Legate Governed agents for the regulated enterprise

You keep the accountability. We give you the proof.

Legate is a governed platform for the AI agents your organization is legally accountable for — governance you can prove to an auditor, not autonomy you brand. Built on one compiled trust-and-governance engine, conformant to open standards a neutral foundation owns.

Your organization is accountable for what its AI agents do — however autonomous they are. Legate gives every agent a bounded mandate, a tamper-evident record of what it did, and a wall between tenants that holds. Run it in our cloud, or run your own fork in your own secured infrastructure.

Talk to us about governed agents See how it works
The problem Why now

Enterprises are deploying a workforce of AI agents — and they are legally accountable for everything those agents do.

The shift to autonomous AI agents collides with a hard legal fact: the deploying organization is accountable for its agents, no matter how autonomous they are. “The AI did it” is not a defense. A zero-human, ungoverned agent tool does not discharge that liability — it increases it.

The forcing function is regulatory and on an externally-set clock. The EU AI Act's high-risk obligations land across Q4 2026 → Q2 2027. In the US, new law is closing the “the AI did it” defense. A regulated enterprise that deploys agents into that window without provable governance is exposed — and cannot fix it retroactively.

The buyer this matters to most is a regulated European enterprise — in banking, regulated-data, healthcare, or industrial settings — that has to prove two things to an auditor or a notified body (an officially-accredited organization that certifies compliance under EU law): that one customer's data can never reach another's (tenant isolation that holds — the enforced wall between customers sharing one system), and that there is a record of what every agent did that cannot be quietly altered after the fact (a tamper-evident audit trail).

The accountability gap — liability stays with you, however far the agents fan out
What you're looking at: the organization (top) deploys a fan of AI agents (below). However autonomous they become, the legal-accountability arrow stays pinned to the organization — it does not transfer to the agents. The dated strip is the regulatory window.
your organization legally accountable AI agent AI agent AI agent AI agent AI agent however autonomous they are — the liability does not transfer to them accountability stays here EU AI Act — high-risk obligations land Q4 2026 → Q2 2027 deploy into that window without provable governance, and you cannot fix it retroactively
The deploying organization carries the liability — the agents do not absorb it. Provable governance is how you carry it.

This is the category: governed agents. The value in one breath — governance you can prove to an auditor, not autonomy you can brand. We state that as how we frame the value, because that is honest: it is the position we help you hold.

The platform Legate

Legate: one compiled engine, four governance layers — built so an auditor can verify it.

Legate is built on a single, compiled trust-and-governance engine — not a set of loosely-related tools sharing a brand. One core, authored once, mirrored in an open-source Python SDK (a software development kit — the package developers build with) you can install today, locked together by shared, canonical formats. That is what makes “one machine” a fact you can check, not a story.

Inside the engine, four governance layers run today:

Bounded mandates that can only tighten.

Every agent — and every delegation from one agent to another — operates inside an explicit envelope across five dimensions: financial, operational, time, data access, and communication. A delegated mandate can only ever be narrower than the one it came from; an attempt to widen it is rejected, and the dimension that violated the bound is named. Access fails closed: the default answer is deny.

A trust lineage you can verify cryptographically.

Delegations are cryptographically signed. Decisions run on a four-level gradient — auto-approved, flagged, held, or blocked — and anything unrecognized defaults to held for a human. The system fails toward a person, not toward action.

A tamper-evident audit trail.

Every governed action is written to an append-only, hash-linked chain. The chain re-derives and verifies itself; if a record were altered after the fact, the verification breaks. This is the record an auditor reads.

One enforcement layer, two SDKs that agree.

A proprietary high-performance engine and an open-source SDK produce the same governance results by sharing a canonical format and a conformance-tested algorithm — so a regulated buyer is never locked to a single binary to trust the result.

The engine — one compiled core, two SDKs that agree, four governance layers
What you're looking at: one shared engine (the dark core bar) with the four governance layers built into it. Above it, the same engine appears in two forms that produce the same result — a proprietary high-performance build and the open-source SDK you can install — joined by a shared canonical format so they agree. Governed products plug into this one core from above.
governed runtime agents inside the org developer surface build on the substrate sovereign edge your own fork proprietary high-performance engine the commercial build open-source SDK install it today · Apache 2.0 shared canonical format — they agree THE ENGINE — one compiled core bounded mandatestighten-only · deny-default signed trust lineageheld-for-human default tamper-evident auditappend-only, self-verifying cross-SDK conformancesame result, two SDKs deeply wired today conformant to the same engine The vertical seam — products into the one core — is real today. Wiring the surfaces into one integrated product is on the roadmap. roadmap — cross-surface integration | | |
The engine seam is a fact you can check today — one compiled core, the open SDK on PyPI. The integration that wires the surfaces into one product is named honestly as roadmap below.

