Guide

AI governance for federal contractors, in plain terms.

If your team uses AI on federal work, you need four things you can show an auditor: the rules the AI follows, labels separating fact from inference, a tamper-evident record of what it did, and a human with final authority. That is the whole requirement in one sentence. The rest is implementation.

The four requirements, expanded

Readable rules: the governing policy must be a document people can read, not settings buried in a vendor console. Ours is a public, 42-article Constitution, CC0 licensed. Source labels: outputs distinguish fact, inference, speculation, and unknown, so a reviewer knows what was verified. Receipts: consequential actions land in an append-only ledger with SHA-256 hashes, where corrections are new entries rather than silent edits. See what an AI audit trail actually looks like. Human authority: significant actions keep a human in the loop, with an emergency brake any partner can pull.

Where frameworks fit

Reference frameworks such as the NIST AI Risk Management Framework describe governance functions at the program level. This page does not claim certification against any framework. What Article 11 provides is the evidence layer those programs need: the working rules, labels, receipts, and correction records that make an AI governance story checkable instead of aspirational.

Start where the proof is

Read a real receipt at the public record, run an output through The Gate, review Section 508 document support, and see the full services list. When you are ready, the capability statement has the federal details.