{
  "name": "enterpriseai.tools tools dataset",
  "description": "Source-backed governance posture for every tracked enterprise AI tool. Each record carries data residency, deployment model, audit logging, SOC 2 / ISO 27001 / ISO 42001, EU AI Act role, and license risk with a primary source URL on every asserted claim.",
  "datasetLicense": "MIT",
  "datasetLicenseNote": "Publication licence for this dataset file. Each record's own licence is in its `license` field.",
  "source": "https://www.enterpriseai.tools",
  "generatedAt": "2026-07-11",
  "count": 48,
  "tools": [
    {
      "id": "microsoft-foundry-agent-service",
      "name": "Microsoft Foundry Agent Service",
      "category": "agents",
      "type": "vendor",
      "vendor": "Microsoft",
      "description": "Fully managed agent platform with deep Microsoft 365 integration and broad model access.",
      "strengths": [
        "One-click Teams and M365 deployment",
        "Supports MCP, A2A, and OpenAPI",
        "Access to 11,000+ models"
      ],
      "clouds": [
        "azure"
      ],
      "license": "Proprietary",
      "docsUrl": "https://learn.microsoft.com/azure/ai-foundry/",
      "websiteUrl": "https://azure.microsoft.com/en-us/products/ai-foundry/",
      "pricing": "Free platform access; pay for tokens and tools.",
      "pricingModel": "paid",
      "languages": [
        "Python",
        "C#",
        "JavaScript",
        "TypeScript",
        "Java"
      ],
      "status": "active",
      "tags": [
        "agents",
        "azure",
        "mcp",
        "a2a",
        "managed"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Microsoft Foundry product image/logo asset reused for Foundry Agent Service. Microsoft has a dedicated Agent Service product page, but the public visual identity still appears to reuse the broader Foundry branding rather than expose a distinct standalone mark.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Best fit when agent delivery needs to stay close to Azure, M365, and enterprise identity controls rather than a standalone framework stack.",
      "logoUrl": "/logos/microsoft-foundry.jpg",
      "logoSourceUrl": "https://azure.microsoft.com/en-us/products/ai-agent-service/",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "EU Data Zone pins prompts/responses to EU; Global Standard may cross region.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/deployment-types"
        },
        "deployment": {
          "status": "yes",
          "detail": "Managed SaaS on Azure; Foundry Local enables on-device/on-prem.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/ai-foundry/agents/overview",
          "models": [
            "saas",
            "on-prem"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Audit/RequestResponse/Trace diagnostic logs to Azure Monitor / Log Analytics.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/ai-foundry/agents/how-to/metrics"
        },
        "soc2": {
          "status": "yes",
          "detail": "Azure SOC 2 Type II (semi-annual) covers AI Foundry.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-2"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Covered by Microsoft Azure ISO/IEC 27001 certification.",
          "sourceUrl": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-27001"
        },
        "iso42001": {
          "status": "yes",
          "detail": "Microsoft Foundry is listed in scope for ISO/IEC 42001:2023.",
          "sourceUrl": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001"
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Agent hosting surface; GPAI obligations attach to the underlying model providers and the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary Azure SaaS; moderate ecosystem lock-in.",
          "sourceUrl": "https://azure.microsoft.com/en-us/products/ai-agent-service/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "aws-bedrock-agents",
      "name": "Amazon Bedrock Agents",
      "category": "agents",
      "type": "vendor",
      "vendor": "AWS",
      "description": "Modular AWS agent platform combining guided Bedrock Agents with framework-agnostic AgentCore deployment.",
      "strengths": [
        "Framework-agnostic deployment via AgentCore",
        "MicroVM isolation model",
        "Deep AWS integration"
      ],
      "clouds": [
        "aws"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.aws.amazon.com/bedrock/",
      "websiteUrl": "https://aws.amazon.com/bedrock/agents/",
      "pricing": "Pay-per-use for Bedrock and AgentCore features.",
      "pricingModel": "paid",
      "languages": [
        "Python",
        "JavaScript",
        "Java",
        "Go",
        ".NET"
      ],
      "status": "active",
      "tags": [
        "agents",
        "aws",
        "managed",
        "agentcore"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official AWS architecture icon for Amazon Bedrock (`Arch_Amazon-Bedrock_64.svg` from the AWS Architecture Icons pack), intentionally reused for Bedrock Agents because AWS currently presents Agents as a Bedrock capability rather than with a separate public icon.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Strong choice for AWS-centric teams that want managed agent primitives and infrastructure alignment without standardising on one open source framework.",
      "logoUrl": "/logos/aws-bedrock.svg",
      "logoSourceUrl": "https://aws.amazon.com/architecture/icons/",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Region-selected; cross-region inference stays within the chosen geography (US/EU/JP/AU).",
          "sourceUrl": "https://docs.aws.amazon.com/bedrock/latest/userguide/geographic-cross-region-inference.html"
        },
        "deployment": {
          "status": "yes",
          "detail": "Fully managed AWS SaaS; AgentCore runtime is AWS-operated.",
          "sourceUrl": "https://aws.amazon.com/bedrock/agents/",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "CloudTrail logs all API activity; CloudWatch metrics; optional S3/CloudWatch storage.",
          "sourceUrl": "https://aws.amazon.com/bedrock/security-compliance/"
        },
        "soc2": {
          "status": "yes",
          "detail": "Amazon Bedrock is in scope for AWS SOC 1/2/3 (Type II via AWS Artifact).",
          "sourceUrl": "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/compliance-validation.html"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Amazon Bedrock is ISO/IEC 27001 certified.",
          "sourceUrl": "https://aws.amazon.com/compliance/iso-certified/"
        },
        "iso42001": {
          "status": "yes",
          "detail": "Amazon Bedrock is one of four AWS services in accredited ISO/IEC 42001:2023 scope.",
          "sourceUrl": "https://aws.amazon.com/blogs/machine-learning/aws-achieves-iso-iec-420012023-artificial-intelligence-management-system-accredited-certification/"
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Agent orchestration platform; GPAI obligations attach to model providers and the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary AWS SaaS; lock-in to AWS model catalog and AgentCore runtime.",
          "sourceUrl": "https://aws.amazon.com/bedrock/agents/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "google-agent-builder-adk",
      "name": "Google Agent Builder + ADK",
      "category": "agents",
      "type": "vendor",
      "vendor": "Google",
      "description": "Open platform pairing the Agent Development Kit with managed agent services on Vertex AI.",
      "strengths": [
        "Open-source ADK",
        "Google Search grounding",
        "MCP, A2A, and OpenAPI support"
      ],
      "clouds": [
        "gcp"
      ],
      "license": "Proprietary service + open source SDK",
      "docsUrl": "https://docs.cloud.google.com/agent-builder/overview",
      "websiteUrl": "https://cloud.google.com/vertex-ai",
      "pricing": "Pay-per-use on Vertex AI.",
      "pricingModel": "paid",
      "languages": [
        "Python",
        "Java",
        "Go",
        "TypeScript"
      ],
      "status": "active",
      "tags": [
        "agents",
        "gcp",
        "vertex-ai",
        "adk"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Google Cloud Vertex AI icon from the Google Cloud icon library, intentionally reused for Agent Builder + ADK because Google positions the managed agent surface inside Vertex AI / Gemini Enterprise Agent Platform rather than with a separate public icon entry.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Useful when Vertex AI, search, and Google-first app surfaces matter, but maturity and enterprise standardisation still need close validation.",
      "logoUrl": "/logos/google-vertex-ai.svg",
      "logoSourceUrl": "https://cloud.google.com/icons",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "US/EU multi-region controls (CMEK, VPC-SC); not all features single-region. ADK self-hosted is customer-controlled.",
          "sourceUrl": "https://docs.cloud.google.com/generative-ai-app-builder/docs/compliance-security-controls"
        },
        "deployment": {
          "status": "yes",
          "detail": "Managed Agent Builder on Vertex AI (SaaS); ADK is an Apache-2.0 SDK deployable anywhere.",
