Compliance teams were never meant to gather evidence. They were meant to make decisions.

So why aren’t they? Because for twenty years, the compliance industry built tools that made the wrong work faster. Screen faster. Document faster. Review faster. The tools got better. The premise never changed: that humans should be doing this work at all.

They should not. Not most of it.

Compliance is, at its core, a set of repeatable analytical tasks. Gather data on a counterparty. Cross-reference it against sanctions lists. Check for adverse media. Classify risk. Assemble evidence. Write it up in a form that a regulator will accept. These steps are well-defined, they run to a pattern, and they have a verifiable output. They are exactly the kind of work that agents are built for.

The compliance industry never built for that reality. It built dashboards. It built checklists. It built portals where compliance officers do the work with slightly better tooling. The human remained the unit of labor, and the software existed to assist the human.

That model is about to break.

More regulation. Same headcount. Do the math.

Even if parts of the EU AI Act timeline move, the direction does not. The Commission is already clarifying high-risk classification guidance, and companies deploying AI in the EU still face risk-classification, documentation, monitoring, and evidence obligations. MiCA is live. DORA is in effect. AML obligations continue to expand. The regulatory surface is becoming a continuous operating burden, not a one-off project.

Every company deploying AI in the EU now has documentation requirements, risk classification obligations, and evidence standards that require ongoing work: continuous, systematic compliance across every AI system in scope, updated as the systems and their use evolve. This is not a one-time project.

The old model responds to this by hiring more compliance officers. More seats. More licenses for the tools those officers use. When the regulatory surface doubles, the headcount doubles. That is the only lever the current model has.

It is the wrong lever. Compliance work is not limited by the number of people available to do it. It is limited by how much of it can be done reliably, at speed, and at a cost that does not scale linearly with volume. The answer to a doubling regulatory surface is not twice as many humans at dashboards. It is agents that handle the volume without adding to the headcount.

Per-seat tools scale with people. Regulation scales with volume.

There is a fundamental mismatch at the center of the compliance software market. Every major platform charges per seat: per compliance officer using the system, per user logging in to run a check. That pricing model made sense when the software’s job was to help a human do the work. The human was the constraint. More humans, more capacity.

That is no longer the constraint. The constraint is volume: how many counterparties need screening, how many AI systems need documentation, how many evidence packs need to be assembled and verified before the auditor arrives. Volume does not track headcount. It tracks regulation, market expansion, and business growth.

When the pricing model is per seat and the actual constraint is volume, the vendor and the customer are solving different problems. The customer needs compliance capacity that scales with their obligations. The vendor charges them for access to a tool. Those are not the same trade.

The result is predictable. When the EU AI Act generates new documentation obligations, the customer does not buy more seats. They stretch their existing team further, document less rigorously, or pay a consultancy to cover the gap. None of those options scale. None of them produce the consistent, verifiable, auditable evidence that regulators increasingly expect.

Agents do the work. Humans make the call.

cmpliance is built on a different premise. It is an agentic workforce: agents do the compliance work, the human reviews, approves, and signs off. That is the entire model.

Specialist agents coordinate on a single assessment. Screening. Classification. Evidence retrieval. Narrative assembly. Risk scoring. Each agent handles a defined task, hands its output to the next, and produces a single deliverable at the end: a hash-chained, tamper-evident evidence pack that contains the decision, the sources, the reasoning, and a verifiable audit trail, built to withstand auditor and regulator scrutiny.

The human does not disappear. The human closes the loop. That is the product architecture, reflected in the logo: three open arcs, each representing a compliance lifecycle. The arcs do not close. The human closes the loop, at the point where judgment is required and accountability matters.

What the human does not do is gather the evidence, run the sanctions check, write the narrative, or assemble the pack. paterhn has run this class of architecture in production: assessments completed in 21 seconds, with 87% risk-classification accuracy.

What the agents actually see

When a cmpliance agent screens a counterparty, it does not do what a conventional tool does. A conventional tool takes a name, runs it against sanctions lists and watchlists, and returns a match or a clear. That is a lookup, not an assessment. The cmpliance agents see the full structure. Ownership chains. Beneficial owner registries. Directorship links. Cross-jurisdiction nominee relationships. Transaction flow patterns. They map the entity’s position in a network, not just its name against a list.

That means they can flag a counterparty that passes every surface check: the name appears nowhere on a sanctions list, but the ownership structure points somewhere else.

A holding company in a low-transparency jurisdiction may sit between the counterparty and a beneficial owner who also appears in the governance chain of another entity, several steps removed from a sanctioned individual.

A name-matching system will not find that. A document search will not find it either, because the risk does not live in one document. It lives in the relationship structure between filings, registries, ownership records, and jurisdictions.

The technology underneath is a hybrid architecture: large language model reasoning over documents combined with graph neural network reasoning over entity structures. The language model reads filings, reports, and registries. The graph maps relationships between entities across ownership layers and jurisdictions. Both are mathematically represented in a shared multi-dimensional vector space, so the system can follow a textual reference in a corporate filing to a structural connection in an ownership registry and trace it three hops to the sanctioned entity that a surface check would never reach. The LLM layer is model-agnostic by design: when Anthropic, OpenAI, or Google ships a stronger model, cmpliance adopts it the same day. The structural reasoning layer is where the durable intelligence sits, and that layer belongs to cmpliance, not to any model vendor.

paterhn has been building this class of system since 2017. cmpliance is the first time that architecture has been productized for compliance.

