4 Governance Domains

Admina organises its governance capabilities into 4 domains. Each domain groups related controls under a single engine with clear boundaries, so you always know what runs, where, and at what latency cost.

D1

Data Sovereignty

Rust + spaCy NER

Ensures that sensitive data never leaves the boundaries you define. PII is automatically detected and redacted, data residency rules are enforced, and every data type is classified for compliance tracking.

PII Redaction

Detects and redacts email addresses, phone numbers, credit cards, SSNs, IBANs, IP addresses, and person names (via spaCy NER + regex). The Rust engine processes each scan in 0.71µs.

Data Residency Enforcement

Restricts data to allowed geographic or logical zones โ€” EU, local, or custom-defined regions. Prevents governed data from being routed to disallowed destinations.

Data Classification

Categorizes data types automatically so downstream compliance checks (Domain 4) can match each payload against the correct regulatory requirements.

Patterns detected

EMAILuser@example.com → [EMAIL]
PHONE+39 055 123456 → [PHONE]
CREDIT_CARD4111 1111 1111 1111 → [CREDIT_CARD]
SSN123-45-6789 → [SSN]
IBANIT60X0542811101000000123456 → [IBAN]
IP_ADDRESS192.168.1.1 → [IP_ADDRESS]
PERSONJohn Smith → [PERSON] (NER)
ORGAcme Corp → [ORG] (NER)
GPE / LOCPisa, Italy → [GPE] (NER)

NER (Named Entity Recognition) uses spaCy en_core_web_sm. Regex-based patterns work for all languages. Multilingual NER is on the roadmap.

Graceful fallback (v0.9.2+). spaCy is imported lazily, so the proxy boots without the [nlp] extra. In that case PII redaction runs in regex-only mode (email, phone, credit card, SSN, IBAN, IP address, EU national IDs). Install admina-framework[nlp] and run python -m spacy download en_core_web_sm to enable the NER entities above (PERSON, ORG, GPE/LOC).

D2

AI Infrastructure

Python (opt-in)

An opt-in domain that provides a fully governed AI stack โ€” LLM serving, RAG pipelines, and a Web UI โ€” all enabled via admina.yaml configuration.

LLM Engine

Abstracts Ollama and vLLM backends with automatic GPU detection (NVIDIA and AMD). Supports hot model switching without downtime โ€” swap models while live traffic continues to be served.

RAG Pipeline

ChromaDB vector store with recursive character and semantic chunking. Ingests multiple formats: PDF, DOCX, HTML, CSV, XML.

Web UI

Open WebUI container with built-in OIDC and LDAP authentication. Provides a chat interface for end-users while all traffic flows through the Admina governance proxy.

Note: This domain is opt-in. Enable it in your admina.yaml under the infrastructure section.
D3

Agent Security

Rust RegexSet

Protects the full agent lifecycle โ€” from prompt injection attacks to runaway loops โ€” with microsecond-latency checks that apply to every agent-to-agent call transiting the proxy.

Anti-Injection Firewall

15 compiled regex categories plus heuristic scoring, all executed in a single RegexSet pass at 2.08µs median latency.

The 15 v0.9.0 categories (see MODEL_CARD.md for definitions and known limitations):

instruction_override role_hijacking developer_mode dan_mode prompt_extraction delimiter_injection data_exfiltration system_prompt_leak jailbreak obfuscation new_instructions ignore_safety multilang_evasion roleplay_escape tool_abuse

Patterns target English with an explicit multilang_evasion subset for French, Italian, Spanish, German. Contributions for additional locales are welcome.

Custom domain-specific patterns

Add deployment-specific patterns under agent_security.firewall.custom_patterns in admina.yaml โ€” no fork required:

agent_security:
  firewall:
    custom_patterns:
      - regex: "delete\\s+user\\s+\\d+"
        category: "destructive_user_op"
        risk_level: high
      - regex: "(production|prod)\\s+(database|db)\\s+drop"
        category: "prod_db_destructive"
        risk_level: critical

Governance reaction mode

Switch how the firewall reacts to flagged traffic, useful for the first 1โ€“2 weeks of a new deployment:

enforceDefault โ€” block flagged requests at HIGH/CRITICAL severity
observeNever block; log "would have blocked" for review and FP tuning
dry-runLike observe + tag the response so downstream tools know the request was analysed

Loop Breaker

TF-IDF + cosine similarity on a sliding window of recent requests (configurable threshold 0.85). Latency: 2.38µs. Automatically circuit-breaks sessions before runaway costs or deadlocks occur.

Proxy governance

The full security pipeline applies to all agent-to-agent calls transiting the proxy โ€” not just user-facing requests. Every hop is inspected.

Risk levels and actions

LOWLogged, allowed through
MEDIUMWarned, allowed through
HIGHBlocked (in enforce mode)
CRITICALBlocked + session flagged + forensic record written
D4

Compliance

Python + Rust (sha2)

Multi-regulation compliance tooling โ€” EU AI Act classification & gap analysis, NIS2 Art. 21(2) self-assessment, GDPR Art. 30 RoPA registry & Art. 35 DPIA scaffold, plus a hand-curated cross-regulation matrix. Backed by a SHA-256 hash-chained forensic black box and native OpenTelemetry spans.