          "sourceUrl": "https://cloud.google.com/products/agent-builder",
          "models": [
            "saas",
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Cloud Audit Logs record admin/data operations; Agent Engine supports Cloud Logging/Trace.",
          "sourceUrl": "https://docs.cloud.google.com/generative-ai-app-builder/docs/audit-logging"
        },
        "soc2": {
          "status": "yes",
          "detail": "Google Cloud / Vertex AI holds SOC 1/2/3.",
          "sourceUrl": "https://docs.cloud.google.com/generative-ai-app-builder/docs/compliance-security-controls"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Holds ISO 27001/27017/27018/27701.",
          "sourceUrl": "https://docs.cloud.google.com/generative-ai-app-builder/docs/compliance-security-controls"
        },
        "iso42001": {
          "status": "partial",
          "detail": "Google Cloud holds ISO/IEC 42001 broadly; Agent Builder not individually enumerated in the public scope.",
          "sourceUrl": "https://cloud.google.com/blog/products/identity-security/google-clouds-commitment-to-responsible-ai-is-now-iso-iec-certified"
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Agent orchestration platform/SDK; GPAI obligations attach to Google as model provider and to deployers."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Managed layer proprietary (Vertex AI); ADK is Apache-2.0. Blended medium.",
          "sourceUrl": "https://github.com/google/adk-python/blob/main/LICENSE",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "databricks-mosaic-ai-agent-framework",
      "name": "Databricks Mosaic AI Agent Framework",
      "category": "agents",
      "type": "vendor",
      "vendor": "Databricks",
      "description": "Databricks-native agent stack combining managed tools, MCP connectivity, retrieval, and MLflow-backed evaluation.",
      "strengths": [
        "Managed MCP servers for Databricks data",
        "Vector Search and Unity Catalog integration",
        "MLflow tracing, evaluation, and monitoring"
      ],
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.databricks.com/aws/en/agents/gen-ai-capabilities",
      "websiteUrl": "https://www.databricks.com/product/ai",
      "pricing": "Databricks platform consumption; feature-specific pricing depends on serving, storage, and compute.",
      "pricingModel": "paid",
      "languages": [
        "Python",
        "SQL"
      ],
      "status": "active",
      "tags": [
        "agents",
        "databricks",
        "mcp",
        "mlflow",
        "managed"
      ],
      "logoKind": "official-vendor",
      "logoNotes": "Official Databricks wordmark reused across Databricks product entries because the public Databricks brand portal exposes the vendor lockup, while these specific product pages do not expose distinct standalone product marks.",
      "logoReviewedAt": "2026-05-24",
      "logoUrl": "/logos/databricks.png",
      "logoSourceUrl": "https://brand.databricks.com/databricks-logo",
      "practitionerNote": "Best fit when agent delivery needs to stay close to Databricks-native data, governed tools, and evaluation workflows rather than a general-purpose app stack.",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Databricks Geos enforce per-region residency; data not stored outside the workspace Geo.",
          "sourceUrl": "https://docs.databricks.com/aws/en/resources/databricks-geos"
        },
        "deployment": {
          "status": "yes",
          "detail": "Managed Databricks platform on AWS/Azure/GCP; no standalone self-hosted offering.",
          "sourceUrl": "https://docs.databricks.com/aws/en/resources/supported-regions",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Audit log system tables capture hundreds of workspace/account action types.",
          "sourceUrl": "https://docs.databricks.com/aws/en/admin/account-settings/audit-logs.html"
        },
        "soc2": {
          "status": "yes",
          "detail": "Databricks SOC 2 Type II across AWS/Azure/GCP, refreshed three times yearly.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/soc"
        },
        "iso27001": {
          "status": "yes",
          "detail": "ISO/IEC 27001:2022 certified across all three clouds.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/iso-27001"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "No public ISO 42001 certification listed on the Databricks trust pages as of 2026-05."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer toolset on a data platform; deployer carries obligations for systems built with it."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; lock-in to Unity Catalog / Vector Search / MLflow stack.",
          "sourceUrl": "https://www.databricks.com/product/ai",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "crewai",
      "name": "CrewAI",
      "category": "agents",
      "type": "opensource",
      "vendor": "crewAI Inc.",
      "description": "Open source multi-agent framework focused on autonomous teams and task coordination.",
      "strengths": [
        "Large community ecosystem",
        "Crew-based task coordination",
        "Built for multi-agent coordination"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/crewAIInc/crewAI",
      "githubStars": 55331,
      "version": "1.15.2",
      "docsUrl": "https://docs.crewai.com/",
      "pricingModel": "free",
      "status": "active",
      "tags": [
        "agents",
        "opensource",
        "framework"
      ],
      "logoUrl": "/logos/crewai.svg",
      "logoKind": "project-logo",
      "logoSourceUrl": "https://crewai.com/brand",
      "logoNotes": "Official CrewAI primary logo asset from the CrewAI brand resource center (`Logo.svg`).",
      "logoReviewedAt": "2026-05-12",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Good for fast multi-agent prototypes, but larger regulated deployments usually need extra guardrails around observability, change control, and execution boundaries.",
      "lastRelease": "2026-07-08",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; data residency is fully operator-controlled.",
          "sourceUrl": "https://github.com/crewAIInc/crewAI"
        },
        "deployment": {
          "status": "yes",
          "detail": "pip-installed OSS framework; runs on operator infrastructure (managed cloud sold separately).",
          "sourceUrl": "https://github.com/crewAIInc/crewAI",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "No built-in audit subsystem; operators add logging via standard tooling/integrations.",
          "sourceUrl": "https://docs.crewai.com/"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://raw.githubusercontent.com/crewAIInc/crewAI/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "autogen",
      "name": "AutoGen",
      "category": "agents",
      "type": "opensource",
      "vendor": "Microsoft",
      "description": "Multi-agent framework from Microsoft now in maintenance mode after Agent Framework consolidation.",
      "strengths": [
        "Conversable agent patterns",
        "Microsoft research lineage",
        "Well-known multi-agent patterns"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/microsoft/autogen",
      "githubStars": 59647,
      "version": "0.7.5",
      "docsUrl": "https://microsoft.github.io/autogen/",
      "pricingModel": "free",
      "status": "maintenance",
      "statusNote": "Maintenance mode. Microsoft merged AutoGen with Semantic Kernel into the Microsoft Agent Framework.",
      "tags": [
        "agents",
        "opensource",
        "microsoft",
        "maintenance"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official AutoGen logo asset from the owner-controlled microsoft/autogen repo (`python/docs/src/_static/images/logo/logo.svg`).",
      "logoReviewedAt": "2026-05-14",
      "logoSourceUrl": "https://github.com/microsoft/autogen",
      "logoUrl": "/logos/autogen.svg",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Flexible for research-heavy agent patterns, though teams normally need to add stronger production discipline around orchestration and runtime governance.",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; data residency is operator-controlled.",
          "sourceUrl": "https://github.com/microsoft/autogen"
        },
        "deployment": {
          "status": "yes",
          "detail": "pip-installed OSS framework; no Microsoft-managed hosting (maintenance mode).",
          "sourceUrl": "https://github.com/microsoft/autogen",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "No built-in audit subsystem; operator implements logging.",
          "sourceUrl": "https://microsoft.github.io/autogen/"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Code MIT (docs CC BY 4.0) — permissive, OSI-approved.",
          "sourceUrl": "https://github.com/microsoft/autogen/blob/main/LICENSE-CODE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "llamaindex",
      "name": "LlamaIndex",
      "category": "agents",
      "type": "opensource",
      "vendor": "LlamaIndex Inc.",
