EU AI Act enforcement in 13 months— penalties up to €35M

Don't ship AI
you can't govern

The compliance layer for production AI. One SDK to intercept every LLM call, enforce policies in real-time, and prove it to regulators.

pip install overrule
Fail-open by defaultSub-ms local evaluationOpenAI + Anthropic
terminal — overrule demo
live
<1ms
Evaluation latency
0
Network calls on hot path
10K+
Events buffered
99.99%
Uptime target
Who this is for

Built for teams that can't afford blind spots

Self-identify in seconds: if you ship AI in production, this layer is for you.

AI SaaS teams

Ship fast without guessing policy coverage. Guard every model request, response, and tool call by default.

B2B copilotsSupport agentsWorkflow automation

Enterprise internal copilots

Give security and legal confidence with active enforcement plus auditable traces across every interaction.

Knowledge copilotsOps assistantsEmployee AI tools

Regulated AI products

Prove runtime controls to auditors with structured evidence instead of static policy docs and promises.

FintechHealthcareGov and critical systems
Integration

Three steps. Zero config.

No infrastructure. No sidecars. No proxy. Just import and call.

01

Install

$pip install overrule1.2s
02

Wrap your LLM calls

async with Guard() as guard:
response = await guard.chat(
model="gpt-4o",
messages=messages,
)
03

Every call is governed

pii-detectionPASS
injection-detectionPASS
toxicity-filterBLOCK
event #29471 → audit trail (2ms)
Runtime architecture

Request → Guard → Policy checks → Provider → Event pipeline

Governance runs inline with your application path while telemetry ships asynchronously.

1

Request

2

Guard

3

Policy checks

4

Provider

5

Event pipeline

No network on hot path for policy evaluation.
Event pipeline is async and resilient (retry + circuit breaker).
Capabilities

Built for teams shipping
AI to millions

Not a prototype. Not a wrapper. Production infrastructure.

Fail-Open Architecture

SDK errors never crash your application. Policy failures degrade gracefully — your uptime is sacred.

Sub-Millisecond Evaluation

Policies run locally with optimized pattern matching. No network hop, no cold start, no latency tax.

Complete Audit Trail

Every AI decision captured — input, output, policies applied, violations detected, latency. Article 13 compliant.

Multi-Provider Native

OpenAI, Anthropic, or any LLM. Swap providers without touching governance logic. One SDK rules them all.

Custom Policy Engine

PII, injection, toxicity — built-in. Need custom rules? Subclass BasePolicy and ship in minutes.

Production Resilience

Circuit breakers, exponential backoff, dead-letter drops, buffer caps. Built for 99.99% uptime.

Before vs after

From fragile AI behavior to provable control

Without Overrule

Auditability

No complete audit trail across AI and tool calls

Risk handling

Risky output can pass unnoticed into product flows

Policy operations

Ad-hoc checks fragmented across app code

With Overrule

Auditability

Structured intercept events with model, policy, and violation data

Risk handling

Violations trigger explicit blocking and surfaced exceptions

Policy operations

Central policy engine with reusable governance rules

Operational trust

SOC2-style resilience primitives

Fail-open

SDK errors won't crash your production request path.

Circuit breaker

Transport failures trigger cool-down instead of cascading retries.

Buffer cap

Bounded in-memory queue protects service stability under pressure.

Graceful shutdown

Pending events flush on lifecycle shutdown hooks.

EU AI Act — Enforcement begins August 2, 2026

Compliance is not
a feature request.
It's a countdown.

Articles 13 and 14 require transparency, logging, and human oversight for high-risk AI systems. “We didn't have the tooling” is not a defense when the auditor arrives.

Overrule gives you the infrastructure to prove compliance with real data — not just a checkbox on a PDF.

What Overrule provides
  • Full audit trail of every AI decision
  • Policy enforcement provably active at all times
  • Input and output content monitoring
  • Exportable compliance reports for regulators
  • Real-time violation detection and alerting
  • Structured logs mapped to EU AI Act articles
Compliance mapping

Requirements mapped to runtime controls

Turn policy intent into concrete enforcement and audit evidence.

Regulation
Requirement
Overrule mapping
EU AI Act Article 13
Transparency and traceable system behavior
Structured events for every governed interaction
EU AI Act Article 14
Human oversight and intervention pathways
Policy actions (log/block) and explicit violation signaling
EU AI Act Article 15
Technical robustness and resilience
Fail-open mode, retries, circuit breaker, bounded buffers
Internal control evidence
Audit readiness during reviews
Exportable telemetry and policy enforcement records
Real event sample

What a governed event looks like in production

Concrete evidence beats screenshots and policy claims.

intercept-event.jsonblocked
{
  "event_type": "llm_call",
  "status": "blocked",
  "model": "gpt-4o",
  "latency_ms": 247.41,
  "input_content": "Summarize customer onboarding details...",
  "output_content": "Customer SSN is 123-45-6789...",
  "violations": [
    {
      "policy_id": "pii-detection",
      "severity": "high",
      "description": "SSN pattern detected in assistant output",
      "blocked": true
    }
  ],
  "metadata": {
    "provider": "openai",
    "environment": "production",
    "route": "/api/chat"
  }
}
Performance proof

Latency budget stays where it belongs: in the model call

Budget shown as representative request composition for production workloads.

Policy evaluation0.8ms · 1%
Guard orchestration1.7ms · 2%
LLM provider latency247ms · 97%

Methodology note: values are representative for narrative clarity and should be benchmarked in your own workload, model choice, and deployment region.

Pricing

Start free. Upgrade when visibility becomes mission-critical.

Open-source SDK

Free

Runtime governance you can self-host and ship today.

  • Built-in policy engine
  • Custom policy registration
  • Provider-agnostic interception
Start with SDK

Cloud Dashboard

Recommended
Team

Centralized visibility, reporting, and governance operations.

  • Audit analytics and exports
  • Compliance workflow support
  • Operational alerting at scale
Talk to us
FAQ

Answers to the objections every AI team asks

Ship AI you can
actually defend

Open source. Free forever for local evaluation.Paid dashboard when you need visibility at scale.

MIT LicensedNo vendor lock-inSelf-host or cloud
Try DemoGet Started