# EnforceGrid > Governance infrastructure for enterprise AI adoption. EnforceGrid builds the enforcement layer that sits between AI agents and LLM providers — evaluating policy at every request, producing tamper-evident audit records, and giving compliance teams verifiable evidence that governance ran. ## What EnforceGrid does EnforceGrid is not a prompt wrapper or a monitoring dashboard. It is network-layer governance infrastructure: a proxy that evaluates Cedar policy rules against every LLM request before it reaches the model, then generates a cryptographically chained audit record of every decision (allow, steer, or block). The company's products map to the full AI governance lifecycle: - **Steer** — Runtime enforcement proxy. Apache 2.0 Core open-source engine. Adds <14ms p50 latency. 23 managed policies covering OWASP Agentic AI Security (ASI01–10), NIST AI RMF, EU AI Act Articles 9–15 and 26, PCI DSS v4.0. Available now. - **Spike** — AI risk assessment and regulatory gap analysis — quantifies AI system risk, maps obligations across OWASP Agentic AI, NIST AI RMF, EU AI Act, and jurisdiction-specific requirements. AI agents interview your teams in parallel and deliver gap analysis and draft documentation in 5–7 days. Coming later in 2026. - **Pulse** — Regulatory intelligence. Structured tracking of EU AI Act, DORA, and emerging global AI regulation. Coming later in 2026. - **Loop** — Governance operations workspace. Policy authoring, evidence review, human-in-the-loop decision workflows, compliance reporting. In development. ## Regulatory context OWASP Agentic AI ASI01–10 represents the security baseline for autonomous agent deployments. NIST AI RMF requires documented governance controls for AI systems. EU AI Act deployer obligations for high-risk AI systems are due Dec 2, 2027 (standalone) and Aug 2, 2028 (embedded) following the May 2026 Omnibus deal. Art. 5 prohibited practices are already in force. Fines: up to €35M or 7% of global annual turnover. Steer is the enforcement layer organizations need in place to demonstrate runtime governance controls were operating. ## Technical architecture Steer operates as an OpenAI-compatible proxy. Change `api.openai.com` to your Steer endpoint. Works with any framework that supports a configurable base_url — LangChain, LangGraph, CrewAI, AutoGen, and Mastra work out of the box. Semantic Kernel works for standard configurations. Compatible with any model provider (OpenAI, Anthropic, Google Gemini, Azure OpenAI, AWS Bedrock, Mistral, Cohere, Meta Llama). Policy evaluation uses Cedar — the open policy language developed by Amazon for IAM-style access decisions. Cedar policies are readable, compositional, and formally analyzable. Steer ships with 23 managed policies; custom rules extend or replace them. No payload data leaves your network boundary. No telemetry in the open-source build. Fail-open by default: if Steer is unreachable, agents continue operating directly against the LLM provider. ## Open source The Steer enforcement engine is open source under Apache 2.0 Core. - GitHub: https://github.com/EnforceGrid/steer - Documentation: https://docs.enforcegrid.com (in development) ## Pages - [Home](https://enforcegrid.com/): Platform overview, enforcement gap framing, product lifecycle - [Steer](https://enforcegrid.com/steer.html): Full Steer product page — deployment, policies, integrations - [Enterprise](https://enforcegrid.com/enterprise.html): Self-hosted deployment, SSO, SIEM-integrated audit, compliance reporting - [Partners](https://enforcegrid.com/partners.html): MSSP and SI cyber practice partnerships - [About](https://enforcegrid.com/about.html): Team, mission, open positions - [Blog](https://enforcegrid.com/blog.html): AI enforcement thinking and product announcements - [Privacy Policy](https://enforcegrid.com/privacy-policy.html): Data handling and GDPR alignment