

Compliance Dashboard

Mar 21, 2026

Total Decisions

1,515

+12.3%

Override Rate

14.1%

+2.1%

Avg Review Time

3m 07s

-8.2%

Pending Reviews

-3

Override rate spike detectedKYC decisions — 23% overrides in last 24h (baseline: 14%)

2h ago

Plugin degraded: Sanctions APILatency exceeding 2s threshold, 3 timeouts in last hour

45m ago

Decision Volume (7d)

Action Items

highReview 3 flagged KYC overridesAK

highEscalate sanctions API timeoutMR

mediumUpdate SOP-004 review criteriaAK

lowSchedule quarterly audit reviewJL

Try the demo →

WORKS WITH YOUR STACK

Workday

Guidewire

FICO

Epic Systems

RealPage

Greenhouse

Duck Creek

Experian

Oracle Health

Yardi

HireVue

Lemonade

Upstart

Olive AI

AppFolio

SAP SuccessFactors

Root Insurance

Zest AI

Tempus AI

CoreLogic

ADP

Shift Technology

Plaid

Viz.ai

Zillow

Checkr

Tractable

Blend

Aidoc

TransUnion

Eightfold AI

Sapiens

Socure

Abridge

Buildium

Pymetrics

Gradient AI

Alloy

Veracyte

Opendoor

THE ADMT ENFORCEMENT TIMELINE

Your AI recommends, scores, filters, or ranks people. Regulators are watching.

LIVECPRA ADMT risk assessmentsProcessing activity assessments required by the California Privacy Rights Act (CPRA) for all ADMT systems. Effective now.

JAN 2026Illinois AI hiring law (HB 3773)Civil rights violation for noncompliant AI in hiring. No grace period.

JUN 2026Colorado AI ActImpact assessments mandatory for high-risk AI. $20,000 per violation.

AUG 2026EU AI Act Article 12 loggingImmutable audit trails required for high-risk AI. Penalties up to 7% global revenue.

JAN 2027CPRA ADMT consumer rights (§7220-7222)Opt-out mechanisms, disclosure requirements, human review requests mandatory.

APR 2028CPPA assessment submission deadlineRisk assessments must be filed with the California Privacy Protection Agency (CPPA).

$7,500Per consumer. Per violation. No cap.One AI decision that violates ADMT rules is one fine per affected person.

MULTI-JURISDICTION REGULATION CONVERGENCE

CPRACalifornia ADMTCO AI ActSB 24-205EU AI ActHigh-Risk Systems

Risk assessments✓✓✓

Audit trail / logging✓—✓

Consumer opt-out rights✓—✓

Human review proof✓✓—

Impact assessments✓✓✓

Penalty$2,663–$7,988per violation$20,000per violation7%global revenue

One AI system can trigger obligations under all three. Penalties stack.

THE DIFFERENCE

They document your AI governance posture. We enforce it in your code.

Enterprise platforms ($100K+)

Dashboard shows AI risk scores
Generates compliance checklists
Collects evidence for existing controls
Broad governance (SOC 2, ISO 27001, HIPAA)
No ADMT-specific enforcement

ADMT Platform

Architectural enforcement in your code
Cryptographic proof of human review
Generated §7155 risk assessments
ADMT-only: deep expertise, narrow scope
Custom model training from audit data

DELIVERY MODEL

We deploy it. You own it. We maintain it.

Advisor — Your Infrastructure

We deploy enforcement middleware between your AI services and decision databases. Runs in your cloud, your VPC, your compliance boundary. Engineering keeps full control.

Auditor — Hosted Portal

Your compliance officer gets a dedicated portal for §7155 risk assessments. Guided intake interviews, async stakeholder input from engineering and legal, and assessment lifecycle management.

Both — Ongoing Monitoring

Audit trail dashboards, rubber-stamp detection alerts, agreement analytics, and regulatory update tracking. We monitor your ADMT compliance posture so your team doesn't have to build internal tooling.

COMMON QUESTIONS

Before you ask.

What is ADMT and why should I care?

