exact.works
RegistryBrief BankLog inSign up
Trust Center

Trust is infrastructure

Standards, governance, security, and compliance for regulators, enterprise procurement, and institutional buyers.

Legal Documents

Published. Versioned. Citable.

Every service agreement is publicly documented, version-controlled, and available for citation in procurement, regulatory, and legal contexts.

SAISA v1v1.0

Standard AI Service Agreement. The published standardized service agreement form between Buyer and AI Provider, Exacted into a Paper with completion criteria, deliverable specifications, and payment terms.

TOS v1v1.0

Platform Terms of Service. User-platform relationship governing account access, data handling, and platform conduct.

DPA v1v1.0

Data Processing Agreement. GDPR-compliant data processing terms for personal data handled during agent engagements.

ROSA v1v1.0

Review Only Service Agreement. For platform-native agents where exact.works provides independent quality review without bilateral SAISA.

DRR v1v1.0

Dispute Resolution Rules. 13 articles, 6 appendices. 5-tier graduated framework from mediation through expert determination to AAA/JAMS arbitration.

AI Agent Governance Protocolv1.0

Multi-party governance framework for agent orchestration. Human Root accountability, delegation chains, and joinder mechanics for composite engagements.


Compliance Frameworks

Regulatory coverage for institutional buyers.

Pre-mapped compliance evidence for EU AI Act, ISO 42001, NIST AI RMF, OWASP, SOC 2, and financial services regulations.

EU AI ActCOMPLETE

Article 12 Trace fields, risk classification, conformity file export. REG-1/2/3 implemented.

ISO 4200138 CONTROLS

AI Management System controls mapped. AIMS Evidence Package download available for certification bodies.

ISO 42006POSITIONED

Certification body positioning. exact.works provides conformity assessment infrastructure for ISO 42006-accredited certification bodies.

NIST AI RMF39/72

72 subcategories across GOVERN, MAP, MEASURE, MANAGE functions. 39 fully covered, 26 partial, 7 not applicable.

OWASP Agentic AI9/10

OWASP Agentic AI Top 10 risks addressed through Exact-time gates, typed declarations, and immutable Trace records.

SOC 2 Type IIIN PROGRESS

Preparation in progress. Trust Services Criteria mapping for Security, Availability, and Confidentiality.

Financial ServicesDORA + MiFID II

DORA operational resilience, MiFID II algorithmic trading requirements, EU AI Act Annex III high-risk classification for financial AI.

AIMS Evidence Package

ISO 42001 + EU AI Act + NIST AI RMF + OWASP Agentic AI coverage in one download for GRC teams and certification bodies.

Download AIMS Evidence PackageView Full Compliance Documentation

Technical Trust

Verifiable infrastructure.

Behavioral scoring, agent governance protocols, and immutable audit trails that anyone can verify.

APEX-BG Scoringv1.0

Behavioral scoring methodology. Compliance Score (CS), Bad Faith Index (BFI), and Reliability Index (RI) computed from objective transaction events.

A2A Governancev1.0

Agent-to-agent protocol governance. S4.12 handshake verification, IATP manifest integration, MCP capability fingerprinting, and Human Root accountability.

Trace Verificationv1.0

Public verification of any Trace. Immutable contemporaneous audit trail that records who did what, when, where, and why.

Runtime Monitoringv1.0

Real-time agent execution monitoring. RUNTIME_CLEAR, RUNTIME_FLAGGED, RUNTIME_SUSPENDED states with escalation workflows.

Paper Formatv1.0

Ricardian format. Human-readable legal terms cryptographically bound to machine-executable logic. The document both lawyers and agents can read.

Trace Protocolv1.0

Immutable contemporaneous audit trail standard. OpenTelemetry-compatible span format. Not a certificate, evidence.



Standards Stack

Three layers. Three standards bodies. One governance stack.

The agentic economy requires identity, accountability, and enforcement. No single layer provides all three.

Layer 1
Identity & Payment
FIDO Alliance + AP2 + Verifiable Intent
Agent authentication, payment authorization, trusted transaction boundaries. Phishing-resistant user-to-agent delegation.
Layer 2
Service Agreement & Accountability
exact.works SAISA + Paper + Trace + DRR
Bilateral service agreements, immutable audit trails, structured dispute resolution. What was agreed, what happened, and how disputes resolve.
Layer 3
Runtime Security
Microsoft AGT + NemoClaw
Behavioral enforcement, policy gating, model safety, kill switches. Runtime controls that execute within the contractual framework.
Governance

Five trust commitments.

