Mergetic Runs · Runtime governance · Pre-pilot Q3 2026
Assess the risk. Govern the outcome.

The Control Tower for AI.

Nothing acts without clearance. A structurally independent governance layer that holds binding veto over every AI output — live, in production. The controller proposes; governance disposes; fail-closed by design.

Most AI tools score outputs · Mergetic Runs gates them
patent-pending split-authority architecture · tamper-evident audit · any model, any cloud

INPUT REASONING SYNTHESIS EVALUATION CONTROLLER GOVERNANCE OUTPUT
Split Authority · the same output, two verdicts
CONTROLLER
APPROVE
94% conf
GOVERNANCE
VETO
96% conf
EFFECTIVE DECISION
QUARANTINE
GOVERNANCE VETO APPLIED

The controller approved this output. Governance independently blocked it and routed it to human review — a structural check a single-model pipeline cannot reproduce.

Patent-pending · IE 2025/0516 · EPO filed
Tamper-evident · hash-chained audit
Vendor-neutral · any model, any cloud
Fail-closed by design
The runtime problem

A single model can't police itself in production.

An evaluation tells you your AI is risky. But once it's live and acting on real customers, who stops the bad output before it lands? Three structural gaps that linear AI pipelines can't close.

No independent veto

When the model that generates an output is also the one that approves it, there's no authority that can overrule it. Correlated judgment can't catch correlated failure.

Too late to review

A bad decision propagates through a workflow before anyone notices. Post-hoc monitoring tells you what already went wrong; it can't stop the output acting.

No defensible record

EU AI Act Articles 12 and 14 presume an independently verifiable record of why an output was allowed. A model narrating its own reasoning doesn't meet that bar.

How it works

Two authorities. One output. Nothing acts without clearance.

Every output runs a governed pipeline. A controller routes on a composite score; a structurally separate governance node — with its own reasoning and its own rulebook — holds the binding veto. Disagreement resolves fail-closed.

The controller proposes.
Governance disposes.

  • ARES evaluation. Each output is scored on Accuracy, Risk & ethics and Compliance, rolled into a composite score S.
  • Threshold routing. S is routed against emit / regenerate thresholds — emit, review, or regenerate.
  • Independent governance. A separate node applies the active rulepack — SEC, FINRA, HIPAA, CBI, GDPR — and can veto regardless of controller approval.
  • Immutable record. Every decision is written to an append-only, hash-chained memory spine — a tamper-evident audit trail.

Five things governance can decide

1

Emit

Score clears the threshold and governance approves — the output is released.

2

Review

Borderline score — routed for a check before it can act.

3

Regenerate

Below threshold — the output is sent back to be reproduced.

4

Quarantine

Governance vetoes — the output is held and escalated to human oversight.

EMIT
Cleared — released
REVIEW
Borderline — checked
REGEN
Below bar — reproduced
BLOCK
Vetoed — stopped
QUARANTINE
Held for human review
Use cases

The same Control Tower, across regulated domains.

Runtime governance is easiest to understand through the person who has to answer for the AI. Pick a domain — the problem, what Mergetic does, and the outcome.

The problem
SL
Siobhán
Head of Compliance · Irish retail bank
A customer's mortgage was declined by AI. He's a journalist.

The AI made its recommendation, the loan officer accepted it, and the record shows only the outcome — not the reasoning, not the inputs it weighted, not who reviewed it. The CPC 2025 requires her to demonstrate the AI operated within defined rules and that a human was accountable. She can demonstrate neither.

Mergetic

Every AI decision passes through the governance layer first. Every input is logged. Every output is evaluated against the CPC 2025 RulePack. Every decision carries a confidence rating, a risk flag, and a complete record of every reasoning step.

The audit log is ready before the call comes in.
The outcome
The complaint is resolved. The journalist moves on.

Siobhán shows the regulator a complete decision record within the hour — what data the AI considered, what weight it gave each factor, what score the output achieved, and the human reviewer who confirmed it before it was applied.

"The colleague who always has the paperwork ready — the one who makes her look prepared when the call comes in."
See it live

The Run Inspector — watch a governed decision happen.

An interactive live view of the architecture: every run, scored and routed, with the full reasoning trail. Walk a financial-compliance run that emits, and a high-risk run where governance vetoes the controller. Available as a guided walkthrough.

ARES scoring
A · R · E · composite S, live per run
Threshold routing
Emit / review / regenerate bands, visualised
Memory spine
Append-only, WORM, replayable
Audit trail
Hash-chained, tamper-evident events
The four pillars

Four properties. One company in the IAPP 2026 landscape claims all four.

Structural independence

Judge separated from generator

Runtime enforcement

Per-decision binding veto

Immutable audit

Hash-chained, tamper-evident

Vendor-neutral

Any model, any cloud

Regulatory alignment

Designed for EU AI Act requirements.

Mergetic's architecture embeds governance capabilities that map directly to the EU AI Act's core obligations for high-risk AI systems.

Timeline: high-risk obligations — including risk management (Art. 9), traceability (Art. 12), human oversight (Art. 14) and post-market monitoring (Art. 72) — apply from 2 August 2026. A postponement to 2 December 2027 (stand-alone Annex III) and 2 August 2028 (embedded Annex I) was provisionally agreed through the Digital Omnibus in May 2026, but is not yet law.

Article 9

Risk management

Continuous evaluation and scoring at every pipeline stage. Composite risk metrics trigger automatic escalation or blocking before an output can propagate.

Article 12

Traceability

Full execution logs captured in the Memory Spine — every reasoning path, every synthesis decision, every governance override, auditable end-to-end.

Article 14

Human oversight

Configurable escalation triggers route edge cases to human reviewers. The system supports human decision-making authority — it does not replace it.

Mergetic provides architectural capabilities that support regulatory alignment. This does not constitute legal advice or certification. Organisations should consult qualified legal counsel for compliance assessment.

How it fits together

Assess the risk. Then govern the outcome.

The benchmark and the Control Tower share IP but are bought separately. The evaluation is the front door; runtime governance is where it leads — if and when you choose.

Phase 1 · Available now

Reliability Benchmark

An independent, scored verdict on whether your AI is safe to deploy — measured against gold-standard answers across 25+ FS frameworks.

View the benchmark
Phase 2 · Pre-pilot Q3 2026

Mergetic Runs

Once you've found the risk, govern it live: a structurally independent layer that holds binding veto over every output in production.

Request a pilot
Pilot engagements forming for Q3 2026

Bring Mergetic Runs into your stack.

Request a pilot or a live walkthrough of the Run Inspector. Early pilots help shape the production rollout.

john@mergetic.com