AI systems that make decisions affecting customers, employees, or regulated processes need governance before they go live — not after a regulator asks questions. RaftLabs builds the technical controls, documentation, and monitoring infrastructure that let you deploy AI confidently in regulated and risk-sensitive environments.
Not compliance paperwork. Working systems: model cards, bias audits, explainability outputs, human override paths, and the audit trail your legal and compliance teams need.
Model documentation and risk assessment before production deployment
Bias evaluation across protected attributes for models making consequential decisions
Explainability infrastructure so model decisions can be reviewed and challenged
Audit trail and human override path for automated decisions
Recent outcomes
Voice AI · Research
Text-based interviews converted to automated phone calls
6× deeper insightsAI Automation · Ops
Manual invoice OCR across 40+ gas stations
20k+ txns day oneLoyalty · Retail
SuperValu & Centra loyalty platform with receipt validation
1,062 users in 4 weeksSaaS · Logistics
Multi-carrier shipping hub for Indonesian eCommerce
2,000+ shipments yr 1Recognition
AI system making consequential decisions — credit, hiring, claims — with no audit trail or challenge mechanism?
Legal and compliance team asking how you can prove your model is not discriminating and you don't have a clear answer?
In short
RaftLabs provides AI governance services for companies deploying AI in regulated or risk-sensitive contexts. Services include model risk documentation (model cards, risk tiering, impact assessments), bias and fairness evaluation across protected attributes, explainability infrastructure (SHAP, LIME, counterfactual explanations), human-in-the-loop design for automated decisions, audit trail systems, and ongoing model monitoring for drift and performance degradation. A focused AI governance engagement for one deployed model typically runs $15,000 to $40,000 and takes 4 to 8 weeks.
Trusted by
An AI system that makes consequential decisions without an audit trail is a liability. Not because regulators will always ask — because when they do, or when a decision is challenged, you need the evidence that the system worked as designed.
Governance is not a documentation exercise. It's the technical infrastructure that makes a model's behaviour verifiable: explainability that works on real cases, bias evaluation against your actual data, override paths that function under production load, and monitoring that catches performance degradation before it creates legal exposure.
Capabilities
Model cards covering the complete governance picture for each AI system: the intended use case and out-of-scope applications, training data sources and preprocessing decisions, evaluation methodology and performance metrics across population segments, known limitations and failure modes, and recommended human oversight requirements. Risk tiering based on decision impact: systems making consequential individual decisions (credit, hiring, medical) assessed at the highest tier with the most stringent documentation and monitoring requirements. EU AI Act conformity assessment preparation for systems that fall into the high-risk category under the Act's annex. Model risk management documentation following SR 11-7 (US Federal Reserve) and PRA SS1/23 (UK Prudential Regulation Authority) frameworks for financial services deployments.
Evaluation of model performance across protected attributes: gender, race, ethnicity, age, disability status, geographic proxy variables, and any domain-specific sensitive attributes relevant to your use case. Metrics computed per segment: accuracy, false positive rate, false negative rate, precision, recall, and calibration — not just aggregate performance. Disparate impact analysis identifying where the model produces materially different outcomes for specific groups after controlling for legitimate predictive factors. Counterfactual testing: what would the model predict if only the protected attribute changed while all other features stayed constant. Bias mitigation options assessed (reweighting, adversarial debiasing, post-processing threshold adjustment) with the trade-offs between fairness metrics and model accuracy documented honestly.
SHAP (SHapley Additive exPlanations) implementation for feature attribution at both the global level (which features drive predictions across the population) and the instance level (which features drove this specific decision). LIME (Local Interpretable Model-agnostic Explanations) for local approximations where SHAP is computationally prohibitive. Counterfactual explanations: the minimum change to input features that would flip the model's decision — directly applicable to adverse action notice requirements in lending. Natural-language explanation generation for non-technical audiences: converting feature attribution outputs into human-readable reason codes ("Application declined primarily due to recent delinquency and high credit utilisation"). Explanation endpoints integrated into your application so explanations are generated at inference time, not retroactively.
Immutable audit log capturing every model inference: input features, model version, prediction output, confidence score, any explanation generated, and whether the decision was reviewed or overridden by a human. Retention policies aligned to your regulatory requirements — GDPR requires the ability to respond to data subject access requests that include AI decision explanations; financial services regulations typically require 5+ years of model decision records. Tamper-evident log storage using append-only database configurations or cryptographic hashing of log records. Query interface for compliance and legal teams to retrieve decisions for specific individuals, time periods, or outcome types without developer involvement. Scheduled compliance reports summarising decision volumes, override rates, and performance metrics per population segment.
Design and build of human review queues for automated decisions that require oversight. Review interface showing the reviewing human: the model recommendation, confidence score, feature attribution (which factors drove the decision), the case data in a structured view, and the relevant policy or threshold context. Override recording with mandatory reason capture — every human override logged with the reviewer identity, timestamp, and stated reason. Escalation paths for cases where the reviewer is uncertain (escalate to senior reviewer, flag for policy clarification, defer pending additional information). Reviewer performance tracking: override rate by reviewer, agreement rate between reviewers on the same cases, and time to decision — for quality monitoring and retraining signal collection.
