Platform
Everything your AI governance needs. In one place.
From registering your first AI system to generating audit packages for certification bodies. Here is how HumanWox works.
AI System Registry
Register every AI system your organisation develops, deploys, or procures. Each entry carries structured metadata: purpose, risk classification, data categories, lifecycle stage, and ownership. When a system changes status, the platform recalculates what governance applies.
The registry connects each system to the controls that govern it, the evidence that demonstrates compliance, and the risks that have been identified and treated.
See it in action — Book a demoCustomer Support Chatbot
AIS-001 · Customer Experience
Fraud Detection Engine
AIS-002 · Risk & Compliance
Document Classifier
AIS-003 · Legal Operations
Recruitment Screener
AIS-004 · Human Resources
Risk Assessment and Control Lifecycle
Identify risks per AI system, apply controls, and test their effectiveness over time. Each risk links to the controls that treat it, and each control links to the evidence that proves it works.
Control effectiveness degrades when testing is overdue. The platform surfaces this automatically through the obligations engine.
See it in action — Book a demoBias in training data
HighModel drift undetected
MediumUnauthorized access to model
HighEvidence Management and Reviews
Every piece of evidence has an owner, a review cadence, an effective date, and an expiry date. The platform surfaces stale evidence before it becomes an audit finding.
Version history is maintained automatically. When a policy is updated, the previous version is preserved and the new version inherits the same control and system linkages.
See it in action — Book a demoAI Risk Assessment Policy v2
Reviewed by S. Kenning · 12 Mar 2026
Data Governance Policy v3
Reviewed by J. Patel · 08 Apr 2026
Model Validation Report
Reviewed by A. Chen · 01 Feb 2026
Decision Accountability
Log every governance decision with its rationale, the person or body responsible, and the AI system it applies to. Deployment approvals, risk acceptances, decommission orders.
Oversight flags indicate which decisions require senior review. The decision log forms part of the audit package export.
See it in action — Book a demoDeploy Chatbot v3.2 to production
Accept residual risk: model drift
Decommission legacy scoring model
Issues and Incident Management
When something goes wrong, log it with AI-specific taxonomy: bias incidents, model failures, data quality issues, policy breaches. Track from identification through root cause analysis to corrective action.
Preventive actions are recorded alongside corrective ones, closing the Plan-Do-Check-Act loop. Overdue items surface on the dashboard automatically.
See it in action — Book a demoBias detected in hiring model outputs
Evidence review missed deadline
Incomplete risk assessment for chatbot
Obligations Engine
The platform tells you what needs doing. Overdue reviews, expiring evidence, untested controls, unassessed systems. Obligations are generated from the governance data itself, not from a separate task list.
Priority is calculated from severity, due date, and the number of frameworks affected. Governance stays current without manual tracking.
See it in action — Book a demoFramework Compliance Mapping
Activate ISO 42001, EU AI Act, DSIT AIME, or NIST AI RMF as compliance lenses over your governance data. The same operational record serves multiple frameworks without duplicating work.
Coverage percentages are calculated from mapped controls, evidence, and gap indicators. Add new frameworks as they become relevant.
See it in action — Book a demoShadow AI Discovery
Run attestation campaigns across your organisation. Compare what teams declare they are using against what is in your registry. Identify, assess, and bring unregistered AI systems into governance.
Campaign results show declared versus attested counts with reconciliation reports. Newly discovered systems enter the registry with risk scores attached.
See it in action — Book a demo0
Declared
0
Attested
0
Unregistered
Newly discovered systems
Marketing Copy Generator
Marketing
Code Review Assistant
Engineering
Meeting Summariser
Operations
Inbound Event API
External systems push events to HumanWox: CI/CD pipeline deployments, monitoring alerts, SIEM events, custom webhooks. The platform matches events to registered AI systems and flags governance implications.
Events that match a registered system trigger obligation checks. Unmatched events surface as potential shadow AI activity.
See it in action — Book a demoCI/CD Pipeline
Monitoring Tool
SIEM
Custom Webhook
HumanWox
Match · Flag · Log
Reports and Audit Package
Generate structured audit packages with integrity warnings. Evidence index, risk register, control mapping, decision log, and review history. PDF and data export.
Integrity warnings flag gaps in the record: missing evidence, untested controls, overdue reviews. The audit package is generated from live data, not a static document.
See it in action — Book a demoGovernance Health Score
A computed score based on the actual state of your governance: system coverage, risk treatment progress, evidence currency, review completion, and control effectiveness.
The score degrades over time as evidence expires and reviews become overdue. This is by design. Governance is continuous, not periodic.
See it in action — Book a demo0%
Overall governance health
Pricing
First 100 organisations: 40% off the Growth plan. £299/month. Limited availability.
Growth
£4,990/year
- Up to 25 AI systems
- 5 team members
- 1 compliance framework
- Core governance: risks, controls, evidence, reviews, decisions, issues
- Obligations engine
- Reports and audit package
- Audit trail
- Governance health score
- Email support
Professional
£8,990/year
- Unlimited AI systems
- 15 team members
- All compliance frameworks
- Everything in Growth
- Attestation campaigns and shadow AI discovery
- Inbound event API
- Partner access and portfolio dashboard
- Priority support
Frequently Asked Questions
Your trial data is preserved. You can upgrade to a paid plan to continue, or export your data. No credit card is required to start, and there is no automatic charge.
Yes. You can upgrade at any time. Your existing data, configurations, and governance records carry over. The upgrade takes effect immediately.
All platform data is hosted in the United Kingdom on Supabase PostgreSQL with encryption at rest and automated daily backups. Row-level security ensures each organisation’s data is fully isolated.
The platform includes structured guidance for governance implementation. For organisations that want hands-on support, we work with certified implementation partners. Contact us for a referral.
HumanWox works without any framework activated. The governance record (AI systems, risks, controls, evidence, decisions) functions independently. Frameworks are optional compliance lenses you can activate at any time.
No. HumanWox is an implementation support tool and system of record. It does not make conformity determinations, issue certifications, or provide authoritative interpretations of any standard. Certification is awarded by accredited certification bodies following a formal audit.
Yes. You can export your governance data, evidence index, audit packages, and decision logs in PDF and structured data formats at any time.
Ready to build your governance record?
14 days full access. No credit card required.