      "description": "Agent and retrieval framework with strong indexing, data connectors, and orchestration support.",
      "strengths": [
        "Strong retrieval tooling",
        "Rich data connectors",
        "Large ecosystem"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/run-llama/llama_index",
      "githubStars": 50780,
      "version": "0.14.23",
      "docsUrl": "https://docs.llamaindex.ai/",
      "pricingModel": "free",
      "status": "active",
      "tags": [
        "agents",
        "rag",
        "opensource"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official LlamaIndex brand asset from the LlamaIndex brand guidelines page (`llamaindex-wordmark-black.svg`).",
      "logoReviewedAt": "2026-05-12",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Often a pragmatic fit when retrieval and data connectors matter as much as agent logic, especially for knowledge-heavy enterprise workflows.",
      "logoSourceUrl": "https://www.llamaindex.ai/brand",
      "logoUrl": "/logos/llamaindex.svg",
      "lastRelease": "2026-06-24",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; operator controls data placement.",
          "sourceUrl": "https://github.com/run-llama/llama_index"
        },
        "deployment": {
          "status": "yes",
          "detail": "pip-installed OSS framework; no managed hosting for the library.",
          "sourceUrl": "https://github.com/run-llama/llama_index",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "No native audit log; tracing/callback integrations available, operator-configured.",
          "sourceUrl": "https://docs.llamaindex.ai/"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://raw.githubusercontent.com/run-llama/llama_index/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "semantic-kernel",
      "name": "Semantic Kernel",
      "category": "agents",
      "type": "opensource",
      "vendor": "Microsoft",
      "description": "Microsoft orchestration SDK evolving into the unified Microsoft Agent Framework direction.",
      "strengths": [
        "Broad language support",
        "Plugin and memory abstractions",
        "Strong Microsoft ecosystem fit"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/microsoft/semantic-kernel",
      "githubStars": 28293,
      "version": "1.44.0",
      "docsUrl": "https://learn.microsoft.com/semantic-kernel/",
      "pricingModel": "free",
      "status": "active",
      "statusNote": "Evolving into the Microsoft Agent Framework.",
      "tags": [
        "agents",
        "microsoft",
        "opensource"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official Semantic Kernel logo asset from the owner-controlled microsoft/semantic-kernel repo (`docs/images/sk_logo.png`).",
      "logoReviewedAt": "2026-05-14",
      "logoSourceUrl": "https://github.com/microsoft/semantic-kernel",
      "logoUrl": "/logos/semantic-kernel.png",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Natural fit for Microsoft-leaning engineering teams that want code-first orchestration with .NET and enterprise integration paths.",
      "lastRelease": "2026-07-07",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted SDK; data residency is operator-determined.",
          "sourceUrl": "https://github.com/microsoft/semantic-kernel"
        },
        "deployment": {
          "status": "yes",
          "detail": "Library/SDK via package manager; no managed hosting.",
          "sourceUrl": "https://github.com/microsoft/semantic-kernel",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "OpenTelemetry integration documented but operator-configured; no built-in audit log.",
          "sourceUrl": "https://learn.microsoft.com/semantic-kernel/"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://raw.githubusercontent.com/microsoft/semantic-kernel/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "microsoft-agent-framework",
      "name": "Microsoft Agent Framework",
      "category": "agents",
      "type": "opensource",
      "vendor": "Microsoft",
      "description": "Microsoft's new multi-language agent framework for building, orchestrating, and deploying agent workflows.",
      "strengths": [
        "Multi-language SDKs",
        "Python and .NET support",
        "Graph-based workflows and DevUI"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/microsoft/agent-framework",
      "githubStars": 12023,
      "version": "1.13.0",
      "lastRelease": "2026-07-10",
      "docsUrl": "https://learn.microsoft.com/en-us/agent-framework/",
      "pricingModel": "free",
      "status": "active",
      "statusNote": "Microsoft positions Agent Framework as the migration target for Semantic Kernel and AutoGen users.",
      "tags": [
        "agents",
        "microsoft",
        "opensource",
        "framework"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official Microsoft Agent Framework logo asset from the owner-controlled microsoft/agent-framework repo (`python/packages/devui/frontend/public/agentframework.svg`), committed byte-for-byte.",
      "logoReviewedAt": "2026-05-15",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "languages": [
        "Python",
        "C#",
        ".NET"
      ],
      "practitionerNote": "Worth watching for teams standardising on Microsoft agent patterns, but adoption should still be treated as early and architecture-led.",
      "logoUrl": "/logos/microsoft-agent-framework.svg",
      "logoSourceUrl": "https://github.com/microsoft/agent-framework",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted framework; data residency is operator-determined.",
          "sourceUrl": "https://github.com/microsoft/agent-framework"
        },
        "deployment": {
          "status": "yes",
          "detail": "Library via package manager (Python/NuGet); no managed hosting.",
          "sourceUrl": "https://github.com/microsoft/agent-framework",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "DevUI tracing for local dev; production logging operator-configured.",
          "sourceUrl": "https://learn.microsoft.com/en-us/agent-framework/"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://raw.githubusercontent.com/microsoft/agent-framework/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "langgraph",
      "name": "LangGraph",
      "category": "agents",
      "type": "opensource",
      "vendor": "LangChain",
      "description": "Stateful agent orchestration framework with graph-based execution and durable workflows.",
      "strengths": [
        "Popular graph abstraction",
        "Strong agent workflow patterns",
        "LangChain ecosystem fit"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/langchain-ai/langgraph",
      "githubStars": 37008,
      "version": "1.2.9",
      "docsUrl": "https://langchain-ai.github.io/langgraph/",
      "pricingModel": "freemium",
      "status": "active",
      "tags": [
        "agents",
        "graph"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official LangGraph logo asset from the owner-controlled langchain-ai/langgraph repo (`.github/images/logo-light.svg`).",
      "logoReviewedAt": "2026-05-13",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Strong option when teams want explicit stateful control over agent flows instead of opaque black-box autonomy.",
      "logoUrl": "/logos/langgraph.svg",
      "logoSourceUrl": "https://github.com/langchain-ai/langgraph",
      "lastRelease": "2026-07-10",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; operator controls placement (LangSmith cloud has separate terms).",
          "sourceUrl": "https://github.com/langchain-ai/langgraph"
        },
        "deployment": {
          "status": "yes",
          "detail": "OSS library (self-hosted); LangGraph Cloud via LangSmith is an optional SaaS.",
          "sourceUrl": "https://github.com/langchain-ai/langgraph",
          "models": [
            "self-hosted",
            "saas"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "No built-in audit log; tracing via LangSmith (separate service); operator implements logging.",
          "sourceUrl": "https://langchain-ai.github.io/langgraph/"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://raw.githubusercontent.com/langchain-ai/langgraph/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "mastra",
      "name": "Mastra",
      "category": "agents",
      "type": "opensource",
      "vendor": "Mastra AI",
      "description": "Agent framework focused on composable workflows, tooling, and modern developer ergonomics.",
      "strengths": [
        "Apache 2.0 plus enterprise path",
        "Fast growth",
        "Modern DX"
      ],
      "license": "Apache 2.0 core + EE paths",
      "licenseHistory": [
        {
          "date": "2026-03-03",
          "fromLicense": "Apache 2.0",
          "toLicense": "Apache 2.0 core + EE paths",
          "direction": "restrictive",
          "sourceUrl": "https://github.com/mastra-ai/mastra/pull/13163",
          "sourceTitle": "mastra PR #13163: auth core, server RBAC, and adapter permission enforcement",
          "notes": "Introduced ee/ directories under the source-available Mastra Enterprise License; the core remains Apache 2.0. Origin of the current dual-license state."