ADMT stands for Automated Decision-Making Technology. If your AI recommends, scores, filters, or ranks people — in hiring, lending, insurance, healthcare, housing, or education — you're using ADMT. California Privacy Rights Act (CPRA) regulations (§7150-7155) now require either proof that humans genuinely review AI recommendations (advisory-only) or formal risk assessments filed with the state (compliance). Violations are $7,500 per consumer, per incident, no cap. The $1.35M Tractor Supply penalty and “hundreds of investigations in progress” show the California Privacy Protection Agency (CPPA) means it.

Our AI just makes recommendations. Do we still need this?

That's exactly the question regulators will ask — and the answer depends on whether humans genuinely review those recommendations. If your approval rate is 98% with 3-second review times, the AI is the de facto decision-maker regardless of what you call it. Advisor proves meaningful human review with cryptographic evidence: dwell time, factor acknowledgment, override patterns, and authenticated decision creation. If your AI is truly advisory, Advisor gives you the proof. If it's rubber-stamped, you'll discover that before CPPA does.

What's the difference between Advisor and Auditor?

Advisor is for avoidance — prove your AI is advisory-only so ADMT regulations don't trigger. We deploy enforcement middleware into your infrastructure. Auditor is for compliance — when your AI does make or substantially replace human decisions, generate the §7155 risk assessments the regulation requires. Your compliance officer uses a dedicated portal. Many companies need both: advisory architecture for some AI systems and compliance documentation for others.

How is this different from Credo AI, Holistic AI, or OneTrust?

Three differences. First, scope: they cover broad AI governance (risk registers, policy management, bias audits). AIGov covers ADMT only — two sections of one regulation, served deeply. Second, delivery: they're enterprise platforms with $100K+ contracts and months-long sales cycles. We deploy into your infrastructure in weeks, not quarters. Third, enforcement: they document compliance posture. AIGov enforces it architecturally — making it impossible for AI to bypass human review, not just tracking whether it did.

We already use Vanta for SOC 2. Why do we need this?

SOC 2 and ADMT are completely different compliance domains. Vanta covers SOC 2, ISO 27001, and HIPAA — none of which address automated decision-making. ADMT regulations require different infrastructure entirely: advisory-only architecture enforcement, per-decision audit trails with cryptographic proof, risk assessments specific to AI decision systems, and consumer opt-out mechanisms. Vanta may add ADMT modules eventually, but today there's nothing to add on top of.

What regulations does AIGov cover?

ADMT-focused, multi-jurisdiction: CPRA §§7150-7155 (risk assessments, effective Jan 2026), §§7220-7222 (consumer rights, effective Jan 2027), Colorado AI Act (high-risk AI impact assessments, Jun 2026), Illinois HB 3773 (AI in hiring, Jan 2026), and EU AI Act Article 12 (audit logging for high-risk systems, Aug 2026). Our controls also map to ISO 42001, the international standard for AI management systems — useful if you're pursuing certification or need a recognized framework for board-level reporting. We intentionally don't cover SOC 2, HIPAA, cookie consent, DSAR processing, or general privacy. Just automated decision-making.

What's the Trainer product? Do I need it?

Trainer is the bridge between advisory and automated. Every time a human reviews an AI recommendation through Advisor, they generate labeled training data: what the AI said, what the human decided, and why. Over months, Trainer structures this into a decision corpus, tracks human-AI agreement, and scores automation readiness. When agreement rates are high enough and edge cases are covered, Trainer produces the evidence package justifying the transition to automation — and Auditor handles the compliance obligations that follow. You don't need Trainer to use Advisor or Auditor. But if your long-term goal is confident, compliant automation, the data you need starts accumulating from day one.

What do we own? Is there lock-in?

Everything runs in your infrastructure. Your audit trail data is yours. Assessment documents are yours. Decision corpus data is yours. We deploy into your cloud, your VPC, your compliance boundary — exportable at any time. The honest answer on lock-in: switching costs are structural, not contractual. Your decision corpus and custom models are inherently yours, but they work best within the integrated AIGov platform. We think that's fair — the value compounds because the infrastructure is connected.

GET STARTED

Start proving compliance today

ADMT Risk Scan

Enter your domain. Our AI agent reads your product positioning and delivers an ADMT risk assessment in minutes.

No sign-up required. Results in minutes.

Talk to us

Book a 60-minute call. We'll walk through your AI systems, identify which are advisory vs. decisional, and map your ADMT exposure across CPRA, Colorado, and EU AI Act.

Book a Call →