Running today

  • The compiled engine and its four governance layers.
  • The open-source SDK on PyPI — install it today.
  • A commercial governed-agent runtime built on the engine, in production use.

On the roadmap

  • The fully integrated platform that wires our separate governed surfaces into one product.
  • Usage-based metering that turns the platform into a recurring service.
  • The sovereign hardware appliance (see Sovereignty).

We name these as roadmap on purpose — deep-tech credibility means telling you which is which. Naming the roadmap is what makes the “running today” column believable.

Sovereignty The sovereign edge

Run your own fork, in your own secured infrastructure, governed by keys you hold.

The strongest thing about Legate is also the simplest to state: your own fork — not a hosted network you join. A regulated enterprise can run its own copy of the entire governed substrate, inside its own secured environment, governed by envelopes and keys it controls. Improvements flow down to your fork through a one-way channel; your data never flows back up.

This sovereign-fork model is not a slide. It operates today: a live, multi-repo enterprise fork runs in a regulated industrial setting, in the customer's own secured infrastructure, kept current with the upstream by a one-way pull. Sovereignty here rests where it should — on a fork you run and keys you hold — not on any vendor's corporate nationality.

The sovereign fork — a one-way channel into your own secured environment
What you're looking at: an upstream master version (left) flows improvements down a one-way channel into the enterprise's own secured environment (centre), where it runs its own fork under its own keys. Your material never flows back up. The appliance (right) is the same idea as a physical box — clearly marked as a forward build.
upstream the master version every fork kept current one-way channel improvements pulled DOWN to your fork; your data never flows UP your OWN secured environment your OWN fork of the whole substrate — envelopes & keys you hold running today — not a hosted network you join ON THE ROADMAP Sovereign Edge Appliance air-gapped, on-premises box that ships the governed-agent substrate pre-loaded kept current by the same one-way pull the architecture and the edge primitive run today; the box itself is a forward build
The sovereign-fork mechanism and the one-way pull run today, drawn abstractly — your environment is a generic secured box. The hardware appliance is a forward build, marked as roadmap.

On the roadmap: the Sovereign Edge Appliance. For buyers who cannot send agents to a cloud at all, we are building a hardware appliance that ships the governed-agent substrate pre-loaded — air-gapped, on-premises, sovereign, kept current by the same one-way pull. The architecture and the edge-deployment primitive that underpin it run today; the appliance itself is a forward build.

Honest by design: sovereignty here rests on a fork you run and keys you hold — it does not depend on any vendor's corporate flag. The protections are bounded, attested, and recoverable; we make no absolute-security claims.
Trust & standards The Terrene boundary

Governed against open standards a neutral foundation owns — not against our own private rulebook.

Legate conforms to a set of open standards for agent trust, governance, and accountability. We do not own those standards. They are published by the Terrene Foundation — a neutral, non-profit body, structurally entrenched against capture, including against us — under a Creative Commons license (CC BY 4.0 — a Creative Commons license that lets anyone build on the standard, including commercially) that anyone may build on. The reference Python SDK is open source (Apache 2.0) and Foundation-owned.

For a regulated buyer and an auditor, this is the point: governance against a neutral, openly-published standard is far more trustworthy than governance against a vendor's private, changeable rulebook. The standard cannot be quietly altered to suit us. A funded competitor could conform to the very same standard — and that is by design. Our position is not a legal monopoly on the rules; it is the most complete, production-tested implementation of them.