        }
      ],
      "githubUrl": "https://github.com/mastra-ai/mastra",
      "githubStars": 26033,
      "version": "1.50.0",
      "docsUrl": "https://mastra.ai/docs",
      "pricingModel": "free",
      "status": "active",
      "tags": [
        "agents",
        "opensource",
        "framework"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official Mastra homepage/brand asset (`/brand/mastra-logo-wordmark.png`) from the owner-controlled site; the public rebrand post confirms this is the current logo system.",
      "logoReviewedAt": "2026-05-12",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "licenseWarning": "Mastra uses a dual-license model: most of the repo is Apache 2.0, while code under ee/ directories uses the Mastra Enterprise License.",
      "practitionerNote": "Promising TypeScript-first framework for product teams that want modern developer ergonomics, but enterprise proof points are still earlier than older stacks.",
      "logoSourceUrl": "https://mastra.ai/",
      "logoUrl": "/logos/mastra.png",
      "lastRelease": "2026-07-08",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted framework; operator controls placement.",
          "sourceUrl": "https://github.com/mastra-ai/mastra"
        },
        "deployment": {
          "status": "yes",
          "detail": "npm-installed framework; no managed hosting for the OSS core.",
          "sourceUrl": "https://github.com/mastra-ai/mastra",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "No built-in enterprise audit log; observability integrations, operator-configured.",
          "sourceUrl": "https://mastra.ai/docs"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Apache-2.0 core; ee/ paths under a proprietary Mastra Enterprise License (source-available).",
          "sourceUrl": "https://github.com/mastra-ai/mastra/blob/main/ee/LICENSE",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "openai-agents-sdk",
      "name": "OpenAI Agents SDK",
      "category": "agents",
      "type": "opensource",
      "vendor": "OpenAI",
      "description": "Production successor to Swarm for agentic OpenAI workflows with broader model support.",
      "strengths": [
        "Hosted tracing support",
        "Production successor to Swarm",
        "Handoffs and tool orchestration"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/openai/openai-agents-python",
      "githubStars": 27802,
      "version": "0.18.2",
      "docsUrl": "https://openai.github.io/openai-agents-python/",
      "pricingModel": "free",
      "status": "active",
      "statusNote": "OpenAI Swarm was replaced by the Agents SDK.",
      "tags": [
        "agents",
        "openai",
        "sdk"
      ],
      "logoKind": "service-icon",
      "logoNotes": "OpenAI does not expose a standalone public Agents SDK logo on the official guide page; this uses the owner-controlled OpenAI developer favicon (`/favicon.svg`) as a compact service icon for the SDK surface rather than claiming a separate canonical vendor wordmark.",
      "logoReviewedAt": "2026-05-15",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Fast path for OpenAI-centric agent builds, though portability and provider concentration should be weighed before making it a platform default.",
      "lastRelease": "2026-07-11",
      "logoUrl": "/logos/openai.svg",
      "logoSourceUrl": "https://developers.openai.com/api/docs/guides/agents",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Library is self-hosted, but built-in tracing sends run data to OpenAI's platform unless disabled.",
          "sourceUrl": "https://openai.github.io/openai-agents-python/"
        },
        "deployment": {
          "status": "yes",
          "detail": "pip-installed SDK (self-hosted); API calls go to OpenAI's hosted endpoints.",
          "sourceUrl": "https://github.com/openai/openai-agents-python",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "Hosted tracing logs runs to OpenAI's platform; self-hosted logging is operator-implemented.",
          "sourceUrl": "https://openai.github.io/openai-agents-python/"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://raw.githubusercontent.com/openai/openai-agents-python/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "atomic-agents",
      "name": "Atomic Agents",
      "category": "agents",
      "type": "opensource",
      "vendor": "BrainBlend AI",
      "description": "Minimalist agent framework emphasizing composability and predictable building blocks.",
      "strengths": [
        "Schema-first building blocks",
        "Composable design",
        "Focused API surface"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/Eigenwise/atomic-agents",
      "githubStars": 6033,
      "version": "2.9.0",
      "docsUrl": "https://brainblend-ai.github.io/atomic-agents/",
      "pricingModel": "free",
      "status": "active",
      "tags": [
        "agents",
        "opensource"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official Atomic Agents logo asset from the owner-controlled Eigenwise/atomic-agents repo (`.assets/logo.png`), committed here as an optimized downscaled copy for badge use.",
      "logoReviewedAt": "2026-05-13",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Best suited to teams that want minimal abstractions and tight control, not large batteries-included enterprise workflow tooling.",
      "logoUrl": "/logos/atomic-agents.png",
      "logoSourceUrl": "https://github.com/Eigenwise/atomic-agents",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; operator controls placement.",
          "sourceUrl": "https://github.com/Eigenwise/atomic-agents"
        },
        "deployment": {
          "status": "yes",
          "detail": "pip-installed OSS framework; no managed hosting.",
          "sourceUrl": "https://github.com/Eigenwise/atomic-agents",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "Minimalist design; observability is intentionally operator-configured.",
          "sourceUrl": "https://brainblend-ai.github.io/atomic-agents/"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://raw.githubusercontent.com/Eigenwise/atomic-agents/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      },
      "lastRelease": "2026-07-09"
    },
    {
      "id": "beeai-framework",
      "name": "BeeAI Framework",
      "category": "agents",
      "type": "opensource",
      "vendor": "Linux Foundation",
      "description": "Open agent framework formerly known as Bee Agent Framework, now under Linux Foundation governance.",
      "strengths": [
        "Linux Foundation governance",
        "Agent-oriented framework primitives",
        "IBM/BeeAI lineage"
      ],
      "license": "Apache 2.0",
      "githubUrl": "https://github.com/i-am-bee/beeai-framework",
      "githubStars": 3313,
      "version": "0.1.81",
      "docsUrl": "https://framework.beeai.dev/introduction/welcome",
      "pricingModel": "free",
      "status": "active",
      "statusNote": "Renamed from Bee Agent Framework; governance moved from IBM to Linux Foundation.",
      "tags": [
        "agents",
        "opensource",
        "linux-foundation"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official BeeAI Framework docs-site logo asset (`beeai-framework-light.svg`) served from the owner-controlled Mintlify CDN.",
      "logoReviewedAt": "2026-05-12",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Interesting IBM-backed open framework for governed agent patterns, but most teams should still validate ecosystem depth before broad standardisation.",
      "logoSourceUrl": "https://framework.beeai.dev/",
      "logoUrl": "/logos/beeai-framework.svg",
      "lastRelease": "2026-05-28",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; operator controls placement.",
          "sourceUrl": "https://github.com/i-am-bee/beeai-framework"
        },
        "deployment": {
          "status": "yes",
          "detail": "npm/pip-installed framework under Linux Foundation governance; no managed hosting.",
          "sourceUrl": "https://github.com/i-am-bee/beeai-framework",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "No built-in audit log; operator-configured logging.",
          "sourceUrl": "https://framework.beeai.dev/introduction/welcome"
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; SOC 2 applies to the operator's infrastructure, not the package."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 27001 applies to the operator's ISMS, not the package."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; ISO 42001 applies to the deploying organisation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Developer component, not an AI system placed on the market; obligations rest with the deployer."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Apache-2.0 — permissive, OSI-approved.",
          "sourceUrl": "https://github.com/i-am-bee/beeai-framework/blob/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "azure-logic-apps",
      "name": "Azure Logic Apps",
      "category": "orchestration",
      "type": "vendor",
      "vendor": "Microsoft",
      "description": "iPaaS workflow automation service with AI-enhanced orchestration and broad connector coverage.",
      "strengths": [
        "1,400+ connectors",
        "Strong Azure integration",
        "Flexible hosting modes"
      ],
      "clouds": [
        "azure"
      ],
      "license": "Proprietary",
      "docsUrl": "https://learn.microsoft.com/azure/logic-apps/",
      "websiteUrl": "https://azure.microsoft.com/en-us/products/logic-apps/",
      "pricing": "Pay-per-action or Standard hosting.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "orchestration",
        "azure",
        "workflow"
      ],
