Compliance, with a receipt.
Most "AI compliance" stops at access logs and prompt-level guardrails. Divinci goes inside the model. Every entity association is a queryable feature; every edit is a portable, auditable patch — and the vindex is the technical-documentation artifact your regulator is about to start asking for.
What the regulation requires · what LarQL ships
The same artifact — the vindex — answers transparency, oversight, documentation, and erasure requirements across the four major AI regulations Divinci customers face.
| Regulation | Requirement | What competitors offer | What LarQL/vindex offers |
|---|---|---|---|
 EU AI Act §13 Transparency | "Sufficient transparency to enable users to interpret outputs" | Model cards, prose system descriptions | The vindex IS a queryable transparency artifact — every fact-bearing feature identified by (layer, feature, gate_score) |
| EU AI Act §14 Human Oversight | Operators must intervene meaningfully | Prompt-level guardrails (jailbreakable) | Weight-level DELETE patches at the feature, not the prompt — cannot be jailbroken around |
| EU AI Act Annex IV Tech Docs | "General logic of the AI system" | Architecture diagrams + training-data summaries | Bit-exact mechanistic documentation: every feature's projected vocabulary, every layer's structural metric (C1–C5) |
 GDPR Article 17 Right to Erasure | Verifiable removal of personal data | Fine-tuning to "forget" — not verifiable; data may resurface adversarially | DELETE patch with audit trail = provable suppression of a specific named-entity association at +0.02% perplexity. The patch file is the receipt. |
 HIPAA · PCI · GDPR De-identification | Remove PII from data products | Token filtering at I/O (leaks possible) | Feature-level identification of PII-encoding directions; surgical removal at the weight layer |
 NIST AI RMF Manage | Quantify and manage residual risk | Vibe-based risk assessments | C1–C5 universal constants give you a measurable structural baseline; re-verify after every patch |
What a "receipt" actually looks like
A LarQL patch is a portable JSON file with a SHA-256 checksum. Apply it to suppress a fact; remove it to restore the model bit-for-bit. The patch IS the audit log — operators, regulators, and downstream consumers can verify the same operation independently.
Below: the actual Gate-3 patch we ship in our public test suite, showing the Paris→capital association suppressed and reverted with measurable, repeatable effect on a real Gemma 4 E2B vindex.
{
"name": "gdpr-art17-paris-capital",
"version": 1,
"base_model": "google/gemma-4-E2B-it",
"created_at": "2026-04-22T22:34:00Z",
"operations": [{
"op": "delete",
"entity": "Paris",
"relation": "capital",
"target": "서울",
"weight": -1.0,
"layer": 27,
"feature": 11179
}]
}
# ── Verifiable result ──
# before: feature 11179 score 18.10 target='서울' (rank #1)
# after: feature 11179 ABSENT from top-25
# Δ perplexity (WikiText-103, 1024 tok): +0.02%
# vindex sha256: 9abaeaf6...Compliance you can prove. On any open transformer.
Eight published vindexes today across Gemma, Qwen, Llama, Mistral, OpenAI MoE, and Microsoft 1-bit. Bring your model — we'll build the receipt.