Skip to content

AI that works inside your regulated perimeter.

deeplinq deploys on your infrastructure, connects your legacy systems, and leaves your data, your models, and your audit trail inside your control.

Discuss a regulated AI deploymentDownload the regulatory brief

deeplinq is in private preview with selected financial institutions across EMEA. Onboarding additional banking design partners through Q3 2026.

The sovereignty boundary

A single boundary around the regulated organization. Data, orchestration, models, and governance live inside it. Sources feed in from the left; external providers connect inward from the right through scoped residency channels. Nothing crosses the boundary without being logged, evaluated, and policy-checked.

Architecture diagram of the deeplinq sovereignty perimeter. A rectangular boundary encloses four layers — governance, AI orchestration, customer data, and self-hosted open-weights models. Sources on the left and external cloud providers on the right connect inward through controlled channels.ExternalExternal01 · ActorsUsers & appsEmployeesInternal appsAgents & batchSSO · OIDC · SAML02 · SourcesContent & systemsWebsitesMailFiles & documentsAPIs · systems04 · External modelsCloud providersOpenAIAnthropicMistralGoogleLLM · embedding · STT · TTSResidency-lockedSovereignty perimeter — customer organizationLayer 04GovernanceAudit trails · Access control · Policy · Compliance evidenceLayer 03 · deeplinqAI orchestrationRouting · Retrieval · Redaction · Evaluation · ObservabilityOne interface across every model and source.Layer 01Customer dataStays inside the perimeter.Structured storesDocument & object storesVector indexes · identityLayer 02 · Self-hostedOpen-weights modelsRun on customer infrastructure.LlamaQwenMistral (OS)GemmaFalconFine-tunesLLM · embedding · STT · TTSRequestResponseIngestResidency · no retentionPolicyRetrievalInferenceEvery crossing is logged, evaluated, and policy-checked
A single boundary around the regulated organization. Data, orchestration, models, and governance live inside it. Nothing crosses without being logged, evaluated, and policy-checked.

01

Perimeter

A single, customer-controlled boundary. Data, models, orchestration, and governance live inside.

02

Residency channels

Scoped, region-locked egress to external providers. Prompts and completions are not retained.

03

Control flow

Orchestration enforces policy, retrieval, and inference across every model and source.

04

Evidence

Every request produces an immutable, exportable record for compliance and audit requirements.

Platform architecture

One layered system, one perimeter. Connectors ingest, RAG engine indexes, LLM router orchestrates, agents execute — all governed end-to-end inside your perimeter.

Four-layer horizontal stack: Connector Hub ingests enterprise data, RAG Engine indexes and retrieves context, LLM Router orchestrates across cloud and open-weights models, Agent Orchestrator runs autonomous agents under policy, evaluation and observability. A governance band spans all four layers.Enterprise inputsBusiness outcomesLayer 0101 / 04Connector HubIngests enterprise data fromsystems of record and work.SourcesERPCRMDocumentsMailDatabasesCollaborationNormalize · scheduleLineage · identityPre-built connectorsLayer 0202 / 04RAG EngineSemantic indexing andretrieval into business views.CapabilitiesChunking & embeddingsVector + keyword hybridRerankingContextual business viewsPermission-aware retrievalGrounded answers, citationsLayer 03 · Active03 / 04LLM RouterOrchestrates across models.One interface, any provider.Cloud APIsOpenAIAnthropicMistralGoogleOpen-weightsLlamaQwenMistral openGemmaPolicy gateRedactionPolicy enforceResidency checkAudit logInside perimeterSelf-hostedNo egressData stays inCost · latency · residency routingLayer 0404 / 04Agent OrchestratorAutonomous agents runningunder policy and evaluation.RuntimePlanner & tool usePolicy & guardrailsEvaluation & scoringObservability & tracesHuman-in-the-loopAudit trail per actionCross-cuttingGovernanceIdentity & accessSSO · RBAC · row-levelPolicyCatalog · versioningEvaluationAccuracy · safety · driftObservabilityDashboards · alerts
Four layers inside a single perimeter. Governance cuts across every layer; every call is policy-checked before it crosses a boundary.
Why this exists

Your constraints are the starting point.