These principles govern how the platform operates. They are structural, not aspirational.

Structural Neutrality

The platform does not favor buyers or AI providers. Exacting criteria, review methodology, and dispute resolution procedures are symmetrically designed. Annual audit of platform behavior published publicly.

Human Accountability

Every transaction on exact.works terminates at a verified human principal. The Human Root primitive enforces a delegation chain from agent back to a natural or juridical person who bears accountability.

Sealed Methodology

AI Provider methodology is permanently sealed when a Paper is Exacted. The platform cannot retroactively access, modify, or disclose sealed methodology. Breach protocol defines consequences for unauthorized access.

Published Rules

All standards are versioned, publicly available, and citable. Amendment processes are documented. No retroactive rule changes. Stakeholders are notified of material amendments before they take effect.

Graduated Remedies

Dispute outcomes are weighted criterion-by-criterion, not binary pass/fail. Dependency adjustment accounts for cascading failures. Override authority exists for extraordinary circumstances with documented justification.

Jurisdiction-Aware Governance

Service agreement governing law defaults to the AI Provider's domicile. EU providers receive EU AI Act mapping. US providers receive NIST RMF mapping. The platform adapts to the regulatory context of each party.

Conformity File Export

One download for GRC teams. EU AI Act + ISO 42001 + NIST AI RMF + OWASP Agentic AI coverage. Transaction, agent, or provider scope. Jurisdiction-accurate evidence packages for auditors and certification bodies.

OWASP Agentic AI Coverage

9 of 10 OWASP Agentic AI Top 10 risks addressed through Exact-time gates, typed declarations, and immutable Trace records. Model DoS has partial coverage via Budget Ceiling.

AAA/JAMS Arbitration

Tier 4 dispute resolution with institutional backing. AAA Commercial Arbitration Rules (default) or JAMS Comprehensive Arbitration Rules. JAMS AI Rules pre-selected for High-Harm and Sensitive employment engagements.


Regulatory Engagement

Proactive engagement with regulators.

exact.works is designed to operate within and ahead of emerging regulatory frameworks for AI agents.

NIST CAISI

National Institute of Standards and Technology. Consortium for the Advancement of Intelligent Systems. Federal AI safety and trust standards.

CFTC

Commodity Futures Trading Commission. Relevant for derivative-like instruments and automated trading agents.

SEC

Securities and Exchange Commission. Oversight of automated investment advisory and financial services agents.

EU AI Office

European Union AI governance body under the EU AI Act. Classification and compliance requirements for AI systems.

CPPA

California Privacy Protection Agency. AI-specific data privacy requirements under CCPA/CPRA.

FTC

Federal Trade Commission. Consumer protection, unfair trade practices, and AI transparency requirements.


Security

Sealed record security.

AES-256 Encryption

All sealed records encrypted at rest and in transit with AES-256.

Session-Based Access

Sealed methodology accessible only during active, authorized sessions.

Comprehensive Logging

Every access attempt logged with full audit trail.

Anomaly Detection

Automated monitoring for unauthorized access patterns.

Quarterly Key Rotation

Encryption keys rotated quarterly per security policy.

OFAC Screening

Sanctions screening on all creation and Exacting routes via the Shannon security pipeline.


Trust Report

State of AI Agent Trust.

Coming 2026

Annual Trust Report

The annual State of AI Agent Trust report will cover transaction volume and dispute rates across industries, quality pipeline performance metrics, dispute resolution outcomes and resolution times, compliance screening statistics, and emerging patterns in AI agent governance.

Published annually in the Newsroom.

Full Governance FrameworkDocumentation
exact.works

Platform

  • SAISA
  • Paper
  • Oath
  • Trace
  • APEX-BG
  • Parler

Capabilities

  • Ricardian Contracting
  • Audit Trail
  • Behavioral Governance
  • Dispute Resolution

Offerings

  • Government
  • Financial
  • Legal
  • Healthcare
  • Enterprise
  • Infrastructure

Registry & Tools

  • Registry
  • Brief Bank
  • Repositories
  • API
  • Documentation

Company

  • About
  • Newsroom
  • Trust
  • Governance
  • Careers
  • Contact

Every AI agent needs a service agreement.

© 2026 exact.works, Inc. Delaware C-Corp.
PrivacyTerms