      "logoUrl": "/logos/azure-logic-apps.svg",
      "logoKind": "service-icon",
      "logoSourceUrl": "https://learn.microsoft.com/en-us/azure/architecture/icons/",
      "logoNotes": "Official Microsoft Azure architecture/service icon from Azure_Public_Service_Icons_V23.",
      "logoReviewedAt": "2026-04-19",
      "practitionerNote": "Best when the core problem is governed enterprise workflow automation with Azure connectors, not frontier agent behaviour or open-ended autonomy.",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Standard/ASE v3 keep data in-region; Consumption uses paired-region replication.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-overview"
        },
        "deployment": {
          "status": "yes",
          "detail": "Consumption (multi-tenant), Standard single-tenant, ASE v3, and Hybrid (on-prem via Container Apps).",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-overview",
          "models": [
            "saas",
            "on-prem",
            "hybrid"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Run/trigger history and diagnostics to Azure Monitor / Log Analytics.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/logic-apps/monitor-logic-apps"
        },
        "soc2": {
          "status": "yes",
          "detail": "In-scope Azure service under SOC 2 Type 2.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-2"
        },
        "iso27001": {
          "status": "yes",
          "detail": "In-scope Azure service under ISO/IEC 27001:2022.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27001"
        },
        "iso42001": {
          "status": "partial",
          "detail": "Microsoft's ISO 42001 scope names Copilot products and Foundry; Logic Apps is not individually listed.",
          "sourceUrl": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001"
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "General-purpose workflow automation, not an AI system; obligations depend on integrated components."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary Microsoft service; no source access.",
          "sourceUrl": "https://azure.microsoft.com/en-us/products/logic-apps/",
          "level": "high"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "aws-step-functions",
      "name": "AWS Step Functions",
      "category": "orchestration",
      "type": "vendor",
      "vendor": "AWS",
      "description": "Serverless state machine orchestration service for AWS-native workflows and automation.",
      "strengths": [
        "AWS service integration",
        "Serverless execution",
        "Strong automation fit"
      ],
      "clouds": [
        "aws"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.aws.amazon.com/step-functions/",
      "websiteUrl": "https://aws.amazon.com/step-functions/",
      "pricing": "$0.025 per 1K transitions (Standard).",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "orchestration",
        "aws",
        "workflow"
      ],
      "logoUrl": "/logos/aws-step-functions.svg",
      "logoKind": "service-icon",
      "logoSourceUrl": "https://aws.amazon.com/architecture/icons/",
      "logoNotes": "Official AWS architecture icon from Icon-package_01302026.",
      "logoReviewedAt": "2026-04-19",
      "practitionerNote": "Strong fit for AWS-native production workflows that need explicit state, retries, and operational control rather than a higher-level AI builder UX.",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Regional service; executions and state remain in the selected AWS region.",
          "sourceUrl": "https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html"
        },
        "deployment": {
          "status": "yes",
          "detail": "Fully managed serverless SaaS on AWS; no self-hosted option.",
          "sourceUrl": "https://aws.amazon.com/step-functions/",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Native execution history; Express history to CloudWatch; CloudTrail captures API calls.",
          "sourceUrl": "https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html"
        },
        "soc2": {
          "status": "yes",
          "detail": "Explicitly in scope for AWS SOC 1/2/3.",
          "sourceUrl": "https://aws.amazon.com/compliance/services-in-scope/SOC/"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Named in the AWS ISO/IEC 27001:2022 certificate.",
          "sourceUrl": "https://aws.amazon.com/compliance/iso-certified/"
        },
        "iso42001": {
          "status": "no",
          "detail": "AWS ISO 42001 scope covers Bedrock/Q Business/Textract/Transcribe only; Step Functions is not AI and not in scope.",
          "sourceUrl": "https://aws.amazon.com/blogs/machine-learning/aws-achieves-iso-iec-420012023-artificial-intelligence-management-system-accredited-certification/"
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Serverless state-machine orchestration, not an AI system."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary AWS service; no source access.",
          "sourceUrl": "https://aws.amazon.com/step-functions/",
          "level": "high"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "google-cloud-workflows",
      "name": "Google Cloud Workflows",
      "category": "orchestration",
      "type": "vendor",
      "vendor": "Google",
      "description": "Serverless workflow orchestration for Google Cloud services and HTTP APIs.",
      "strengths": [
        "Simple serverless orchestration",
        "GCP-native fit",
        "HTTP API support"
      ],
      "clouds": [
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://cloud.google.com/workflows/docs",
      "websiteUrl": "https://cloud.google.com/workflows",
      "pricing": "$0.01 per 1K internal steps; $0.025 per 1K external steps.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "orchestration",
        "gcp",
        "workflow"
      ],
      "logoUrl": "/logos/google-cloud-workflows.svg",
      "logoKind": "service-icon",
      "logoSourceUrl": "https://cloud.google.com/icons",
      "logoNotes": "Official Google Cloud workflow icon from the Google Cloud icon library.",
      "logoReviewedAt": "2026-04-19",
      "practitionerNote": "Pragmatic choice for GCP-centric teams orchestrating APIs and services, but usually not the first pick for richer agent-builder experiences.",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Regional resource; resource-location policies enforce residency (outbound calls may differ).",
          "sourceUrl": "https://docs.cloud.google.com/workflows/docs/locations"
        },
        "deployment": {
          "status": "yes",
          "detail": "Fully managed serverless SaaS on Google Cloud; no self-hosted option.",
          "sourceUrl": "https://cloud.google.com/workflows",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Cloud Audit Logs capture admin-activity and data-access events via workflows.googleapis.com.",
          "sourceUrl": "https://docs.cloud.google.com/workflows/docs/audit-logging"
        },
        "soc2": {
          "status": "yes",
          "detail": "Runs on Google Cloud, which holds SOC 2 Type II.",
          "sourceUrl": "https://cloud.google.com/security/compliance/soc-2"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Runs on ISO/IEC 27001-certified Google Cloud infrastructure.",
          "sourceUrl": "https://cloud.google.com/security/compliance/iso-27001"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Google Cloud holds ISO 42001 for AI services; Workflows (non-AI) per-service scope is not publicly confirmed."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Serverless workflow orchestration, not an AI system."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary Google Cloud service; no source access.",
          "sourceUrl": "https://cloud.google.com/workflows",
          "level": "high"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "databricks-lakeflow-jobs",
      "name": "Databricks Lakeflow Jobs",
      "category": "orchestration",
      "type": "vendor",
      "vendor": "Databricks",
      "description": "Workflow automation for Databricks tasks, pipelines, and ML workloads with DAG, trigger, and observability support.",
      "strengths": [
        "Visual DAG orchestration",
        "Task branching, loops, and triggers",
        "Native notebook, pipeline, and ML workflow support"
      ],
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.databricks.com/aws/en/jobs",
      "websiteUrl": "https://www.databricks.com/product/data-engineering",
      "pricing": "Databricks workload and job execution costs depend on the underlying compute and services used.",
      "pricingModel": "paid",
      "languages": [
        "Python",
        "SQL"
      ],
      "status": "active",
      "tags": [
        "orchestration",
        "databricks",
        "jobs",
        "workflows"
      ],
      "logoKind": "official-vendor",
      "logoNotes": "Official Databricks wordmark reused across Databricks product entries because the public Databricks brand portal exposes the vendor lockup, while Lakeflow Jobs does not expose a distinct standalone public mark.",
      "logoReviewedAt": "2026-05-24",
      "logoUrl": "/logos/databricks.png",
      "logoSourceUrl": "https://brand.databricks.com/databricks-logo",
      "practitionerNote": "Strong when orchestration mostly coordinates Databricks notebooks, pipelines, and ML runs, but it is not the same thing as a broad cross-SaaS automation layer.",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Workspace data stays in the workspace region; audit logs are region-local.",
          "sourceUrl": "https://docs.databricks.com/aws/en/admin/account-settings/audit-logs"
        },
