How we work

Productized where it should be — consulted where it must be

Regulated AI adoption fails when sold as shelf software (compliance never fits a template) or as pure consulting (the work never compounds). Vertical Edge AI is structured as a hybrid: VeilEngine is the productized execution layer; our team compiles your vertical pack, validates the evidence boundary with your compliance officer, and stays embedded until the workflow is in production.

Request a consultation Read VeilEngine
What you get

Three things ship with every engagement

A compiled vertical pack

Your framework, your jurisdictions, your workflows — mapped to the policy engine and the evidence fabric. Not a template; a deliverable you own and can audit.

VeilEngine in your environment

VeilEngine deploys in your cloud or VPC so protected data stays in your region. The first production motion runs as an own-operated Tier 1 gateway — managed durability, signed receipts, a per-session hash-linked evidence chain, and the offline verifier handed to your compliance team for independent validation. Tier 0, Tier 2, and air-gapped deployments are scoped per engagement.

A running workflow in production

Not a pilot. Not a proof of concept. A workflow your team operates daily, with the evidence boundary live, the productivity gain measured, and the framework controls demonstrated to your auditor.

Engagement timeline

Six weeks, three phases — no surprises

Discovery to production-running workflow in six weeks is the design constraint. If we are not on that pace by Week 3, we surface it — we do not let timelines drift.

Phase 1 · Week 1–2

Regulatory audit & exposure map

We work with your CCO, CISO, and the operational team owning the workflow to diagnose what compliance has currently blocked, why, and what the framework gap actually is. Output: ranked exposure map, control-mapping draft, vertical-pack scope, success metrics agreed.

Phase 2 · Week 3–4

Execution-layer deployment

VeilEngine deploys as the evidence gateway — own-operated for the first motion, or in your cloud or VPC per engagement. The vertical pack and any non-gateway protection tier are scoped and installed when the engagement requires them. Receipt service operational; verifier CLI delivered to your compliance team. Operator training begins.

Phase 3 · Week 5–6+

Production cutover & continuous evidence

Workflow reaches production. Daily operator usage with the evidence boundary live. Time-to-Useful-Answer, Semantic Preservation Score, and Cost-per-Useful-Answer instrumented; provider portability validated per engagement. Quarterly framework refresh begins.

Where an engagement begins

Three ways engagements begin — each with a fixed scope

The six-week model above is the path to a governed workflow in production. Most organizations reach it through one of three scoped entry points. We work with regulated mid-market organizations — typically 50 to 1,000 employees in healthcare, financial services, insurance, legal, and education — that have a specific AI workflow compliance has not let ship.

Entry · ~4 weeks

AI Exposure Map

A scoped diagnostic of where AI touches your data, your customers, and your regulatory perimeter. Output: a portable map of control gaps and a prioritized remediation path you keep whether or not you continue. The fastest way to see where you stand.

Start an exposure map
Flagship · ~6 weeks

Governed workflow to production

The three-phase engagement above: one compliance-blocked workflow taken from regulatory audit to a governed, audit-evidenced production deployment. A running workflow your team operates daily — not a pilot, not a slide deck.

See the three phases
Readiness · ~60–90 days

Framework readiness module

A diagnostic-and-routing engagement that maps your governance posture to the framework your auditor recognizes — AIUC-1, ISO 42001, or NIST AI RMF — and produces auditor-ready evidence across multiple workflows. For organizations preparing for a formal audit.

See the methodology

Durations are typical scopes, not fixed quotes; every engagement is sized against your exposure map after the regulatory audit. Vertical-specific implementations (for example, a HIPAA-aligned clinical workflow or a Reg S-P-compliant adviser workflow) are scoped the same way.

Mutual responsibilities

What we need from you

A six-week timeline holds only when both sides commit. The engagement is designed around a small, specific set of inputs from your team — named up front so nothing stalls at Week 3.

