MG12 design
← All work Product · Compliance · ML governance

Plenio

EU AI Act compliance middleware. Plenio puts a named human back into the loop at the moment AI output influences a decision — and records that moment as immutable, audit-defensible evidence.

Role
Product strategy & architecture
Domain
EU AI Act · AI governance
Stack
Blazor · .NET API · browser extension
Status
Live

The problem

Companies deploying AI inside their products and operations have no defensible record of human oversight. When an AI tool generates code, drafts content, makes a recommendation or ranks a candidate, that output flows straight into a downstream decision with no captured moment of human judgment. Two failures follow: a compliance failure — Article 14 of the EU AI Act, ISO 42001 Control 8.4 and SOC 2 CC2.1 each require evidence of oversight, not policy alone — and an operational failure: no organisational memory of why AI-influenced decisions were made, or who stood behind them.

The mechanic

Interception at the human–AI decision boundary, recorded as a tamper-evident audit record — per event, per human, rather than per system.

Plenio manifests as a sign-off for produced artifacts (PRs, drafts, recommendations) and as a pre-prompt risk assessment plus post-hoc attestation for consumptive AI use — CV vetting, credit decisions, anything where a human reads AI output and then acts on it elsewhere.

Where it sits in the market

Existing tools produce evidence of oversight at the policy level (GRC automation — Vanta, Drata) or the system level (AI-native governance — Credo AI, Holistic AI). Plenio produces evidence at the event level: one human, one event, one signed attestation. The legal wedge is Article 26(2) — the deployer must assign qualified personnel who actually exercise oversight. That is event-level evidence nobody else was producing.

What I did

  • Defined the positioning, the regulatory wedge and the product strategy from first principles.
  • Architected the system: an immutable audit ledger, pluggable capture sources and a workflow layer, with two interaction modes (artifact sign-off and consumptive attestation).
  • Specified the v1 common-core audit-record schema every capture source conforms to.
  • Designed and built the surfaces: a Blazor console, a .NET API and a browser extension that captures the decision moment in-context.

Why it’s here

Plenio is evidence of end-to-end product leadership and platform architecture: taking a regulatory shift, finding the defensible wedge, and shipping a real, governable system around it — compliance designed in, not bolted on.

Want work like this in your business?

Start a conversation