REACH LAW Infrastructure Doctrine
Sovereign Governance
Architecture.
Human-led governance infrastructure designed for evidence production, local sovereignty, and regulatory defensibility. Not a compliance tool. Not a SaaS platform. A constitutional framework built for the standard an SRA investigation demands.
Local node = authority · Cloud = advisory only · Human = decision-maker · Audit = source of truth
REACH LAW is not an AI tool.
It is a local governance control plane
with a bounded cloud reasoning adjunct.
Most AI governance providers discuss security, compliance, and automation. They build on centralised hyperscale infrastructure, route client data through third-party cloud environments, and treat governance as a feature rather than a foundation.
All authority sits locally, inside the firm's own infrastructure boundary. The cloud layer is advisory only. The human officer is the decision-maker. The audit ledger is the source of truth. This is not a product decision. It is a constitutional commitment to data sovereignty, COLP accountability, and the evidence standard the regulator demands.
Sovereignty
All governed processing occurs on-premises within the client firm's own physical infrastructure boundary. Client data does not leave the firm's boundary unless explicitly authorised under documented instruction.
Evidence
Every governed event generates a timestamped, attributed, cryptographically hashed audit record before any downstream processing. Evidence is created at ingestion. Not reconstructed at inspection.
Accountability
No compliance decision is made autonomously. Every RED and AMBER classification requires a named human officer's recorded decision. The system never approves, releases, or rejects a governed event without that record.
Proportionality
Infrastructure consumption remains proportionate to the firm's actual governance requirements. Computation occurs as close as possible to the operational environment requiring it.
Human Oversight
The COLP retains judgment at every point. REACH LAW provides the infrastructure that makes that judgment retrievable, attributable, and defensible. The system is advisory. The officer is responsible.
Defensibility
Every architectural decision is tested against one question: can the COLP produce this evidence in under 60 seconds when the SRA requests it? If the architecture does not support that answer, the architecture is wrong.
Three zones. One hard boundary.
No exceptions.
The data zone architecture is the structural foundation of REACH LAW's sovereignty doctrine. Every piece of data is classified at ingestion. Zone boundaries are enforced by the system architecture — not by policy statements.
Everything that identifies. Everything that matters.
Client-sensitive data in its entirety. Permanently inside the firm boundary. The audit ledger lives here. Evidence packs are generated here. Identity never leaves.
The governance control layer. All authority lives here.
The sensitivity classifier, redaction engine, Privacy Validator, and cloud eligibility gate all operate in Zone 2. The Privacy Validator makes one binary determination: safe for Zone 3 or blocked. Uncertainty equals blocked.
Sanitised reasoning. No authority. No retention.
Only sanitised, abstracted, non-reconstructable payloads reach Zone 3. The cloud layer provides bounded reasoning — it is explicitly not the decision-maker. Zero content retention. Every call logged. Response hash stored in the audit ledger.
If you cannot produce the evidence,
it does not matter.
A policy is no longer valid for an SRA investigation.
Eight rules.
No exceptions.
No workarounds.
These rules are embedded in the architecture, not the policy. They cannot be overridden by configuration, performance requirements, or client instruction.
Local node is the control plane Absolute
All ingestion, identity mapping, sensitivity classification, redaction, deterministic rules, decision-making, audit writing, and evidence generation happen locally inside the firm boundary. The cloud layer has no control authority.
Cloud receives sanitised payloads only Absolute
Raw client data, legal matter content, financial data, AML data, and the audit ledger never leave Zone 1. Only Zone 3-eligible payloads — sanitised, abstracted, non-reconstructable — reach the cloud. The Privacy Validator runs before every cloud submission.
No autonomous compliance decisions Absolute
No component may cause the system to approve, release, or reject a governed event without a named human officer's recorded decision. Every engine output is advisory. Human review is mandatory for RED and AMBER.
Audit ledger is append-only Absolute
The audit ledger uses an append-only structure with cryptographic hash chain. No UPDATE or DELETE operations on ledger entries. No exceptions. Hash chain integrity is verifiable at any time.
Fail closed Absolute
If any critical component is unavailable — classifier, redaction engine, audit writer, cloud API — the system blocks the action and routes to manual review. Never fail open. Governance steps are never silently skipped.
Privacy Validator is a binary gate Absolute
The validator makes one determination: can this payload be confirmed as safe for Zone 3? There is no acceptable failure rate. There is no threshold. Validator uncertainty equals fail equals block. Validator unavailability equals fail.
Model version logged on every cloud call
Every cloud API call logs the specific model version used, the prompt template version, and the response hash. The audit trail covers not just what was decided but what reasoning infrastructure produced the advisory output.
Audit entry written before downstream processing
The audit entry is written at ingestion — before classification, before redaction, before rules, before cloud. If the audit write fails, the event is blocked. Reconstruction is not evidence. Real-time logging is.
