FAQ

Vienna OS is an enterprise governance control plane for autonomous AI agent systems. It sits between agent intent and real-world execution, enforcing policy, requiring approvals for high-risk actions, and maintaining an immutable audit trail.

Guardrails filter what AI says (content safety). Vienna OS governs what AI does (execution authority). When an agent proposes to deploy code, send an email campaign, or execute a transaction, content filtering is irrelevant — the question is: who authorized this, under what policy, with what constraints?

Warrants are cryptographically signed, time-limited, scope-constrained authorization tokens. Every approved agent action receives one before execution. Post-execution, the Verification Engine confirms the action matched the warrant scope. No warrant = no execution.

Vienna OS is runtime-agnostic. It works with OpenClaw, LangChain, CrewAI, AutoGen, and any framework that can make HTTP requests. Agents submit intents via the Intent Gateway API, and Vienna handles governance regardless of the calling runtime.

The core governance pipeline is open source (GitHub: risk-ai/regulator.ai). The Community tier is free for up to 5 agents. Cloud-hosted and enterprise tiers add managed infrastructure, SSO, compliance certifications, and dedicated support.

Sign up for the free Community plan at regulator.ai/signup. You'll get instant access to the sandbox console at console.regulator.ai. You can submit your first governed intent in under 60 seconds.

Yes. The Community tier supports self-hosted deployment. Clone the repo, configure your environment, and deploy. The Enterprise tier adds on-premise deployment with SLA, dedicated CSM, and compliance certifications.

Minimal. Vienna OS runs as a Node.js application with SQLite for the state graph. The production deployment runs on 2 vCPU / 2GB RAM. For enterprise deployments, we support PostgreSQL and horizontal scaling.

Yes. Each tenant's data (proposals, warrants, executions, audit logs) is logically isolated by tenant_id. No cross-tenant data access is possible through the API.

We're currently operational with rate limiting, encryption in transit, session management, and append-only audit trails. SOC 2 Type I audit is planned for Q4 2026, HIPAA BAA for H1 2027, and FedRAMP assessment in 2027 contingent on government sector demand.

7 years by default, configurable per tenant. The audit trail is append-only — events cannot be modified or deleted. This satisfies requirements for SEC, HIPAA, SOX, and EU AI Act record-keeping.

An agent is any autonomous system that submits intents through the governance pipeline. One AI coding assistant = one agent. A fleet of 20 DevOps agents = 20 agents. Each gets its own identity, permissions, and audit history.

Yes. The Community tier is free for up to 5 agents with full governance pipeline access. No credit card required.

Absolutely. Visit regulator.ai/try to test the governance API live — no signup required. The Community tier gives you full sandbox console access for free.