        "deployment": {
          "status": "yes",
          "detail": "Managed SaaS on AWS/Azure/GCP; dedicated single-tenant available; no OSS self-hosted edition.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/soc",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Audit log system tables capture workspace/account events across the platform.",
          "sourceUrl": "https://docs.databricks.com/aws/en/admin/account-settings/audit-logs"
        },
        "soc2": {
          "status": "yes",
          "detail": "Databricks SOC 2 Type II across all clouds/regions.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/soc"
        },
        "iso27001": {
          "status": "yes",
          "detail": "ISO/IEC 27001:2022 certified across all three clouds.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/iso-27001"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "No public ISO 42001 certification listed for Databricks as of 2026-05."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Data pipeline / ML workflow orchestrator, not an AI model provider."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary Databricks service.",
          "sourceUrl": "https://www.databricks.com/product/ai",
          "level": "high"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "n8n",
      "name": "n8n",
      "category": "orchestration",
      "type": "opensource",
      "vendor": "n8n",
      "description": "Workflow automation platform with strong self-hosting support and broad integration coverage.",
      "strengths": [
        "Large integration catalog",
        "Strong workflow automation ecosystem",
        "Low-code orchestration builder"
      ],
      "license": "Sustainable Use License",
      "licenseWarning": "n8n uses a Sustainable Use License, not MIT or Apache 2.0. It is more accurately described as source-available.",
      "licenseHistory": [
        {
          "date": "2022-03-17",
          "fromLicense": "Apache 2.0 with Commons Clause",
          "toLicense": "Sustainable Use License",
          "direction": "open",
          "sourceUrl": "https://blog.n8n.io/announcing-new-sustainable-use-license/",
          "sourceTitle": "n8n: Announcing the new Sustainable Use License",
          "notes": "Replaced the Commons Clause restriction with n8n's fair-code Sustainable Use License, explicitly permitting paid consulting/support. Both states are source-available, not OSI-approved."
        }
      ],
      "githubUrl": "https://github.com/n8n-io/n8n",
      "githubStars": 196010,
      "version": "2.29.10",
      "docsUrl": "https://docs.n8n.io/",
      "websiteUrl": "https://n8n.io/",
      "pricingModel": "freemium",
      "status": "active",
      "tags": [
        "orchestration",
        "automation",
        "self-hosted",
        "source-available"
      ],
      "logoUrl": "/logos/n8n.svg",
      "logoKind": "project-logo",
      "logoSourceUrl": "https://n8n.io/brandguidelines/",
      "logoNotes": "Official n8n wordmark asset from the n8n brand guidelines download page (`logo-dark.svg`).",
      "logoReviewedAt": "2026-05-11",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Often the fastest path for ops-heavy teams that want broad integrations and self-hosting, though complex enterprise controls may need extra discipline around change management.",
      "lastRelease": "2026-07-10",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "n8n Cloud currently EU-only; self-hosted gives customer-controlled residency.",
          "sourceUrl": "https://n8n.io/security/"
        },
        "deployment": {
          "status": "yes",
          "detail": "Self-hosted (primary OSS mode), n8n Cloud (EU SaaS), or hybrid.",
          "sourceUrl": "https://n8n.io/enterprise/",
          "models": [
            "self-hosted",
            "saas",
            "hybrid"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "Execution insights and log streaming; enterprise Cloud adds access logs; no immutable audit log for self-hosted OSS.",
          "sourceUrl": "https://n8n.io/enterprise/"
        },
        "soc2": {
          "status": "yes",
          "detail": "Annual independent SOC 2 audit; SOC 3 public report; SOC 2 Type II to enterprise customers.",
          "sourceUrl": "https://n8n.io/security/"
        },
        "iso27001": {
          "status": "no",
          "detail": "ISO 27001 not held; absent from the n8n security page / Trust Center.",
          "sourceUrl": "https://n8n.io/security/"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Not mentioned in n8n public compliance documentation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Workflow automation tooling, not itself an AI system."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Sustainable Use License (source-available, fair-code, not OSI); EE features under a separate license.",
          "sourceUrl": "https://github.com/n8n-io/n8n/blob/master/LICENSE.md",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "paperclip",
      "name": "Paperclip",
      "category": "orchestration",
      "type": "opensource",
      "vendor": "Paperclip",
      "description": "Open source control plane for orchestrating persistent AI agent teams, budgets, and approvals.",
      "strengths": [
        "Persistent multi-agent control plane",
        "Built-in budgets and governance",
        "Human approval gates"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/paperclipai/paperclip",
      "githubStars": 73345,
      "version": "v2026.707.0",
      "lastRelease": "2026-07-07",
      "docsUrl": "https://paperclip.ing/docs",
      "websiteUrl": "https://paperclip.ing/",
      "pricingModel": "free",
      "status": "active",
      "tags": [
        "orchestration",
        "opensource",
        "multi-agent",
        "governance"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Paperclip favicon/icon asset from the owner-controlled homepage (`/favicon.svg`), verified byte-for-byte against the live source on 2026-05-13 and rendered as a square service icon.",
      "logoReviewedAt": "2026-05-13",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "languages": [
        "TypeScript",
        "JavaScript"
      ],
      "practitionerNote": "Interesting control-plane option when budgets, approvals, and persistent agent operations matter, but still earlier than more established workflow stacks.",
      "logoUrl": "/logos/paperclip.svg",
      "logoSourceUrl": "https://paperclip.ing/favicon.svg",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Fully self-hosted; data stays on customer infrastructure (embedded/external Postgres).",
          "sourceUrl": "https://github.com/paperclipai/paperclip"
        },
        "deployment": {
          "status": "yes",
          "detail": "Self-hosted only (Node.js + Postgres); no vendor-managed cloud.",
          "sourceUrl": "https://github.com/paperclipai/paperclip",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "unknown",
          "detail": "No dedicated audit-log subsystem documented; OSS codebase is auditable."
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "No vendor-managed cloud; SOC 2 falls on the customer's hosting environment."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Customer-operated; no managed service to certify."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Tooling component; customer-operated."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Open-source agent control-plane component, not an AI model/provider."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://github.com/paperclipai/paperclip?tab=MIT-1-ov-file",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "langflow",
      "name": "LangFlow",
      "category": "orchestration",
      "type": "opensource",
      "vendor": "LangFlow / DataStax",
      "description": "Visual flow builder for LLM pipelines and agent workflows with self-hosting support.",
      "strengths": [
        "Visual workflow canvas",
        "LangChain ecosystem fit",
        "API and playground handoff"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/langflow-ai/langflow",
      "githubStars": 151616,
      "version": "1.10.2",
      "docsUrl": "https://docs.langflow.org/",
      "pricingModel": "free",
      "status": "active",
      "statusNote": "DataStax Cloud is shutting down April 9, 2026. Self-hosting remains available.",
      "tags": [
        "orchestration",
        "visual",
        "self-hosted"
      ],
      "logoUrl": "/logos/langflow.png",
      "logoKind": "project-logo",
      "logoSourceUrl": "https://www.langflow.org/",
      "logoNotes": "Official Langflow website logo asset (`/images/logo.png`). No separate brand-guidelines or media-kit page was found at review time, so this remains a homepage-sourced project logo pending a stronger primary source.",
      "logoReviewedAt": "2026-05-11",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Useful for visual experimentation and internal workflow builds, though larger enterprise rollouts should validate long-term governance and platform direction after the IBM/DataStax shift.",
      "lastRelease": "2026-07-07",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted gives customer-controlled residency (DataStax cloud shut down 2026-04).",
          "sourceUrl": "https://docs.datastax.com/en/langflow/faqs.html"
        },
        "deployment": {
          "status": "yes",
          "detail": "Self-hosted (Docker/Kubernetes/local); IBM/DataStax managed cloud deprecated.",
          "sourceUrl": "https://www.langflow.org/blog/big-news-for-langflow",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "unknown",
          "detail": "No dedicated audit-logging documentation for the self-hosted OSS edition."