Built around evidence production.
Not policy assertion.
REACH LAW produces governance evidence assets designed to support regulatory defensibility, operational accountability, and inspection readiness. These are instruments the COLP can place in front of an SRA investigator and stand behind.
Data Protection Impact Assessments
DPIA documentation for all AI tool deployments. Generated against the governance configuration. Retrievable in under 60 seconds.
AI Tool Registry
Complete register of every AI tool authorised for firm use. Includes tool version, authorisation date, scope of use, and governing officer.
Append-only Audit Ledger
Cryptographically hashed. Every governed event. Timestamped at ingestion. Non-alterable. The source of truth for every inspection request.
Governance Event Logs
Every RED, AMBER, and GREEN classification. Every human review decision. Every override. Every escalation. Complete accountability chain.
Override Records
Every instance where the COLP overrode a system classification. Reason required. Immutable. Linked to the officer's identity. The SRA inspects these specifically.
Evidence Packs
PDF/A-3 standard. Embedded JSON audit chain. Hash generated at export. Hash verifiable against the ledger at any future point. Never alterable after signing.
Firm-Wide Risk Assessment
AI-specific FWRA aligned to MLR 2017 and SRA governance expectations. Updated dynamically as the firm's AI tool ecosystem changes.
Shadow AI Detection Reports
Detection of AI tools operating inside the firm boundary without governance registration. The highest-risk category in the current SRA enforcement environment.
COLP/COFA Attestations
Governance attestations linked to named officer identity. Timestamped. Attributable. The named individual's accountability record, complete and defensible.
Proportional infrastructure.
Localised compute doctrine.
REACH LAW recognises that modern AI infrastructure carries environmental consequences. Large-scale electricity demand, water consumption for cooling, concentrated compute resource extraction, and infrastructure centralisation risks disproportionate to actual operational need.
The localised-compute doctrine is an architectural commitment. Computation should occur as close as possible to the operational environment requiring it. Infrastructure consumption should remain proportionate to the firm's actual governance requirements.
Computation stays inside the firm boundary wherever viable.
REACH LAW is intentionally designed to minimise reliance on hyperscale AI compute environments. Governance infrastructure does not require planetary-scale compute. It requires precise, accountable, local processing — with cloud reasoning as a bounded, temporary adjunct only.
Firms avoid unnecessary expansion into centralised processing models.
Where sovereign local processing is viable, centralised cloud models are avoided. This supports reduced data transfer, reduced compute dependency, operational resilience, localised accountability, and more proportionate environmental resource consumption.
Personal data remains under the direct control of the firm.
The sovereign deployment architecture supports UK GDPR accountability principles, SRA confidentiality obligations, ICO data minimisation expectations, and operational data sovereignty. Metadata-first. Zero-trust content model.
REACH LAW does not claim environmental neutrality.
The localised-compute doctrine is a proportional infrastructure philosophy — designed to reduce unnecessary computational expansion where equivalent governance outcomes can be achieved locally. This is not a green marketing claim. It is an architectural commitment.
Architecturally informed by
the standards that matter.
REACH LAW does not claim certification it does not hold. Where standards alignment is referenced, it reflects architectural design intent — not independently validated certification unless stated explicitly.
Data protection accountability
Architecture supports accountability principle, data minimisation, purpose limitation, and lawful basis documentation for AI-assisted processing. Privacy Validator enforces data boundary at every cloud submission.
Operationally alignedGovernance and compliance obligations
Designed around Rules 2.1(a), 2.2, 2.5, 4.2, 4.3 of the SRA Code of Conduct for Firms. Architecture produces the governance records those rules require firms to maintain and produce on request.
Operationally alignedAML governance obligations
Deterministic rules engine includes MLR 2017 policy-as-code. FWRA generation. CDD and EDD obligation tracking. AI-assisted client screening governance. Audit trail for MLRO.
Operationally alignedInformation Commissioner expectations
Architecture supports ICO accountability framework for AI-assisted processing. DPIA generation. Data minimisation enforcement. Processing records. Subject rights log.
Operationally alignedInformation Security Management
Architecture informed by ISO 27001 principles. TLS everywhere. Encrypted local volumes. RBAC. Secrets management. No plaintext sensitive data.
Architecturally informed — certification targetAI Management Systems
Architecture reflects ISO 42001 principles for responsible AI governance — human oversight, transparency, accountability attribution, and proportionate AI use.
Architecturally informed — certification targetUK NCSC-aligned infrastructure
Infrastructure hardening aligned to NCSC guidance. Dockerised services. Vault/Doppler secrets management. CI/CD with mandatory tests before deploy.
Architecturally informed — certification targetBusiness Continuity Management
Fail-closed architecture with degraded mode handling, COLP notification on component failure, and manual review routing ensures continuity under all failure conditions.
Architecturally informed — certification target