Regulated institutions cannot ship data to a vendor's cloud. FINMA, CCAF, and nLPD enforce Swiss residency and data protection. CSSF, Bank Al-Maghrib (Loi 09-08), and PDPL frame customer-data processing across Luxembourg, Morocco, and the UAE. HIPAA and GDPR health provisions define clinical-system egress. GxP traces pharma decisions. Solvency II, MAR, and MiFID II dictate what an auditor reconstructs.

Not edge cases. The operating envelope.

Most AI platforms were built for a different customer — one accepting hyperscaler tenancy and data paths the regulator never signed off on. deeplinq was built for the customer who cannot.

Your orchestration, connectors, agents, model routing, and audit trail sit inside the environment you already defend. The platform fits the envelope — not the reverse.

Who we serve

Regulated surfaces, one sovereignty posture.

Each surface has its own regulator, its own audit cadence, its own use cases. One platform adapts to all.

  • Private banking

    Client files and KYC reviews generate more documentation than any team can read — and secret bancaire leaves no room for external processing.

    Platform infrastructure where your team builds client-file and KYC-review agents. They run inside the bank's perimeter and leave a compliance-traceable record.

  • Commercial banking

    KYC, credit ops, customer engagement, and transaction monitoring are measured against central banks, BAM, PDPL, MAR, and MiFID II scope.

    Platform layer across onboarding, credit files, customer correspondence, and market surveillance — where your team deploys AI with national hosting and audit-grade traceability.

  • Healthcare & Life Sciences

    GxP compliance, clinical data handling, and regulatory submissions demand audit traceability generic AI platforms cannot produce after the fact.

    Pharma & Life Sciences workflows detailed today — research, quality, regulatory affairs, pharmacovigilance, supplier archive intelligence — with model-version pinning, prompt archival, decision traces for GxP scrutiny. Healthcare-large coverage (HIPAA, EHR, PHI, hospitals, medical devices) being expanded.

    Explore Healthcare & Life Sciences →

  • Public sector

    National sovereignty, procurement-compliance frameworks, and citizen-data protection make hyperscaler-backed AI non-starters at the procurement gate.

    A sovereign AI layer fitting national data-protection regimes, with local hosting and the audit surface oversight bodies expect.

    Explore the public-sector page →

  • Telecommunications

    Subscriber data, your national data-protection regime, traffic-and-location confidentiality rules, and national retention directives frame every AI decision a converged operator makes. Customer-relationship and network-operations data cannot move to a vendor cloud — not by policy, by architecture.

    Platform infrastructure for customer-care, network-operations, regulatory-DPO, and fraud-pattern workflows — deployed inside the operator's perimeter with model-version pinning, RBAC enforcement, and an evidence trail the regulator and DPO can review. Architected against ISO 27001 and ISO 27017 posture. Lawful-interception is out of scope and stays with the operator's dedicated LI system.

    Explore Telecommunications →

  • Aviation

    Operations, MRO, customer service, and crew workflows split across systems no off-the-shelf AI was built to fit.

    Connectors across ARMS, AMOS, Sabre or Amadeus, Lufthansa Systems Lido, EFB, and FRMS. Agents surface ops, MRO, customer, and crew context inside the operator's perimeter — aligned with EASA, FAA, GCAA, and national CAA expectations. Defense and classified contexts out of scope.

    Explore Aviation →
What deeplinq does

Five capabilities, one constraint: everything stays inside.

The capability stack doesn't change for regulated institutions. The deployment envelope does.

  • Ingest — without exfiltration

    Read documents, transactions, and system records at source. Extraction, embedding, and indexing stay inside the institution's environment. No training on customer data by default.

