Every Arka AI deployment operates under ASES V7.2 — a named, versioned execution standard. Governance is not a feature layer or a monitoring add-on. It is the execution architecture: 9 gates evaluated synchronously before any state-changing action, fail-closed by design.
ASES is not a marketing claim — it is a contractual architecture. When we say "We operate under ASES V7.2," it means your engagement is governed by a specific, versioned standard that PE operating partners and auditors can review, validate, and rely on.
ASES defines the minimum standards for: mission qualification (ADLC steps 1–4 must be completed before production), trust progression (Shadow mode before Autonomous), governance enforcement (9 gates, fail-closed), evidence production (7 canonical events per mission cycle), and audit capability (full forensic replayability).
"We operate under ASES" means a PE due diligence reviewer can verify:
what standard was applied → what gates ran → what evidence was produced → what the audit shows.
Every mutation request — every state-changing action a worker takes — is evaluated synchronously through all 9 gates before execution. Gates run in order. Any gate that fails terminates the request and moves the worker to QUARANTINED. No partial execution. No retry without remediation.
Two separate immutable ledgers — one for audit and compliance, one for billing and financial verification. Both are append-only, hash-chained, and cryptographically tamper-evident.
The Evidence Ledger is the source of record for every ADLC event, HITL approval, policy evaluation, and Proof Pack. It is append-only and hash-chained — any modification to a historical record invalidates the hash chain and is immediately detectable.
| Availability | 99.99% read availability |
| Hash chain | SHA-256 per record; chain over ledger |
| Tamper detection | Any modification invalidates chain |
| Export format | OSCAL-native (FedRAMP / SOC 2) |
| Retention | 7 years minimum (configurable) |
| Access | Read-only for clients; append-only for platform |
OSCAL-native export supports direct ingestion into FedRAMP continuous monitoring workflows and SOC 2 audit packages.
The Financial Ledger records every billable event in the Outcome-as-a-Service model. Every line item in any Arka AI invoice is backed by a sealed Proof Pack in the Financial Ledger — you can verify what was done before the invoice is generated.
| Event trigger | financial_realized (Event 7) |
| Proof link | Every billing event linked to Proof Pack |
| Tamper detection | Same hash-chain architecture as Evidence Ledger |
| Client access | Read access to own billing records |
| Dispute resolution | Proof Pack replay as source of record |
| Reconciliation | Automated; no manual re-entry |
No Arka AI invoice can contain a charge not backed by a sealed, ECDSA-signed Proof Pack in the Financial Ledger.
Full input data capture, data source provenance, tenant context, policy context snapshot at execution time
Complete action log, all 9-gate evaluations, HITL approval tokens, elapsed time, system interactions
ECDSA-SHA256 signature, model & prompt snapshots, lineage artifacts, timestamp, replay manifest
Arka AI customer data never leaves the designated region. Tenants are fully isolated at the infrastructure layer. No cross-tenant data access — architecturally enforced, not policy-enforced.
| Region | Google Cloud us-central1 |
| Data residency | All PII, operational data, ledgers |
| Compliance alignment | SOC 2, CCPA, FedRAMP (planned) |
| Uptime SLA | 99.9% platform availability |
| Tenant isolation | Kubernetes namespace + network policy |
| Region | Google Cloud eu-west2 |
| Data residency | All PII, operational data, ledgers |
| Compliance alignment | UK GDPR, ICO standards |
| Uptime SLA | 99.9% platform availability |
| Tenant isolation | Kubernetes namespace + network policy |
Clear, contractual delineation of IP ownership across every engagement. No ambiguity about what Arka owns, what you own, and how adapter layers work.
ASES standard, ActionGateway, Evidence Ledger architecture, ADLC methodology, Mission Library framework, Sovereign LLM Router, Trust Progression State Machine. Owned by Arka AI, Inc. Patents pending. Licensed for use under engagement terms.
System-specific adapters, domain workers, and operational blueprints built for a specific client engagement. Ownership terms defined in the Outcome Contract. Clients may retain rights to domain-specific IP developed for their unique operations.
All client data, operational records, financial records, and the Evidence Packages produced from client operations remain client property. Arka AI holds no license to use client data beyond execution of contracted services.
Arka AI is built on enterprise-grade infrastructure with a structured path to SOC 2 Type II certification. Every deployment runs in customer-controlled environments with full data sovereignty.
Formal audit engagement in progress. Target completion 2026.
Our Evidence Ledger, ASES V7.2 governance standard, and OSCAL-native export architecture were designed from inception to support SOC 2 Type II audit requirements. Audit-ready artifacts are available to enterprise prospects under NDA.
We provide full ASES V7.2 documentation, Evidence Ledger architecture specifications, and technical briefings for PE due diligence teams and security reviewers. Contact our team to begin.