Compliance approach document published
With DORG Agency now fully operational, DORG Society Foundation has published the Compliance Approach Document: a comprehensive reference defining how the DORG ecosystem enables organizations to achieve and maintain regulatory compliance.
Why this document matters
AI regulation is being actively defined. The EU AI Act, GDPR, NIST AI RMF, ISO/IEC 42001, and emerging national frameworks overlap, evolve, and occasionally conflict with one another. A compliance approach based on a static checklist becomes obsolete the moment a new standard is published.
The DORG ecosystem takes a fundamentally different approach: compliance is architectural, not document-based. It is built into the very structure of the system, not into a manual gathering dust on a shelf.
Key points
Compliance through architecture, not through paperwork. The ecosystem’s tripartite structure — DORG SRL for software, DORG Society for ethical governance, the client organization for operations — distributes responsibilities so that each entity only takes on the obligations it can actually fulfill. No entity can delegate its compliance obligations to another.
An appointed human supervisor for every digital employee. Every DORG has a Human Oversight Supervisor (HOS) who holds final responsibility for all decisions and actions, including fully automated processes. The choice to automate without continuous monitoring is itself a decision within the HOS’s remit.
Full traceability of the decision chain. Every interaction generates immutable logs that track the entire chain: skill invoked, data passed, analysis performed, recommendation generated, human review exercised, final decision made. When something goes wrong, the system can reconstruct exactly what happened.
Gradual and calibratable oversight. Three levels of oversight — human-in-the-loop, human-on-the-loop, and periodic audit — allow organizations to calibrate controls based on their actual risk profile. An organization can start conservatively and make progressive adjustments, with every calibration change recorded in a verifiable history.
Shared responsibility with clear boundaries. DORG SRL guarantees software quality and security. DORG Society governs ethical compliance through the Code of Conduct and the Ethics Committee. The client organization is responsible for regulatory and operational compliance. Responsibility follows the boundary of expertise — always.
Designed to adapt to regulatory evolution. MCP Manifests can be reconfigured as requirements change. Oversight levels can be recalibrated when risk classifications are updated. Compliance reconfiguration is, whenever possible, a client-level operation, not a software rewrite.
A living document
The Compliance Approach Document is designed to evolve alongside the regulatory landscape. It will be reviewed in the event of significant regulatory changes, as the DORG architecture evolves, and, at a minimum, annually.
The Compliance Approach Document is available upon request for DORG Agency clients and interested organizations.