  • A named, blocked workflow. One specific workflow your compliance team has not approved — not “an AI strategy.” The sharper the workflow, the faster the engagement.
  • Access to the three decision-makers. The compliance owner (CCO or equivalent), the security owner (CISO or equivalent), and the operational owner of the workflow, available for the Phase 1 audit.
  • The framework your auditor uses. Whether HIPAA, SEC Reg S-P, NAIC, FERPA, ISO 42001, or another — so we map to the standard you are actually held to, not a generic one.
  • A deployment target. The cloud account or VPC where VeilEngine will run, and the IT contact who can provision it.
  • An operator for training. The person or team who will run the workflow daily once it reaches production.
Engagement boundaries

What we don’t do

Regulated-AI consulting is full of vague engagements that produce slide decks instead of workflows. We define the boundaries up-front so the engagement either ships or terminates — never drifts.

  • No staff augmentation. We do not place engineers inside your team to write your code under your supervision. Our deliverable is a compiled vertical pack and a running execution layer.
  • No generic AI strategy. We engage on specific workflows your compliance officer has blocked. If the engagement isn’t scoped to a named workflow, we don’t take it.
  • No retainer-without-deliverable. Every engagement has a defined production milestone. Ongoing relationships are framework-refresh + workflow-extension contracts, not open-ended retainers.
  • No vendor lock-in. The evidence fabric is portable. The vertical pack is yours. If we vanished tomorrow, your workflow continues running and your evidence still verifies.
  • No mechanism exposure. The VeilEngine internals are proprietary; the outputs — signed receipts and per-session evidence exports — are open and independently verifiable. Customer access is to the interface and the evidence, not the implementation.
Pricing posture

Quoted against your exposure map, not a generic price list

We do not publish tier pricing. Regulated-AI engagements vary by vertical, workflow count, expected receipt volume, protection tier, and framework scope — the variables differ enough that a published range tends to mislead more than inform. Every engagement is quoted against your specific exposure map after the regulatory audit, not before.

What scopes the quote

  • Workflow countprimary scoping variable
  • Vertical pack complexityframework count, jurisdictions
  • Protection tier mixTier 0 / 1 / 2 distribution
  • Receipt volumemonthly request projection
  • Provider routingClaude / GPT / Gemini mix

What you can expect

  • Discovery regulatory audit — no obligation, output is yours regardless
  • Preliminary exposure map — framework gaps, productivity gain, evidence plan
  • Itemized engagement quote — vertical-pack compile, deployment, training, framework refresh
  • Outcome-based gates — named production milestones, not hourly billing
Start your exposure map
Engagement questions

Questions buyers ask before they engage

The flagship governed-workflow engagement is designed to run six weeks across three phases — regulatory audit, execution-layer deployment, and production cutover. A standalone AI Exposure Map is roughly four weeks; a framework readiness module across multiple workflows is roughly 60 to 90 days. Durations are typical scopes; each is sized against your exposure map after the Phase 1 audit.
One named, compliance-blocked workflow; access to your compliance, security, and operational owners for the Phase 1 audit; the framework your auditor uses; a cloud account or VPC to deploy into; and an operator to train. The six-week pace depends on those inputs being available — which is why we name them up front.
Production. The engagement is defined by a named production milestone, not a proof of concept. A pilot that never ships is the failure mode we are built to avoid — the deliverable is a workflow your team runs daily with the evidence boundary live and the framework controls demonstrable to your auditor.
We do not publish tier pricing. Engagements vary by workflow count, vertical-pack complexity, protection tier, receipt volume, and framework scope — enough that a published range tends to mislead. Every engagement is quoted against your specific exposure map after the regulatory audit, with outcome-based gates rather than hourly billing. The discovery audit’s output is yours regardless of whether you continue.
Your workflow keeps running and your evidence still verifies. The vertical pack is yours, and the signed receipts and per-session evidence exports are checkable with an open offline verifier that does not call our infrastructure. There is no verification lock-in — if we vanished tomorrow, the evidence you hold would still stand up to an auditor.
The AI Governance Readiness Assessment is a short, private self-assessment that scores your AI usage, governance maturity, evidence capability, and regulated-data exposure in about three minutes. It runs in your browser and is a signal, not a certification — a useful way to frame the Phase 1 conversation before you reach out.
Begin with the audit

Begin with the regulatory audit

A discovery regulatory audit, a preliminary exposure map, and your own diagnostic to keep whether or not you move forward. No NDA required to begin.

Request a consultation