Not a better tool. A different trade.

This is not a dashboard upgrade. cmpliance is a new category: agent labor for compliance, built on architecture that has been in production for years. It does not sell seats to a tool. It sells agent labor: compliance work delivered as output, priced on capacity, not on the number of people who log in.

The entire enterprise software industry is converging on this model. Salesforce introduced the Agentic Work Unit. ServiceNow launched an Autonomous Workforce. Nvidia dedicated an entire GTC keynote category to AI Natives. The shift from seats to work is not a thesis anymore. It is the direction the market is moving.

Compliance is one of the strongest domains for this model, because every deliverable has a legal definition. A screening is complete or it is not. An evidence pack meets regulatory standards or it does not. A risk classification follows the EU AI Act framework or it does not. There is no ambiguity about what a compliance work unit is. When the industry asks how to standardize what an agent work unit means, compliance has the clearest answer.

Without evidence, a decision is just an opinion

Regulators do not accept decisions without evidence. They accept decisions that come with documented reasoning, traceable sources, and a verifiable record of how the conclusion was reached. That is what an evidence pack is.

“The next class of compliance agents will not just answer questions. They will assemble proof, preserve reasoning, and make decisions auditable before the auditor asks.”

Most compliance tools produce a decision and a summary. cmpliance produces a decision pack: every data point traced to its source, every agent action recorded in an append-only audit ledger, every piece of evidence included with its provenance, and the entire pack sealed with a cryptographic hash. Tamper-evident and verifiable without platform access. Portable.

When the auditor arrives, the evidence is already there. The pack is already assembled. The audit trail already exists. The compliance officer does not scramble to reconstruct what happened. The system already recorded it.

That is not a feature. It is the point. Compliance is ultimately about being able to prove what you did, when you did it, and why. The evidence pack is how cmpliance makes that proof automatic rather than effortful.

Twenty-five years of shipping. This is what we built.

cmpliance is built by paterhn.ai, a Swiss AI development studio with production AI systems in operation since 2001 and multi-agent systems running in enterprise environments since 2017. Transformer-era agents in production since 2019.

The architecture behind cmpliance was built and proven across production deployments in regulated industries: multi-agent systems running screening, classification, evidence retrieval, and synthesis in 21 seconds per assessment, with 87% accuracy on risk classification and consistent reductions in manual review volume. Evidence packs built for regulated review environments. cmpliance is the productization of patterns that already work at enterprise scale.

paterhn builds and transfers. Full IP ownership to the client, no lock-in, no black boxes. That same principle shapes cmpliance: the customer owns the evidence, owns the decisions, owns the audit trail. Nothing is stored in our cloud that is not explicitly theirs.

Your team doesn’t shrink. Your team decides.

Compliance officers do not lose their jobs. They stop spending time on tasks that machines do better.

The average compliance officer in a regulated mid-market company spends the majority of their working time on evidence gathering, documentation, and repetitive screening. That work is important. It also does not require human judgment. It requires thoroughness, consistency, and speed. Agents provide all three.

What compliance officers are actually good at, and what regulation requires them to do, is judge. Evaluate edge cases. Apply contextual knowledge. Sign off on decisions that carry regulatory weight. Override a system recommendation when they have information the system does not. That work stays with the human. The rest moves to the agents.

For teams and departments, the change is visible immediately: volume no longer produces proportional overhead. A compliance team that handles 100 assessments per month can handle 500 without adding headcount. EU AI Act documentation that would take weeks of consultant time can be completed in hours. KYC onboarding that currently requires multiple officer-hours per counterparty runs in 21 seconds, with a ready-made evidence pack waiting for review.

The pricing reflects this. cmpliance does not charge per seat. The first assessment is free. Beyond that, pricing is based on delivered compliance work, not on named users. The system meters the work the agents actually deliver: assessments completed, evidence packs assembled, documentation produced, and compliance labor executed. No per-user fees, no license counting, no negotiation required every time volume increases. You pay for compliance work delivered, not for access to a tool.

We are looking for pioneers

cmpliance is in early access. The product runs. The architecture is proven. The first customers to deploy it are not testing a concept. They are deploying a compliance workforce.

The organizations that come first get something beyond early pricing. Every human decision made inside cmpliance, every approval, rejection, override, and rationale, feeds back into the system as a labeled signal. The agents learn from the compliance officer’s judgment, not just from generic training data. The earlier a company joins, the more the system understands their specific entity landscape, their escalation thresholds, their risk tolerance, and their regulators. That compounding advantage does not transfer to later adopters.

We are particularly interested in working with companies that are deploying AI systems in the EU and need EU AI Act documentation ahead of enforcement; that run KYC/AML onboarding at volume and are absorbing the cost in compliance officer hours; that are currently absorbing compliance costs in consultant hours or seat-based tools and want to know what the same budget buys in agent labor; and that want a compliance workforce that produces defensible evidence, not a compliance tool that helps humans produce it themselves.

Pilot customers shape the product. Their compliance reality becomes part of the system. Their edge cases improve the agents. Their feedback determines what gets built next. And even in the most conservative scenario, a pilot gives them a clearer, data-backed picture of what their current compliance spending actually delivers compared to what agent labor can produce.

We are not launching a product. We are launching the agentic workforce for compliance. The companies that deploy it first will run compliance at a scale, speed, and cost that everyone else will be trying to catch up to.

cmpliance is now in early access. The obligation does not wait for an enforcement date. Get early access.