Policy catalog
Documents the rules an organization intends agents to follow.
MINDBURN LABS
Inspect surfaceGovernance vs execution authority
AI governance vs execution authority
Governance organizes the rules and keeps the records. Execution authority returns a verdict before a consequential action runs and binds signed evidence to the effect.
Governance documents intent. Execution authority enforces it. Both want the same proof.
The category
Governance organizes the rules and the record.
A governance program sets policy for AI, tracks what is in use, and keeps the reports a review will ask for. This work matters. It tells an organization what it intends and gives auditors something to read.
Inventory
Tracks which models, agents, and use cases are in scope.
Records
Stores reports, attestations, and review history.
Reporting
Maps activity to frameworks for auditors and stakeholders.
The difference
A policy on paper is not a verdict on the action.
Governance can describe what an agent should do and still not stop a side effect that breaks the rule. Execution authority turns the policy into a decision at the moment the action is proposed, and signs evidence of what happened.
The governance program
- Documents policy and intended controls.
- Tracks the inventory of agents and use cases.
- Stores reports, attestations, and review history.
- Maps activity to internal and external frameworks.
HELM execution authority
- Returns ALLOW, DENY, or ESCALATE before the effect runs.
- Denies anything unknown or unapproved by default.
- Binds the permitted effect to the verdict that authorized it.
- Signs a receipt and EvidencePack that verify offline.
A consequential action
From a documented rule to an enforced verdict.
A governance record would note that exports of sensitive data need approval. HELM enforces it on the action and records the evidence.
Agent proposes
Agent proposes to export a customer list to an external destination
HELM checks policy
Checks data sensitivity, destination, and approval policy
Verdict
ESCALATE
Proof
Data-export receipt + approval EvidencePack
Questions
Governance and authority, in plain terms.
What does AI governance cover?
Governance is how an organization sets policy for AI, tracks what is in use, and keeps records for review. It organizes intent and produces reporting that maps activity to internal rules and external frameworks.
How is execution authority different?
Governance organizes policy and records, often after the fact. Execution authority returns a verdict at the moment a consequential action is proposed, denies the unknown by default, and binds a signed receipt to the effect. One documents the rules; the other enforces them on each action and proves the outcome.
Is HELM a replacement for our governance program?
No. HELM checks a proposed action against policy before the effect runs and records receipts and EvidencePacks. Your governance program still owns policy, inventory, and review. HELM gives that program enforcement and evidence at the point of execution.
How do frameworks like NIST AI RMF relate to this?
Frameworks like the NIST AI RMF describe outcomes such as mapping, measuring, and managing risk. HELM does not certify you against any framework. It produces the per-action verdicts and signed evidence that a governance program can reference when it reports against those frameworks.
Keep reading
Follow the proof path.
Terms
Plain-language terms
- EvidencePack
-
A small bundle of records used to verify one event or review path.
Use for replayable evidence slices. - ProofGraph
-
A record chain that helps replay and check what happened.
Use for HELM proof records and replay paths. - ALLOW
-
HELM lets the action run.
Use as a canonical verdict. - DENY
-
HELM blocks the action.
Use as a canonical verdict. - ESCALATE
-
HELM stops and asks for more facts, policy, or human approval.
Use as the canonical non-dispatch path for missing facts, policy hold, or approval.
Document the policy. Then enforce it on every action.
Bring one consequential action to the boundary and see the verdict and the receipt.