Continuous monitoring of deployed models for performance degradation, data drift, and concept drift. Performance monitoring: accuracy, precision, recall, and segment-level metrics tracked against the baseline established at deployment, with alerts when metrics cross defined thresholds. Data drift detection using Population Stability Index (PSI) and Kolmogorov-Smirnov tests on input feature distributions — a shift in the distribution of inputs reaching the model signals that production data no longer matches training data. Concept drift detection: monitoring whether the relationship between inputs and correct outputs has changed, which happens when the world changes and the model's patterns become stale. Automated retraining triggers with human approval gates — the monitoring system flags drift, the technical team assesses severity, and retraining is initiated with sign-off rather than automatically.
Tell us what the model does, who it affects, and what regulatory requirements apply. We'll scope a governance engagement that gives your legal and compliance team what they need.
AI Consulting
Use case assessment and feasibility evaluation before any AI build begins.
AI Development
Building the AI systems that this governance infrastructure is designed for.
MLOps
Production ML infrastructure including model serving, monitoring, and retraining pipelines.
Compliance Automation
Automating the compliance workflows that AI governance requirements generate.
Data Engineering
The data infrastructure that makes bias evaluation and audit logging possible.
AI governance is the set of policies, processes, and technical controls that ensure AI systems behave as intended, can be audited and challenged, and comply with applicable regulations. In practice: documenting how a model was built and what it was trained on, evaluating whether it produces biased outcomes for specific groups, building the infrastructure to explain individual decisions, designing human override paths for automated decisions that affect people, and monitoring the model in production for performance changes that could indicate data drift or unexpected behaviour. Governance is what separates an AI system that can be defended to a regulator from one that cannot.
Governance requirements are highest for AI systems that make or influence consequential decisions about people: credit scoring and lending decisions, insurance underwriting and claims assessment, candidate screening and hiring recommendations, pricing decisions that vary by customer attribute, content moderation, medical diagnosis support, and benefit eligibility determinations. Regulatory requirements vary by jurisdiction and industry — GDPR's automated decision-making rules (Article 22), the EU AI Act's risk tiers, financial services model risk management guidelines (SR 11-7 in the US, PRA SS1/23 in the UK), and sector-specific rules in healthcare and insurance. We help you understand which rules apply to your specific use case before scoping the governance work.
A model card is a standardised document that describes a machine learning model: what it does, what data it was trained on, how it was evaluated, its performance across different population segments, its intended use cases, and its known limitations. Model cards originated at Google and are now a standard component of responsible AI deployment. You need one whenever a model makes decisions that could affect people differently based on protected characteristics, or whenever you need to demonstrate to a regulator, auditor, or customer that your AI system was built and tested responsibly. We produce model cards as a deliverable of the governance engagement, not as documentation produced after the fact.
Bias evaluation covers three stages. First, dataset analysis: examining the training data for representation imbalances across protected attributes (gender, race, age, disability status, geography) that could produce systematically different outcomes for different groups. Second, model evaluation: measuring performance metrics (accuracy, false positive rate, false negative rate) separately for each protected group and identifying where the model performs materially worse for specific segments. Third, outcome analysis: for deployed models, analysing whether actual decisions differ systematically by protected attribute after controlling for legitimate predictive factors. The specific fairness metrics used depend on the use case — equalised odds, demographic parity, and calibration each capture different notions of fairness, and the right metric depends on what discrimination would mean in your context.
A focused governance engagement for one deployed model — model card, bias evaluation across key protected attributes, SHAP-based explainability report, and an audit trail design — typically runs $15,000--$40,000 and takes 4--8 weeks. A comprehensive governance programme covering multiple models, ongoing monitoring, a governance policy framework, and regulatory mapping typically runs $40,000--$100,000. We scope after a call to understand which models are in scope, what regulatory requirements apply, and what governance documentation you already have.
AI explainability means being able to produce a human-readable reason for a specific model decision. At the instance level: 'This application was declined because the debt-to-income ratio (35% vs 28% threshold) and 24-month payment history were the two factors with the largest negative influence.' At the model level: a summary of which features drive predictions across the population. Explainability is technically required under GDPR Article 22 for fully automated decisions that have legal or similarly significant effects, under the EU AI Act for high-risk AI systems, and under financial services model risk guidelines. Practically, it's required whenever a human needs to review, challenge, or override an AI decision. We implement SHAP (SHapley Additive exPlanations) for feature attribution, LIME for local approximations, and counterfactual explanations ('What would need to change for this decision to be different?') depending on the model type and the explanation audience.
Human-in-the-loop (HITL) design defines the conditions under which automated decisions are reviewed by a human before being acted on. The design covers: which decision categories require human review (borderline confidence scores, protected attribute flags, high-value cases), what information the reviewer sees (the model's recommendation, the confidence level, the feature attribution, the case data), what actions the reviewer can take (approve, override, escalate), and how the review decision is recorded (for audit trail and for model retraining). We design and build the review queue interface, the case presentation, and the override logging — not just the policy document.
Work with us
We scope AI Governance Services in 30 minutes. You walk away with a clear cost, timeline, and approach. No commitment required.