Commercial · Built on Orchetron

NOMOS

The decision control plane for AI agents. Policy and approvals before each action. Signed evidence after.

AGENT.TS
const client = withNomos(agent, { apiKey: "nm_live_…", tenant: "acme-bank-eu", }) // Every consequential action is now: // → policy-gated // → approval-routed if required // → signed as a GovernedDecision // → anchored in the evidence ledger
Forcing Function
EU AI Act · DORA · ISO CG 40 47/48
Control Loop
SDK → Policy → Approval → Sign → Anchor
The shift

From "what did the model say?"
to "who authorized this action?"

Once an agent can refund a customer, change DNS, or deploy code, the question becomes: who authorized this, on what evidence, and can we prove it six months from now?

gavel
EU AI Act · Article 12
Aug 2, 2026

Automatic-recording obligation in force. Penalty €15M or 3% global turnover.

policy
DORA
Live since Jan 2025

First inspections in early 2026 surfaced third-party-AI gaps across the EU bank panel.

shield_lock
ISO CG 40 47 / 48
Jan 2026

Cyber-insurance endorsement strips AI from default CGL coverage. Insurers want signed attestations.

corporate_fare
OCC 2026-13
Advisory pending

US national-bank examiners aligning with the EU posture. Buyers preparing now.

The product is the loop

SIX STEPS.
ONE CONTROL LOOP.

Every consequential agent action passes through the same control loop. The loop produces a signed, replayable, regulator-credible record. Nothing else has to.

Stage 01 · Intercept
agent.tool(
amount: 500.00
)

One-line SDK wrap intercepts every consequential tool call.

Stage 02 · Policy
rbac · abac
risk score0.42
amount > $100↑ escalate

RBAC + ABAC + risk + guardrails. Allow / deny / escalate.

Stage 03 · Approval
Slack
ServiceNow

Routed through 15+ channels, wherever the approver actually works.

Stage 04 · Sign
3a8f9c2e
ed25519 · signature ✓

RFC 8785 canonical bytes. Ed25519 + post-quantum ML-DSA-65.

Stage 05 · Ledger
N-1
N

Hash-chained, geo-replicated, anchored to Eth L2 + CT log.

Stage 06 · Audit
verifiedVerified

Regulator verifies bytes against your published key. No vendor trust.

Intercept / Policy / Approval / Sign / Ledger / Audit
key
Property 01

The customer can leave Nomos at any time.

The evidence chain is portable. DAP is open. The signing key is the customer's. The regulator's audit still works after a vendor switch, because verification needs only the public key and the canonical spec.

no_accounts
Property 02

No middleware between you and the regulator.

A signed GovernedDecision is independently verifiable from the public key alone. The regulator does not have to trust the Nomos database. Reports are not bundles. Bundles are not reports.

Stack position

Not a replacement.
A layer that didn't exist.

Nomos sits one layer below the framework, the registry, the APM, and the security stack, at the decision layer where authorization, evidence, and provability happen.

psychology Agent framework
How the agent reasons, plans, invokes tools
LangChain · LangGraph · CrewAI
hub Tool registry
What tools exist, how they are exposed
MCP · A2A · OpenAI specs
monitoring Observability
What happened, traces, costs, spans
Langfuse · LangSmith · Datadog
shield Security
Was something attacked / abused
WAF · IAM · EDR
underneath all four
verified NOMOS
Whether an agent decision is authorized, governed, evidenced, and provable, before it becomes an action.
This product

Observability answers "what did the agent do?" after the fact. Security answers "was something attacked?" in real time. Nomos answers a different question: "was this decision allowed, by whom, on what policy, with what evidence, and can a regulator replay it six months from now?"

Brand stack

Three names.
Three jobs.

Orchetron orchestrates intelligence. DAP attests decisions. Nomos governs them. Red Hat to Linux at the business-model layer, the fabric is donated, the spec is donated, the product is sold.

01 · Substrate
MIT · forever

ORCHETRON

gov
evd
mem
obs
knw
cnct
evt
auth
stor
cmp
sch
+
11 swappable planes

The open compositional fabric. Mechanically-proven governance algebra, runs anywhere.