  • Connect — across the legacy estate, inside the boundary

    Reach into core banking systems, ERPs, CRMs, and operational databases through connectors that run where the data lives. No external data plane.

  • Orchestrate — with full decision traces

    Route each query to the right model, knowledge source, and system of record. Every routing decision, retrieval, and model call is logged and auditable.

  • Deploy — with human-in-the-loop and audit trace

    Deploy agents that propose, not decide, where the institution wants a human gate. Every action carries prompt, retrieval context, model version, and outcome — exportable for audit.

  • Govern — at the policy layer, not by afterthought

    Enforce access controls at document, record, and field level. Retention, redaction, and residency through the platform — decisions versioned and reviewable.

How it deploys

Four deployment modes. One discipline: your data stays where it should.

  • On-premise

    deeplinq runs entirely inside the institution's data centre. Models, vector stores, orchestration, and logs live on infrastructure the CISO already controls.

    Fit signal: private banking, healthcare with strict residency, public-sector.

  • National or private cloud

    deeplinq deploys inside a sovereign cloud region or private-tenant environment chosen by the institution. Residency and data paths defined by the institution's contract, not deeplinq.

    Fit signal: commercial banking under central-bank obligations, sovereign-cloud healthcare.

  • Air-gapped

    No external network path. Inference, retrieval, and orchestration entirely on local infrastructure. Model updates and audit exports via controlled physical transfer.

    Fit signal: classified public-sector workloads, high-security research.

  • Hybrid with a sovereignty boundary

    Sensitive data and regulated workloads stay on-premise or on national cloud; non-sensitive workloads extend where the institution chooses. Sovereignty boundary enforced at the platform layer.

    Fit signal: universal banks with mixed workloads, multinational healthcare, pharma combining internal and external research.

Deployment journey

12 weeks, 4 phases, co-constructed. From customer-side preparation to in-production operations, every phase is mapped — including the prerequisites on your side.

Four-phase deployment journey: Phase 00 Preparation on the customer side before kick-off, then three deeplinq-side phases — Foundation (W0–W4), First workflows (W4–W8), Scale and handover (W8–W12). A continuous bar below shows sovereignty, evidence and practitioner enablement operating across all 12 weeks.Pre-projectIn productionPREW0W4W8W12Kick-offIn productionPhase 0000 / 04Customer sidePreparationPre-W0 · before kick-offData sources identifiedSponsors alignedUse cases scopedTest data preparedPhase 0101 / 04deeplinq sideFoundationW0 — W4Environment provisionedConnectors wiredFirst index livePerimeter validatedPhase 0202 / 04deeplinq sideFirst workflowsW4 — W81–2 workflows liveEvidence layer activeMeasurement baselineTraining startedPhase 0303 / 04deeplinq sideScale & handoverW8 — W12Additional workflowsAccess control at scaleCustomer team autonomousSteady-state metricsCross-cuttingContinuousSovereigntyPerimeter · residencyEvidenceAudit trails · citationsPractitioner enablementTraining · handover
Preparation sits with the customer. Foundation, first workflows, scale and handover sit with deeplinq. Sovereignty, evidence, and practitioner enablement operate across all 12 weeks.
Why model choice matters

Lock-in on the intelligence layer is an audit risk.

A regulated institution that depends on a single model provider inherits that provider's roadmap, data posture, and regulatory exposure. "The vendor's model produced it" is not an answer a regulator accepts.

deeplinq treats model choice as a compliance decision. Institutions run proprietary frontier models, open-weights on local inference, or both — selected by task, sensitivity, and regulator expectation. Model versions are pinned so an auditor reconstructs a decision months later. Models replace without rewriting the platform.

Where a hyperscaler assistant or CRM-native copilot forces tenancy and a single provider, deeplinq keeps the model behind an interface the institution controls.