The boundary — the Foundation owns the standards; the company conforms to them
What you're looking at: a clean divide. On the left, the neutral Terrene Foundation owns the open standards and the open SDK. On the right, [COMPANY] builds the commercial engine and products and conforms to them. The relationship runs one direction only — this is not open-core, and it is not a funnel.
Terrene Foundation neutral · non-profit · entrenched against capture (including against us) owns the open standards for agent trust, governance & accountability — CC BY 4.0 owns the open SDK reference Python SDK — Apache 2.0, Foundation-owned anyone may build on these — including a competitor conforms one direction only the commercial builder [COMPANY] builds the commercial engine proprietary high-performance build builds the products (Legate) proprietary — and conforms to the open standards the most complete, production-tested implementation Not open-core. Not a funnel. One-directional, by design.
The standard cannot be quietly altered to suit us — that is exactly why a regulated buyer can trust it. We conform; the Foundation owns.

The relationship is one-directional and load-bearing: the Foundation owns the open standards and the open SDK; [COMPANY] builds the commercial engine and products that conform to them. This is not “open-core,” and it is not a funnel. The two stay separate by design.

Why neutral-owned = trust: a competitor conforming to the same standard is not a threat to be denied — it is the proof the standard is genuinely neutral. Our advantage is the most complete, production-tested implementation, not legal exclusivity. The standards are open standards published by a neutral foundation.
Why credible Proof without a logo wall

Credibility you can check — without taking our word for it, and without a wall of logos.

Deep-tech buyers are right to be skeptical. So here is how to verify us directly, instead of trusting a logo wall:

The engine is real and inspectable.

The open-source SDK is on PyPI today. Install it. The governance behavior — bounded mandates, signed lineage, the tamper-evident audit chain — is in the code.

The standards are open.

Read them. They are published by a neutral foundation under a Creative Commons license; conform to them yourself if you like.

The depth is production-tested across very different industries.

The same governance engine has been deployed across radically different settings — industrial, regulated services, healthcare, public-sector-adjacent. We describe these by category, not by customer: on a public page, the architecture and the breadth are the proof, and our customers' confidentiality is theirs to give, not ours to spend.

We tell you what is built and what is ahead.

The integrated platform, the recurring metering, and the sovereign appliance are roadmap, and we say so. A team that marks its own roadmap is a team you can trust on what it marks done.

One engine, many domains — breadth by category, not a logo wall
What you're looking at: one shared engine (centre) proven across four very different kinds of setting (the badges). The badges name a category only — never a customer, a country, or a number — because the breadth is the proof and our customers' confidentiality is theirs to give.
one shared engine the same governance core industrial heavy / regulated production regulated services finance & regulated-data settings healthcare clinical / patient-facing settings public-sector-adjacent accountability-heavy settings
The same engine generalizes across radically different settings. The absence of a logo wall is the point: customer confidentiality is theirs to give, not ours to spend.
Named-roadmap honesty as a credibility asset: we turn the absence of logos into a statement, not a gap — and the named roadmap into proof of how we speak. The green is believable because the roadmap is named.
Company Who builds Legate

[COMPANY] — building the trust layer for the agentic enterprise.

[COMPANY] (legal entity name — fillable slot; pending trademark clearance) builds Legate and the engine beneath it. Our mission is to make AI agents something a regulated organization can actually be accountable for: bounded, attested, and verifiable.

The founder. [COMPANY] is led by its founder as CEO and Chief Architect — the face and the technical mind behind the platform. This is a permanent role by design: the founder builds the technology and leads the company.

[FOUNDER BIO] Founder bio slot — to be supplied by the founder. Default framing: named founder, with the CEO & Chief Architect line, plus the bio copy the founder approves. Replace this entire block with the supplied text.

Our posture toward the open substrate. We build commercial products first, in production, with real accountability — and we pledge the open-substrate work to the neutral Terrene Foundation under a public commitment. The open standards and the open SDK belong to the Foundation, not to us. We hold ourselves to the same standards we ask our customers to trust.

We conform to standards we don't control
Terrene Foundation owns the open standards (CC BY 4.0) + the open SDK (Apache 2.0) conforms [COMPANY] builds the commercial engine + products (proprietary) — and conforms
We conform to standards we don't control — the open substrate belongs to the Foundation, by public commitment.
Contact Engage with us

Three ways to engage.

For the regulated enterprise

If you deploy AI agents and have to answer for them

Talk to us about governed agents for your regulated enterprise.

Talk to us
For the developer

If you build

The open SDK is on PyPI and the standards are open. Build on the substrate, conform to it, probe it.

Explore the open substrate
For the regulator

If you work on AI governance policy or standards

Engage us on the EU track.

Engage on standards