02 · Wire
Apache 2.0

DAP

Decision Attestation Protocol
{
"id": "dec_3a8f9c…",
"prev_hash": "7b2e…",
"payload": { … },
"signature": "ed25519…"
}
RFC 8785 · CBOR · Ed25519 + ML-DSA-65

Frozen wire spec for the signed decision record. Donation-target. Peer to MCP and A2A.

03 · Product
Commercial

NOMOS

approval bus 15+ ch
evidence ledger geo-replicated
compliance 7 frameworks
federation Nomos↔Nomos

The managed enforcement layer on top of Orchetron. Sold, not donated.

Open core, not marketing

Eight subsystems
lifted upstream.

Nomos packages depend on Orchetron primitives via cross-repo workspace:*. The same DAP wire bytes, the same SHA-256 hash, the same Ed25519 signature value, proven byte-for-byte by the SDK fixture round-trip test.

A self-host Orchetron customer can graduate to Nomos managed cloud by swapping implementations of the same interfaces. No fork. No migration tax.

Capability
What it does
Decision wire format
Canonical RFC 8785 + deterministic CBOR. Ed25519 + ML-DSA-65 (FIPS 204) post-quantum.
Approval channels
15+ channels. Slack, ServiceNow, email, IDE, mesh, webhook, SSE, Teams, Discord, stdin.
Mesh trust lattice
Owner / trusted / guest / untrusted with revocation. HIPAA lost-device-ready.
Event transport
Pluggable broker. In-process, in-memory, Kafka. Same wire shape across all.
Compliance engine
Per-article scoring across seven frameworks. Open registry, bring your own.
Anchor backends
Ethereum L2 (Base, Optimism, Arbitrum) + RFC 6962 Certificate Transparency log.
Post-quantum signatures
ML-DSA-65 (FIPS 204 final). Forward-secure attestation surviving quantum break.
Governance algebra
16-combinator decision lattice. AND / OR / NOT / VOTE / IF / WHEN / TIMEOUT / FALLBACK + custom.
7 deterministic engines

Compliance,
exported.

Each framework engine produces a signed regulator-ready bundle deterministically from the evidence chain. Identical inputs → identical archive bytes → identical SHA-256, verified across all 7 frameworks.

euro
EU AI Act
Annex IV
medical_services
HIPAA
§164.312(b)
privacy_tip
GDPR
Art. 30 RoPA
credit_card
PCI DSS
Req. 10
flag
CCPA
California
account_balance
SOX
Sec. 404
workspace_premium
ISO 42001
AI mgmt sys
EXPORT.TS
const bundle = await nomos.generateReport({ framework: "eu_ai_act", // or "hipaa" | "gdpr" | "pci_dss" | "ccpa" | "sox" | "iso_42001" tenant: TenantId.of("acme-bank-eu"), from: "2026-01-01", to: "2026-04-30", }) // bundle.tar.gz contains: // manifest.json ,canonical-JSON, deterministic, Ed25519-signed // report.pdf ,PDFKit-rendered, framework-specific layout // decisions.jsonl, every signed GovernedDecision in scope // signature.json ,Ed25519 (and optional Nomos counterparty co-signature) expect(sha256(bundle)).toBe(sha256(regenerate(bundle))) // byte-identical
Deployment topology

Three trust boundaries.
One cryptographic chain.

Customer infrastructure → Nomos managed cloud → Regulator. The customer's signing key never leaves their environment. The regulator verifies offline against the customer's published verification key, even if the customer leaves Nomos.

Boundary 01

Customer infra

agent.tool(
"refund",
{ amount: 500 }
)
key private key · stays here
PHI / PII never leaves
DAP / HTTPS
signed decisions
Boundary 02

Nomos managed cloud

3a8f9c…signed
2e1d44…anchored
7b9c12…stored
d4a6f1…in flight
queue
us-east-1
eu-west-1
geo-replicated · region-pinned
VERIFY OFFLINE
public key only
Boundary 03

Regulator

eu_ai_act_q2.tar.gz 2.4 MB
manifest.json
decisions.jsonl
signature.json
verifiedVerified offline
audit.nomos.cloud
Trust the cryptography, not the vendor

The evidence chain is portable. DAP is open. The customer's key is theirs.
The regulator's audit still works after a vendor switch.