Currently supported

Cloud APIs (with data residency)

  • OpenAI
  • Anthropic
  • Mistral
  • Google

Open-weights (self-hosted)

  • Llama
  • Qwen
  • Mistral open
  • Gemma
  • Falcon

Model agnosticism

Customer organization defines what's sensitive. deeplinq routes every workload to the right provider — Cloud APIs with residency controls for non-sensitive workloads, open-weights inside your perimeter for everything else.

Model agnosticism: customer workloads flow into the deeplinq orchestration box which routes each request, based on policy, either to Cloud APIs with residency controls (OpenAI, Anthropic, Mistral, Google) or to open-weights models self-hosted inside the customer perimeter (Llama, Qwen, Mistral OS, Gemma, Falcon).Customer workloadsModel executionCustomer organization01 / 03Sources, workloads, policyWhat is asked, about what data,under which classification.Data sourcesERPCRMDocumentsMailDatabasesWorkloads · sensitivityPublicmarketing · researchInternalops · productivityConfidentialfinance · HR · legalRestrictedregulated · PII · PHIPolicy definitionsResidency · sensitivity · routing rulesRequestdeeplinq · orchestration02 / 03Policy-based routingOne interface. One contract. Any provider,chosen per workload under customer policy.Policy-based routingper requestPer-workload model selectionfit to taskResidency-awareEU · FR · on-premCost & latency optimizationper SLAPolicy gateevaluated per requestClassificationResidencyRedactionPurposeAudit logConsent“The choice belongs to the institution,not the platform.”non-sensitivesensitiveOutside perimeter03AZone ACloud APIs· with residency controlsPolicy gate enforced · redaction · audit log · regional endpointsOpenAIAnthropicMistralGoogleBest forNon-sensitive workloads · frontier capabilityInside perimeter03BZone BOpen-weights· run inside your perimeterNo egress · data stays in · self-hosted inference · air-gap compatibleLlamaMetaQwenAlibabaMistral OSApache 2.0GemmaGoogleFalconTIIBest forSensitive workloads · regulated environmentsAir-gapped deploymentstrust boundary
The institution classifies. The orchestration layer routes. The model executes — inside or outside the perimeter as policy prescribes.

Supported model providers

9 providers across Cloud APIs and open-weights. Choose what fits your sovereignty posture.

Two rows of supported model providers with uniform visual weight. Row 1 — Cloud APIs with residency controls: OpenAI, Anthropic, Mistral, Google. Row 2 — Open-weights run inside your perimeter: Llama, Qwen, Mistral OS, Gemma, Falcon. Neutral wordmark placeholders; no provider is featured.CLOUD APISwith residency controls04 PROVIDERSOpenAIAPI · GPTAnthropicAPI · CLAUDEMistralAPI · LE CHATGoogleAPI · GEMINIOPEN-WEIGHTSrun inside your perimeter05 PROVIDERSLlamaMETA · OPENQwenALIBABA · OPENMistral OSAPACHE 2.0GemmaGOOGLE · OPENFalconTII · OPENdeeplinq · SUPPORTED MODEL PROVIDERS09 PROVIDERS
The hardest compliance case, made simple

The sovereign AI configuration.

For banking and government customers, the most demanding compliance configuration is also the simplest to explain.

On-premise deployment + locally-deployed open models = zero prompts leave the network edge, zero external LLM dependencies, zero cross-border transfers, zero third-party AI-provider DPAs to sign.

Not a claim. Not a promise. An architectural constraint enforced by your own infrastructure and validated by your CISO.

Customer perimeter

deeplinq platform

Open-weights LLM

Llama · Qwen · Mistral OS

No data egress. Not by policy. By architecture.

How we map to your frameworks

The frameworks your regulator cares about, addressed inside the platform.

What deeplinq does for each framework today. Coverage-in-progress is marked explicitly. Nothing aspirational.

