Aegis Guard Gateway sits in your live AI data path and validates legal consent before personal data leaves your enterprise boundary — resolving the GDPR–AI Act compliance conflict at the architectural level.
The AI governance market has split into two camps — and left a dangerous gap between them. Most enterprises are sitting in that gap right now.
Camp 1
OneTrust, Credo AI, and similar tools are built for policy documentation, AI system inventorying, and impact assessments. They operate outside the live data path. If personal data is sent to an unapproved model at 3:00 AM, a GRC platform cannot block it. It records that a policy existed. Compliance is retrospective, not preventive.
Camp 2
Portkey, Langfuse, and standard reverse proxies are built for engineers. They manage load balancing, caching, and API token consumption. They have no mechanism to verify whether a specific user revoked their GDPR data processing consent five minutes ago before routing a prompt to an external model. Security gateways like Lakera Guard address data loss prevention — not legal consent status.
Aegis Guard Gateway intercepts every AI execution request and validates the legal position before a single byte of personal data leaves your network boundary.
Every AI execution request — regardless of the model, vendor, or application — is intercepted by Aegis Guard Gateway before data exits the enterprise network. Nothing passes through uninspected.
Aegis queries your consent platform — including OneTrust — for the current, live consent status of the data subjects whose data is being processed. Not cached. Not assumed. Live, at the moment of execution.
Approved requests proceed to the AI model with full Article 12 audit logging. Denied requests are blocked and logged with the reason. All logs are anonymised at the point of capture — GDPR data minimisation preserved, AI Act audit trail maintained.
Hard-capped total gateway overhead per request — consent validation, PII redaction, heuristic analysis, and cryptographic logging — verified under representative enterprise load during Week 4 of the pilot.
Non-configurable circuit breaker. On any gateway fault — runtime exception, memory ceiling breach, consent platform timeout — active packet transit is cut immediately and HTTP 503 returned. Cannot be overridden by Client configuration.
Every transaction hashed and signed with Client-generated ECDSA P-256 keys and pushed to Client WORM storage or SIEM via TLS 1.3. Satisfies the Article 26(6) log-integrity floor with a minimum six-month retention period.
GDPR mandates data minimisation and the right to erasure. The EU AI Act mandates continuous automated logging of high-risk AI operations. On their face, these obligations conflict.
Logs are anonymised inside your enterprise boundary before being written. Personal identifiers are stripped or pseudonymised at the point of capture. The result is an AI Act-compliant audit trail that contains no personal data requiring GDPR management.
Providers of Annex III high-risk systems must build automatic logging across the operational lifecycle. Enforcement: 2 August 2026. Aegis captures tamper-resistant, timestamped logs at the execution point.
Deployers of high-risk AI must retain system logs for a minimum of six months. The evidentiary burden sits with the deployer. Aegis stores logs inside your boundary in a format that satisfies this obligation.
Personal data must not be retained beyond its purpose, and individuals may demand erasure. Aegis anonymises all log content at the point of capture, so logs contain no personal data that triggers GDPR retention or erasure obligations.
Where consent is the lawful basis for AI processing, Aegis verifies its validity in real time before each execution. Processing without valid consent is blocked, not just logged after the fact.
Proprietary Architecture
This is a proprietary runtime consent-enforcement architecture developed by Adesanya AI Advisory. It is not a regulatory standard or a term defined in EU law. It is the specific technical configuration that converts your consent platform's policy state into an active, real-time circuit breaker — preventing AI execution when legal permission is absent. The name refers to the enforcement mode activated when OneTrust (or a compatible consent platform) returns a no-consent signal for the data subject at the moment of the AI call.
Every engagement starts with a written scope and a fixed fee. No meters running. Most clients begin with the Architecture Review.
Fixed fee · 5–7 working days
A structured review of your current AI data-flow, consent mechanisms, and logging architecture against EU AI Act Article 12 and GDPR obligations. Written report with findings and a prioritised remediation roadmap.
Fixed fee on enquiry · 30 calendar days
Live deployment of Aegis Guard Gateway in a sandboxed environment against one defined AI execution path. Documented compliance outcomes, full audit log review, and a signed compliance report suitable for DPC or internal board reporting.
Monthly · minimum 3 months
Continuous governance monitoring after a completed pilot. For organisations that need ongoing compliance assurance as AI systems evolve and the regulatory landscape develops around AI Act enforcement.
ARCHITECTURE REVIEW → PILOT → RETAINER · Each tier stands alone or builds on the last
Aegis Guard Gateway is built for the individuals named on compliance documentation — the people who cannot afford a DPC investigation.
Data Protection Officer
Regulators do not accept policy documents as proof of compliance. Aegis produces timestamped, tamper-resistant logs that demonstrate GDPR consent was validated before each AI execution — the kind of evidence that closes a DPC inquiry before it escalates.
Chief Information Security Officer
Your security stack monitors data in transit. It does not check whether the person whose data is in transit consented to AI processing it. Aegis closes that legal blind spot without requiring changes to your existing security architecture.
General Counsel / Head of Legal
You have advised the business on GDPR for years. The AI Act creates new logging obligations that appear to conflict with data minimisation. Aegis provides the legal and technical architecture that resolves this conflict — documented, auditable, and defensible to a supervisory authority.
Chief Compliance Officer
Annex III obligations under the EU AI Act are not aspirational targets. They apply from 2 August 2026. For financial services, insurance, and essential services — sectors that typically deploy Annex III AI — the operational window to implement compliant architecture is closing.
Founder / Managing Director
Your enterprise customer, your investor, your insurer, or your board has asked whether your AI systems comply with the EU AI Act. You don't have a dedicated legal or compliance team — you are the team. Aegis Guard Gateway gives you the architecture, the documentation, and the audit trail to answer that question credibly — before the next meeting, not after an incident.
Write briefly. Describe the AI system or data-flow you are concerned about, and any deadline you are working to. A response usually follows within one business day.