Decision-support, not legal advice. Admina's compliance modules are self-assessment aids. A passing score in gap_analysis() does not constitute legal compliance and cannot replace conformity assessment under EU AI Act Art. 43, designated NIS2 authority audit, or GDPR DPO review. See the MODEL_CARD for scope, limitations, and known failure modes of every component.

EU AI Act

Automated risk classification under Article 6 and gap analysis against Articles 9โ€“15. Risk categories: unacceptable, high, limited, minimal.

UNACCEPTABLEBanned systems (social scoring, real-time biometrics in public, non-consensual deepfakes / synthetic CSAM โ€” added by Omnibus VII, effective 2 Dec 2026)
HIGHCritical infrastructure, employment, education, law enforcement
LIMITEDChatbots, emotion recognition โ€” transparency obligations apply
MINIMALSpam filters, games โ€” no additional requirements

Timeline โ€” Omnibus VII (Council & Parliament agreement, 7 May 2026)

The Omnibus VII agreement postponed several high-risk deadlines, reduced the Art. 50 transparency grace period, and added a new Art. 5 prohibition. Admina's EU_AI_ACT_DEADLINES table mirrors the agreed timeline.

ObligationOriginal dateEffective date
Art. 5 โ€” prohibitions2025-02-02in force
Art. 50โ€“55 โ€” GPAI obligations2025-08-02in force
Art. 50 โ€” synthetic-content transparency2026-08-02 + 6m2026-12-02
Art. 5 โ€” NCII / synthetic CSAM (NEW)โ€”2026-12-02
Annex III high-risk systems2026-08-022027-12-02
National regulatory sandboxes2026-08-022027-08-02
Annex I high-risk (in products)2027-08-022028-08-02
Full applicationโ€”2028-08-02

Source: Council press release, 7 May 2026. Formal adoption expected before 2 August 2026.

NIS2 โ€” Article 21(2) self-assessment

Deterministic checklist of 10 measure areas ร— 4 controls = 40 checks mirroring the technical and organisational measures required by NIS2 Art. 21(2): risk management, incident handling, business continuity, supply chain security, vulnerability handling, basic cyber hygiene & training, MFA, cryptography policies, asset management, network security. Gap analysis surfaces unmet controls.

Endpoints: GET /api/compliance/nis2/areas ยท POST /api/compliance/nis2/assess.

GDPR โ€” RoPA & DPIA

Two GDPR components ship in v0.9.0:

  • Article 30 RoPA registry โ€” typed CRUD over Records of Processing Activities. In-memory by default; set gdpr.ropa_path in admina.yaml to persist to a JSON file on disk.
  • Article 35 DPIA template โ€” generates a Markdown scaffold from operator-supplied facts, ready for legal review.

Endpoints: GET / POST / PUT / DELETE /api/compliance/gdpr/records[โ€ฆ] ยท POST /api/compliance/gdpr/dpia/template.

Cross-regulation matrix

Hand-curated mapping of 12 operational controls across EU AI Act, NIS2, and GDPR โ€” single source of truth for controls that satisfy multiple frameworks at once. Useful to avoid duplicate audit work; constant, no configuration. Surfaced at GET /api/compliance/matrix.

Forensic Black Box

SHA-256 hash chain with WORM semantics. Each record links to the previous hash, making any modification immediately detectable. Three backends are available โ€” see Configuration โ†’ Forensic backends for the comparison and the production recommendation.

Record structure

{
  "seq": 1024,
  "timestamp": "2026-05-21T14:23:01.442Z",
  "session_id": "sess_abc123",
  "agent_id": "openclaw-agent",
  "method": "tools/call",
  "action": "ALLOW",
  "risk_level": "LOW",
  "pillar": "firewall",
  "hash": "sha256:a3f8...",
  "prev_hash": "sha256:9c12..."
}

Chain verification

Chain integrity is checked programmatically via ForensicBlackBox.verify_chain(records) (in domains/compliance/forensic.py) and contributes to the forensic_chain_valid component of the Admina Score.

OpenTelemetry Integration

Native OTEL spans for all governance decisions. Exports to OTLP gRPC on port 4317. Every domain action is recorded as a span attribute โ€” no code changes required in your agent.

OISG Adequacy Score

Admina ships OISG adequate by default. The adequacy score (Open ยท Intelligent ยท Secure ยท Governed, 0โ€“100) is computed automatically from the live runtime state โ€” no manual checkboxes โ€” and is surfaced on the dashboard alongside the Admina Score.

curl http://localhost:8080/api/dashboard/oisg \
  -H "X-API-Key: $ADMINA_API_KEY"
# {"total": 85, "level": "OISG adequate", "pillars": {...}}

โ†’ Full paradigm, pillars, and Admina โ†” OISG mapping: OISG Adequacy.