ISO 27001:2022
Information Security Management System — aligned by architectural design; third-party certification path targeting 2026-2027.
ISO 27017:2015
Cloud security controls — deployment isolation, shared responsibility boundaries documented per deployment mode.
ISO 27018:2019
Cloud PII protection — personal data handling, consent management, data subject rights.
ISO 42001:2023
AI Management System — first international standard for AI governance. Model lifecycle, human oversight, evidence trails aligned from platform design; certification path under evaluation as the standard matures in audit practice.
GDPR (EU)
Residency enforced by deployment location. Right-to-erasure at the data layer. No personal-data processing outside the boundary by default. DPIA and ROPA templates available, aligned with GDPR DPIA provisions.
EU AI Act
Readiness roadmap aligned with 2026 compliance milestones. High-risk AI controls via logging, human oversight gates, model documentation.
DORA (EU)
Operational resilience via ICT-perimeter deployment, incident logging, third-party dependency minimisation, exit strategy via hexagonal architecture.
MiFID II / MAR
Transaction surveillance, research-augmentation source attribution, audit reconstruction via decision-trace exports.
Solvency II
Prudential workflow via document intelligence and actuarial unification inside the regulated perimeter. On request per insurance carrier.
ACPR / CNIL (France)
French supervisory expectations via national hosting, data-processing records, DPO-ready audit exports.
FINMA / CCAF (Switzerland)
Swiss residency, secret bancaire posture, supervisory-review readiness via on-premise and Swiss-cloud deployment.
nLPD (Switzerland)
Revised Federal Act on Data Protection (FADP, in force September 2023). Personal-data processing inside the environment, register of processing activities, profiling logs, breach-notification readiness — addressed by Swiss-cloud or on-premise deployment and audit exports.
CSSF (Luxembourg)
Luxembourg requirements via regional deployment and outsourcing-arrangement documentation.
Bank Al-Maghrib / Loi 09-08 (Morocco)
National hosting, Moroccan residency, central-bank reporting via local deployment.
PDPL / CBUAE (UAE)
UAE Federal Law No. 45/2021 on personal data protection. Central Bank UAE outsourcing and operational-resilience expectations addressed by regional deployment, national hosting, and audit-trail exports.
HIPAA (US)
PHI inside the provider's perimeter. BAA-compatible deployment. US-region hosting on request.
GDPR health provisions (EU)
Special-category health data within the hospital perimeter — consent and access logs exposed to the DPO.
GxP (pharma)
Audit traceability, model-version pinning, prompt/response archival for regulatory-submission and quality workflows.
SOC 2
Type II certification underway, target Q3-Q4 2026. Type I attestation available as intermediate artifact.
National sovereign-cloud requirements
Deployment on certified sovereign-cloud providers via the national or private-cloud mode. Accreditations vary by country.
The evidence layer

What the auditor receives.

A regulator review is not won on claims. It is won on evidence. deeplinq treats the evidence layer as first-class.

Every prompt, retrieval, model call, and agent action is archived with full decision trace — inputs, retrieved context, model version, parameters, reasoning path where exposed, human approval status where a gate applies.

Access audited at user, role, and document level. Policy changes versioned. Model-version pins prevent silent substitution.

When a regulator asks for an evidence bundle, the institution exports a structured archive. No reconstruction project. No vendor intermediary.

For banking prospects

Banking deserves its own conversation.

The platform is horizontal, but banking density justifies a dedicated view — KYC, credit ops, market surveillance, customer engagement; integration footprint across Temenos, Finastra, Avaloq, Murex, SAP, Oracle.

If you are arriving from a banking mandate, the dedicated page goes deeper.

Explore the banking platform →
Architecture details

deeplinq is built on a four-layer architecture designed for sovereignty, auditability, and integration.

See the full architecture →

Start a conversation. Not a sales process.

A working session with our team on your regulatory envelope, your deployment constraints, and the use cases that matter to your institution. Pragmatic, technical, short.

Discuss a regulated AI deploymentDownload the one-pager