Enterprise Compliance API Surface
AxonFlow's public runtime APIs cover policy enforcement, audit logging, provider routing, MCP checks, execution replay, and workflow orchestration. Enterprise compliance modules add regulator-specific workflow surfaces on top of that base.
Use this page to understand which API family exists for each regulated workflow before you move into a licensed rollout or protected implementation guide.
This page names source-verified API families and the jobs they support. Exact request schemas, response payloads, environment-specific routing, and rollout runbooks stay in the protected enterprise docs because they can vary by deployment and customer operating model.
Where Compliance APIs Fit
Most regulated deployments combine three layers:
| Layer | Public API family | Role in compliance work |
|---|---|---|
| Runtime governance | Agent Endpoints, Orchestrator Endpoints | Enforce policy before model, tool, or connector actions proceed |
| Evidence base | Audit API, Decision & Execution Replay API | Reconstruct what happened, which policy fired, and which user or service initiated the action |
| Regulator-specific workflow | Enterprise compliance modules below | Package governance evidence into registries, assessments, exports, readiness checks, and review workflows |
For most teams, the first two layers are enough to validate the architecture. The third layer becomes important when compliance, legal, audit, or procurement teams need repeatable workflows rather than raw log searches.
Module Map
| Module | Route family | Primary workflow | Public framework page |
|---|---|---|---|
| EU AI Act | /api/v1/euaiact/* | Export, conformity assessment, accuracy and externally computed bias-evidence records | EU AI Act Compliance |
| RBI FREE-AI | /api/v1/rbi/* | AI system registry, validations, incidents, kill switches, board reports, audit exports, policy templates | RBI FREE-AI Compliance |
| SEBI AI/ML | /api/v1/sebi/* | Audit export, retention posture, readiness checks, dashboard | SEBI AI/ML Compliance |
| MAS FEAT | /api/v1/masfeat/* | AI system registry, FEAT assessments, kill-switch lifecycle | MAS FEAT Compliance |
| OJK / BI / UU PDP | /api/v1/ojk/* | Indonesian audit exports, retention posture, readiness, breach lifecycle, dashboard | OJK AI Governance |
EU AI Act
The EU AI Act module is built around three workflow families:
- Export under
/api/v1/euaiact/exportfor regulator-facing evidence packages and downloads - Conformity under
/api/v1/euaiact/conformityfor draft, submit, approve, and reject workflows - Accuracy under
/api/v1/euaiact/accuracyfor externally supplied model-quality evidence, history, alerts, and alert updates
Important distinction: the module can record accuracy measurements and externally computed bias-evidence records. It does not perform statistical fairness testing or bias detection on model outputs by itself.
RBI FREE-AI
The RBI module is broader because the FREE-AI report maps to governance, inventory, validation, incident, business-continuity, and board-reporting workflows.
The source-verified route families are:
/api/v1/rbi/ai-systemsfor AI system registry records and summary views/api/v1/rbi/validationsfor model-validation records/api/v1/rbi/incidentsfor incident records and resolution workflows/api/v1/rbi/killswitchesfor operational kill-switch state/api/v1/rbi/reportsfor board-report generation and submission workflows/api/v1/rbi/audit-exportsfor audit-export creation, processing, status, download, and cleanup/api/v1/rbi/policies/templatesand/api/v1/rbi/policies/categoriesfor RBI-oriented policy templates/api/v1/rbi/dashboardfor module posture checks
Treat these as enterprise workflow APIs, not replacements for the core runtime governance APIs. The governed request still flows through the Agent or Orchestrator; the RBI module gives compliance teams the durable records around the system.
SEBI AI/ML
The SEBI module intentionally has a smaller surface:
/api/v1/sebi/audit/exportfor export creation and status lookup/api/v1/sebi/audit/retentionfor retention posture/api/v1/sebi/audit/readinessfor readiness checks/api/v1/sebi/dashboardfor a compact module view
This fits the SEBI workflow: half-yearly AI/ML disclosures, retention posture, readiness checks, and reconstruction of what the model saw, produced, and escalated.
MAS FEAT
The MAS FEAT module centers on three families:
/api/v1/masfeat/registryfor AI system registry records and summaries/api/v1/masfeat/assessmentsfor FEAT assessment lifecycle workflows/api/v1/masfeat/killswitch/{system_id}for configure, trigger, restore, and history workflows
This module is useful when a Singapore financial-services use case moves from a governed pilot into a material system that needs named ownership, assessment records, and operational shutdown controls.
OJK, BI, and UU PDP
Indonesian compliance workflows share the OJK route family:
/api/v1/ojk/audit/exportfor OJK, BI, and UU PDP export workflows, using framework-specific request parameters/api/v1/ojk/audit/retentionfor retention posture/api/v1/ojk/audit/readinessfor readiness checks/api/v1/ojk/breach/notifyfor UU PDP breach-notification template generation/api/v1/ojk/breach/acknowledgeand/api/v1/ojk/breach/evaluate-deadlinesfor breach-lifecycle tracking/api/v1/ojk/dashboardfor module posture
BI payment-system and UU PDP pages refer to this shared surface because their enterprise workflows are implemented through the same Indonesian compliance module rather than separate /api/v1/bi/* or /api/v1/uupdp/* routers.
Authentication And Tenant Context
Compliance modules run in enterprise deployments and are commonly reached through the same protected runtime path as other Orchestrator APIs. The exact access model depends on deployment shape:
- runtime-facing routes use the authenticated tenant or organization context configured for the deployment
- mutating actions should include a reviewer or user identity where the handler records actor attribution
- portal-mediated enterprise workflows can add session-based controls around the same underlying module
Use the Auth And Header Matrix for the cross-surface view. For implementation details in a licensed deployment, use the protected module guide for the relevant framework.
Choosing The Right Starting Point
| If you need to... | Start with |
|---|---|
| Block or require approval before an LLM/tool action | Agent Endpoints and Policy-as-Code |
| Search and summarize runtime evidence | Audit API |
| Reconstruct execution chains | Decision & Execution Replay API |
| Understand whether a regulator-specific enterprise module exists | This page |
| Implement exact enterprise payloads | Protected enterprise API reference for the licensed module |
