KYA (Know Your Agent) — the governance framework that makes autonomous AI agents court-defensible, insurable, and EU AI Act compliant.
EU AI Act Article 99(4): Violations of high-risk deployer obligations (Articles 8-15, 26) carry fines up to EUR 15M or 3% of annual global turnover. Prohibited-practice violations under Article 5 carry the top tier of EUR 35M or 7%. National corporate governance codes add personal exposure for directors who approved AI deployments without documented controls.
First enforcement actions expected Q3-Q4 2026. Boards approving autonomous agent deployments need Article 12 logging and Article 26 deployer evidence on file.
National corporate governance codes add personal exposure for board members who approved autonomous agent deployments without documented controls. This is not a compliance checkbox — it is a personal liability event.
KYA is the governance standard for autonomous AI agents in EU-regulated industries. It operates at two levels:
Agent identity, behavioral guardrails, pre-execution controls. Proves which agent did what and that controls were active before it acted.
Enforcement: < 5ms per decision. No latency penalty.
Agent Trust Score (ATS), autoresearch governance, performance metrics. Measures agent reliability across production deployments.
Revenue: SaaS subscription + API transaction fees.
D&O insurers require documented governance that proves "reasonable measures" were in place. KYA-S provides exactly this:
Proves which agent produced the output — not "our AI." Isolates director decisions from agent failures. Every agent has a cryptographic identity bound to its deployment context.
Separates LOGIC_FAULT (agent error) from OPERATOR_FAULT (human misconfiguration) from MANIFEST_FAULT (deployment issue). Proves the board's governance framework was adequate even when an agent fails.
Pre-execution controls were active before the agent acted. Sub-5ms enforcement. Demonstrates "reasonable measures" — the legal standard for personal liability safe harbor across EU member states.
| Metric | Value | Basis |
|---|---|---|
| D&O Premium Reduction | 8-12% | Comparable to SOC 2 certification (5-15% cyber premium reduction) |
| Target Enterprises | Every KYA-certified enterprise | EU AI Act applies to all "deployers" — not just "providers" |
| Revenue Model | Included in platform fee | D&O savings are a selling accelerator, not a separate product |
Investor one-liner: "Boards deploying AI agents face fines up to EUR 15M or 3% under EU AI Act Article 99(4), plus personal exposure under national corporate governance codes. KYA-S generates the Article 12 logging and Article 26 deployer evidence that D&O insurers require for AI governance coverage. Insurers typically report an 8-12% premium range for documented AI governance; fines, premiums, and legal defence remain with the customer."
The DWS IQ 6 platform includes a built-in performance guarantee:
| Layer | Mechanism | Procurement Impact |
|---|---|---|
| SaaS Platform | Fixed monthly subscription — predictable cost, no surprise invoices | Budget-friendly — CFO-approved |
| API Transactions | Per-call pricing for agent operations — pay only for what you use | Scales with usage — no overcommitment |
| Performance Guarantee | Service credit issued on verified production fault within 30 days | Positive — signals confidence |
| Tier | Model | Best For |
|---|---|---|
| Starter | €499/mo + API usage | Single industry, up to 100 agents |
| Professional | €1,999/mo + API usage | Multi-industry, up to 1,000 agents |
| Enterprise | Custom pricing | Full 20-industry deployment, dedicated support |
KYA-S certification is positioned to become the SOC 2 equivalent for AI agent governance.
KYA governs autonomous agents across industries subject to Fit for 55, CBAM, ETS, CSRD, and EU AI Act:
Power & Heat, Iron & Steel, Cement & Lime, Chemicals, Aviation, Maritime, Road Transport, Construction
Agriculture, Waste Management, Aluminium, Pulp & Paper, Petroleum Refining, Food & Beverage, Glass & Ceramics, Mining
Fintech & Trading, Pharma & Biotech, Cybersecurity, Healthcare & MedTech
Enterprise-ready legal documentation for DWS IQ 6 platform deployment.
GDPR Article 28 compliant DPA for enterprise customers. Covers data controller/processor roles, AI processing, sub-processor transparency, EU-first data residency, and DORA compliance (Annex D).
Full list of sub-processors with data locations, processing purposes, and transfer safeguards. Updated per DPA Article 7.4 with 30-day advance notice.
Terms of service for DWS IQ Aegis single-tenant sovereign AI platform. Covers data sovereignty guarantees, infrastructure ownership, SLA, and decommissioning.
Coming soon — contact risto@lifetime.fi
Certification program for technology partners integrating with the KYA framework. Three tiers: Integration, Strategic, Enterprise.
Coming soon — contact risto@lifetime.fi
Export control obligations under EU Dual-Use Regulation (EU 2021/821) for DWS IQ Aegis and defence/government deployments.
Coming soon — contact risto@lifetime.fi
PiTuKri audited (v1.1, Traficom NCSC-FI). Transitioning to national criteria library (autumn 2026). ISO 27001 (Q3 2026, TÜV Rheinland). SOC 2 Type II (Q4 2026). IEC 62443 (Q1 2027).
Full KYA Standard documentation, NIST alignment mapping, and financial projections available for qualified investors.
Request DocumentationBack to Investor Relations | Become Industry Captain | DPA | Sub-Processors
Upstream sub-processors & DPAs: onelifetime.world/Partners