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "No active managed cloud; self-hosted operators carry their own posture."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "No active managed cloud to certify."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Tooling component; customer-operated."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Visual workflow-builder framework, not an AI model/provider."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://github.com/langflow-ai/langflow/blob/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "dify",
      "name": "Dify",
      "category": "orchestration",
      "type": "opensource",
      "vendor": "Dify",
      "description": "Application development and workflow platform for LLM apps with plugin and enterprise features.",
      "strengths": [
        "App + workflow surface in one stack",
        "Built-in BaaS-style app publishing",
        "Plugin architecture"
      ],
      "license": "Modified Apache 2.0",
      "licenseWarning": "Dify's modified Apache 2.0 restricts multi-tenant deployment and requires retaining Dify branding without a commercial license.",
      "githubUrl": "https://github.com/langgenius/dify",
      "githubStars": 148466,
      "version": "1.15.0",
      "docsUrl": "https://docs.dify.ai/en/use-dify/getting-started/introduction",
      "pricingModel": "freemium",
      "status": "active",
      "tags": [
        "orchestration",
        "self-hosted",
        "license-caution"
      ],
      "logoUrl": "/logos/dify.svg",
      "logoKind": "project-logo",
      "logoSourceUrl": "https://docs.dify.ai/en/resources/about-dify/dify-brand-guidelines",
      "logoNotes": "Official Dify docs/brand-guidelines logo asset (`d05cfc6ebe48f725d171dc71c64a5d16.svg`) from the owner-controlled docs site.",
      "logoReviewedAt": "2026-05-12",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Good fit for teams that want one self-hostable surface for apps, workflows, and model operations, but the license and commercial boundary need review before standardising widely.",
      "lastRelease": "2026-06-25",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Self-hosted is customer-controlled; Dify Cloud region not publicly documented.",
          "sourceUrl": "https://dify.ai/blog/dify-achieves-soc-2-iso-27001-gdpr-compliance-for-the-second-year-running"
        },
        "deployment": {
          "status": "yes",
          "detail": "Docker/Kubernetes self-hosted, Dify Cloud SaaS, or enterprise on-prem.",
          "sourceUrl": "https://docs.dify.ai/en/getting-started/introduction",
          "models": [
            "self-hosted",
            "saas",
            "on-prem"
          ]
        },
        "auditLogging": {
          "status": "unknown",
          "detail": "No dedicated audit-log documentation confirmed on public Dify docs."
        },
        "soc2": {
          "status": "yes",
          "detail": "SOC 2 Type II (Sensiba), second consecutive year.",
          "sourceUrl": "https://dify.ai/blog/dify-achieves-soc-2-iso-27001-gdpr-compliance-for-the-second-year-running"
        },
        "iso27001": {
          "status": "yes",
          "detail": "ISO 27001:2022 (Johanson), second consecutive year.",
          "sourceUrl": "https://dify.ai/blog/dify-achieves-soc-2-iso-27001-gdpr-compliance-for-the-second-year-running"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Not mentioned in Dify's public compliance documentation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Application/workflow platform tooling; deployer carries obligations for systems built with it."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Modified Apache-2.0 — adds multi-tenant and branding restrictions, outside OSI Apache-2.0.",
          "sourceUrl": "https://github.com/langgenius/dify/blob/main/LICENSE",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "flowise",
      "name": "Flowise",
      "category": "orchestration",
      "type": "opensource",
      "vendor": "Flowise",
      "description": "Low-code orchestration and agent workflow builder now under Workday ownership.",
      "strengths": [
        "Low-code orchestration builder",
        "Chatflow + agent workflow support",
        "Wide model/provider connectivity"
      ],
      "license": "Apache 2.0",
      "licenseHistory": [
        {
          "date": "2023-09-08",
          "fromLicense": "MIT",
          "toLicense": "Apache 2.0",
          "direction": "restrictive",
          "sourceUrl": "https://github.com/FlowiseAI/Flowise/commits/main/LICENSE.md",
          "sourceTitle": "FlowiseAI/Flowise LICENSE.md commit history",
          "notes": "Both licenses are permissive and OSI-approved — a minor technical tightening (NOTICE preservation, explicit patent grant), not a source-available shift."
        }
      ],
      "githubUrl": "https://github.com/FlowiseAI/Flowise",
      "githubStars": 54516,
      "version": "3.1.3",
      "docsUrl": "https://docs.flowiseai.com/",
      "pricingModel": "free",
      "status": "active",
      "tags": [
        "orchestration",
        "low-code",
        "self-hosted"
      ],
      "logoUrl": "/logos/flowise.jpg",
      "logoKind": "project-logo",
      "logoSourceUrl": "https://docs.flowiseai.com/",
      "logoNotes": "Official Flowise docs-site icon asset (`Flowise Logo Dark High Res`) served from the owner-controlled documentation site. GitBook currently delivers the resized file as JPEG.",
      "logoReviewedAt": "2026-05-12",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Practical low-code orchestration layer for teams moving quickly, provided they validate security posture and ownership-roadmap fit for production use.",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Self-hosted is customer-controlled; Flowise Cloud stores data in US East 1 only.",
          "sourceUrl": "https://docs.flowiseai.com/configuration/deployment.md"
        },
        "deployment": {
          "status": "yes",
          "detail": "Self-hosted (Apache-2.0 core) or Flowise Cloud SaaS.",
          "sourceUrl": "https://docs.flowiseai.com/configuration/deployment.md",
          "models": [
            "self-hosted",
            "saas"
          ]
        },
        "auditLogging": {
          "status": "unknown",
          "detail": "No dedicated audit-log documentation; enterprise tier may add capabilities."
        },
        "soc2": {
          "status": "unknown",
          "detail": "No SOC 2 certification announced by Flowise directly."
        },
        "iso27001": {
          "status": "unknown",
          "detail": "No ISO 27001 certification found in Flowise documentation."
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Not mentioned in Flowise documentation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Low-code agent/workflow builder tooling, not an AI model/provider."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Apache-2.0 core + proprietary Commercial License for packages/server/src/enterprise (SSO/RBAC/audit).",
          "sourceUrl": "https://github.com/FlowiseAI/Flowise/blob/main/LICENSE.md",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      },
      "lastRelease": "2026-06-25"
    },
    {
      "id": "haystack",
      "name": "Haystack",
      "category": "orchestration",
      "type": "opensource",
      "vendor": "deepset",
      "description": "LLM pipeline and retrieval orchestration framework rebranded toward the Haystack Enterprise Platform story.",
      "strengths": [
        "Mature pipeline patterns",
        "Strong retrieval orientation",
        "Production-oriented evaluation tooling"
      ],
      "license": "Apache 2.0",
      "githubUrl": "https://github.com/deepset-ai/haystack",
      "githubStars": 25865,
      "version": "2.31.0",
      "docsUrl": "https://docs.haystack.deepset.ai/",
      "pricingModel": "free",
      "status": "active",
      "tags": [
        "orchestration",
        "pipelines",
        "rag"
      ],
      "logoUrl": "/logos/haystack.png",
      "logoKind": "project-logo",
      "logoSourceUrl": "https://haystack.deepset.ai/",
      "logoNotes": "Official Haystack website logo asset (`/images/logos/haystack.png`). No separate brand-guidelines or media-kit page was found at review time, so this remains a homepage-sourced project logo pending a stronger primary source.",
      "logoReviewedAt": "2026-05-11",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Strong option when retrieval pipelines and modular backend orchestration matter more than no-code UX or broad business-user automation.",
      "lastRelease": "2026-07-08",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Python library runs in-process on customer infrastructure; no vendor data handling.",
          "sourceUrl": "https://docs.haystack.deepset.ai/docs/deployment"
        },
        "deployment": {
          "status": "yes",
          "detail": "OSS library self-hosted (Docker/K8s/VMs); deepset offers a managed Enterprise Platform.",
          "sourceUrl": "https://docs.haystack.deepset.ai/docs/deployment",
          "models": [
            "self-hosted",
            "on-prem"
          ]
        },
        "auditLogging": {
          "status": "not-applicable",
          "detail": "OSS library has no built-in audit log; operators integrate their own."