Three buyers

Whoever signs
when the agent fails.

Not the CISO. Not the ML platform lead. The check-signer is whoever bears liability, General Counsel, Chief Risk Officer, CFO, or a Chief AI Officer reporting to one of them.

Wedge 1
Lead wedge

EU regulated finance

Tier 1–2 EU bank, insurer, or DORA-scoped fintech. EU AI Act + DORA + ISO CG 40 47/48 stack on the same buyer, no other ICP has three forcing functions concurrent.

Wedge 2
Adjacent wedge

US healthcare

Health systems, payers, healthtech with PHI exposure. HIPAA · OCR · Joint Commission drive the audit trail. Fully managed with BAA, Nomos governs the decision, PHI never leaves the customer.

Wedge 3
Long arc

US federal · regulated

Federal agencies, defense contractors with CUI, regulated utilities. FedRAMP · OMB M-24-10 · EO 14110. Self-host with sovereign anchor and formal-methods artifacts that hold up to NSA review.

Phasing

Wedge first.
Platform last.

Phases compound. Phase 1 produces the developer base that pulls Phase 2 into production. Phase 2 builds the references that pull Phase 3 into procurement. Phase 3 turns into table stakes for Phase 4.

Phase 01
Open-source wedge
LARGELY SHIPPED

Wire spec + SDKs + local verifier. Wrapping an agent decision is a one-line change. One-line wrap of OpenAI, Anthropic, LangChain, CrewAI. Adoption flywheel.

Phase 02
Hosted Nomos
CURRENT FOCUS

Multi-region approval bus, geo-replicated evidence ledger, policy checks, customer dashboard, per-decision metering. The hosted control loop for teams running agents in production.

Phase 03
Enterprise controls
NEXT

RBAC, retention, audit exports, regulator-scoped read API, SLA telemetry. SOC 2 Type II, ISO 42001, HIPAA, GDPR, PCI-DSS, EU AI Act mappings, for banks, healthcare, insurers, regulated SaaS.

Phase 04
Platform
LONG ARC

Cross-org federation. Regulator portal. Insurance-carrier attestation. FedRAMP path. Sovereign and air-gapped deployments. Mesh enrollment for HIPAA lost-device protocol, for regulator-touching enterprises, government, multi-org consortia.

Doing Phase 4 work first burns runway against buyers who do not yet exist.

Standing posture

Written down.
Not implied.

The rules below are load-bearing. They constrain pricing, packaging, and licensing across every phase. They are how a buyer can trust the ten-year arc, not just this quarter.

Hard rules
  • × No BSL / SSPL / ELv2 relicense. Orchetron stays MIT, forever.
  • × No single-cloud captive deploy of the open fabric.
  • × No invented competitor data, every claim cited to a primary source.
  • × No Nomos-branded model marketplace or agent framework. We govern existing ones.
  • × No middleware between you and the regulator. Verification is offline against your key.
Pricing posture
  • Free self-host on Orchetron, unlimited, MIT.
  • Free managed tier,100k governed decisions / month.
  • Managed, consumption per governed decision, public commitment.
  • Enterprise, adds SOC 2 II, ISO 42001, indemnification, FedRAMP path.
  • Annual-commit discount available; transparent step-pricing.

Sign as a design partner.

Three forcing functions. One control loop. Six steps. Built on the open fabric every regulator can verify.

Self-host · Orchetron

Run the open fabric in-house.

MIT, forever. Wrap your agent in one line. Sign every consequential action against your own key.

Read the developer brief →
Managed · Nomos Design partner cohort

Run the regulator-grade surface.

Multi-tenant approval bus. Geo-replicated evidence ledger. Deterministic compliance bundles. Cross-org verification. Direct line to the founding team, limited cohort.

design-partners@nomos.cloud →

Phase 1 (open-source wedge) largely shipped · Phase 2 (hosted Nomos) in flight · ML-DSA-65 post-quantum signing GA · 7 framework engines · Eth L2 + CT log anchors live · design-partner cohort opening