In most organisations 'compliance' lives in a Word document: who may access what, which data must not leave, which query must be logged — all written down, but enforcement left to humans. The most common break point in bank audits is exactly this: the gap between the written policy and the running system. CentraQL closes that gap by embedding compliance as a profile in the runtime.
What is a ComplianceProfile?
A ComplianceProfile gathers an installation's entire compliance behaviour into a single configuration object. Profiles like 'Default' and 'RegulatedFinance' ship out of the box; each carries:
- Which LLM calls are allowed (is on-prem mandatory?).
- The PII masking level (national ID, IBAN, phone).
- Query-surface limits (allowFreeText, joinDepthMax, rangeOf).
- Audit retention period (e.g. 365 days).
- The egress (outbound call) policy.
Changing the profile is one line; the effect applies instantly across the whole pipeline.
EgressGuard: a gate on every outbound byte
EgressGuard is a gate that inspects all outbound network calls. Under RegulatedFinance its behaviour is clear: any request to a cloud LLM, an external API or an unapproved endpoint is blocked at the request boundary. Even if a developer accidentally adds a cloud call, when the profile is 'RegulatedFinance' that call never runs; the block is written to the audit.
This ties the 'customer data must not leak' guarantee to code, not to good intentions.
Combined with PromptAuditLog
For compliance to be provable, every query needs a trail. CentraQL's Copilot pipeline already writes each stage to PromptAuditLog: query hash, user, model used, rows returned, columns masked. The ComplianceProfile sets the retention and detail level. Under RegulatedFinance the record is kept for 365 days and is immutable (append-only).
In a BDDK audit, 'in October this CRO asked this query, the system used this model, masked these columns, and produced the answer with this SQL' can be presented with evidence.
The EU AI Act and KVKK overlap
The EU AI Act, in force in 2026, mandates audit, explainability and human oversight for high-risk AI uses such as credit scoring. The KVKK March-2026 guidance crystallised the explicit-consent requirement for personal data flowing to an LLM provider. The ComplianceProfile turns both frameworks into one configuration:
- Queries flagged high-risk drop into a human-approval queue.
- No PII-bearing data leaves without the profile allowing it.
- Every decision is logged with an explanation (narrative + features).
Why does the 'runtime' distinction matter?
A policy document is static; a system is dynamic. When a developer adds a new integration, the document does not change but the behaviour does. If compliance is embedded in the runtime, the new code is subject to the same profile — so compliance is enforced up front rather than checked after the fact. The audit sees one runtime truth, not the gap between policy and reality.
Setup order
- Choose the profile: RegulatedFinance for most banks.
- Mark PII columns with ColumnPolicy (national ID, IBAN, phone, email).
- Define the EgressGuard allowlist (usually empty — no outbound calls).
- Set the audit retention and append-only store.
- Wire high-risk query types into the human-approval queue.
Conclusion
Compliance is meaningful when it lives at runtime, not on paper. CentraQL's trio of ComplianceProfile + EgressGuard + PromptAuditLog embeds regulation into the system instead of leaving it to human discipline. The result: no gap between the written policy and the running system; the audit sees an immutable runtime record, not a document.