        },
        "soc2": {
          "status": "partial",
          "detail": "OSS library N/A; the deepset-managed Haystack Enterprise Platform holds SOC 2.",
          "sourceUrl": "https://www.deepset.ai/products-and-services/haystack-enterprise-platform"
        },
        "iso27001": {
          "status": "partial",
          "detail": "OSS library N/A; the deepset Enterprise Platform holds ISO 27001.",
          "sourceUrl": "https://www.deepset.ai/products-and-services/haystack-enterprise-platform"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Not mentioned in Haystack/deepset public compliance documentation."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "OSS pipeline framework, not an AI model/provider."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Apache-2.0 — permissive, OSI-approved.",
          "sourceUrl": "https://github.com/deepset-ai/haystack/blob/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "rivet",
      "name": "Rivet",
      "category": "orchestration",
      "type": "opensource",
      "vendor": "Rivet",
      "description": "Workflow builder for AI pipelines with desktop-first self-hosting support.",
      "strengths": [
        "Visual pipeline builder",
        "Desktop-friendly",
        "Prompt graph debugging"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/Ironclad/rivet",
      "githubStars": 4631,
      "version": "1.11.3",
      "docsUrl": "https://rivet.ironcladapp.com/",
      "pricingModel": "free",
      "status": "maintenance",
      "statusNote": "No releases in 8+ months. Appears to be in maintenance or slow development.",
      "tags": [
        "orchestration",
        "visual",
        "maintenance"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Rivet app logo from the owner-controlled Rivet homepage nav asset (`img/logo.svg`). Kept as a square service icon because the published asset is a square mark rather than a wide wordmark.",
      "logoReviewedAt": "2026-05-13",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Can still work for narrow visual pipeline use cases, but the maintenance signal makes it a cautious choice for new enterprise standardisation.",
      "logoUrl": "/logos/rivet.svg",
      "logoSourceUrl": "https://rivet.ironcladapp.com/",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Desktop application; data stays on the local machine; no vendor cloud.",
          "sourceUrl": "https://rivet.ironcladapp.com/docs/getting-started/installation"
        },
        "deployment": {
          "status": "yes",
          "detail": "Desktop app (macOS/Windows/Linux) and embeddable Node/TS library; no vendor cloud.",
          "sourceUrl": "https://rivet.ironcladapp.com/docs/getting-started/installation",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "not-applicable",
          "detail": "Desktop-only; no server-side audit infrastructure."
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "No managed cloud service; user-operated desktop app."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "No managed cloud service to certify."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Not a cloud AI system provider."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Desktop visual pipeline builder, not an AI model/provider."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive, OSI-approved.",
          "sourceUrl": "https://github.com/Ironclad/rivet/blob/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "azure-ai-content-safety",
      "name": "Azure AI Content Safety",
      "category": "governance",
      "type": "vendor",
      "vendor": "Microsoft",
      "description": "Content moderation and safety service with configurable severity scoring and on-prem options.",
      "strengths": [
        "On-premises containers",
        "Configurable severity scoring",
        "Azure SDK integration"
      ],
      "clouds": [
        "azure"
      ],
      "license": "Proprietary",
      "docsUrl": "https://learn.microsoft.com/azure/ai-services/content-safety/overview",
      "websiteUrl": "https://azure.microsoft.com/en-us/products/ai-services/ai-content-safety/",
      "pricing": "Pay-per-text-unit with free tier.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "governance",
        "azure",
        "safety"
      ],
      "logoUrl": "/logos/azure-ai-content-safety.svg",
      "logoKind": "service-icon",
      "logoSourceUrl": "https://learn.microsoft.com/en-us/azure/architecture/icons/",
      "logoNotes": "Official Microsoft Azure architecture/service icon from Azure_Public_Service_Icons_V23.",
      "logoReviewedAt": "2026-04-19",
      "practitionerNote": "Useful when teams already run on Azure and need turnkey moderation and safety classifiers, but it is narrower than a full policy/governance control plane.",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Data processed/stored in the selected Azure region (22+ regions); on-prem container option.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/foundry/responsible-ai/content-safety/data-privacy"
        },
        "deployment": {
          "status": "yes",
          "detail": "Primary SaaS via Azure API; Docker container for on-prem/disconnected.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/ai-services/content-safety/overview",
          "models": [
            "saas",
            "on-prem"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "Azure Monitor / Activity Log cover API calls; no native per-decision content audit log documented.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/ai-services/content-safety/overview"
        },
        "soc2": {
          "status": "yes",
          "detail": "In-scope Azure AI service under SOC 2 Type 2.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-2"
        },
        "iso27001": {
          "status": "yes",
          "detail": "In-scope under Azure ISO/IEC 27001:2022.",
          "sourceUrl": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27001"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Not confirmed in Microsoft ISO 42001 scope for Content Safety as of 2026-05."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Safety component that helps operators comply; not itself a high-risk AI system."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary Azure SaaS; vendor lock-in to Azure safety APIs.",
          "sourceUrl": "https://azure.microsoft.com/en-us/products/ai-services/ai-content-safety/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "aws-bedrock-guardrails",
      "name": "Amazon Bedrock Guardrails",
      "category": "governance",
      "type": "vendor",
      "vendor": "AWS",
      "description": "Configurable safety layer for filtering, PII handling, hallucination reduction, and policy controls.",
      "strengths": [
        "Automated Reasoning",
        "85% price cut noted in guide",
        "Strong Bedrock integration"
      ],
      "clouds": [
        "aws"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html",
      "websiteUrl": "https://aws.amazon.com/bedrock/guardrails/",
      "pricing": "$0.15 per 1K text units after price cut.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "governance",
        "aws",
        "guardrails"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official AWS architecture icon for Amazon Bedrock (`Arch_Amazon-Bedrock_64.svg` from the AWS Architecture Icons pack), intentionally reused for Bedrock Guardrails because AWS currently presents Guardrails as a Bedrock capability rather than with a separate public icon.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Best fit for Bedrock-centric deployments that want managed prompt/content guardrails close to model invocation instead of a separate governance stack.",
      "logoUrl": "/logos/aws-bedrock.svg",
      "logoSourceUrl": "https://aws.amazon.com/architecture/icons/",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Processed in the resource region; FedRAMP High in GovCloud; no sovereign/multi-cloud option.",
          "sourceUrl": "https://aws.amazon.com/bedrock/security-compliance/"
        },
        "deployment": {
          "status": "yes",
          "detail": "Fully managed AWS SaaS; no self-hosted/on-prem option.",
          "sourceUrl": "https://aws.amazon.com/bedrock/guardrails/",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Violations to CloudWatch / optional S3; CloudTrail captures API calls.",
          "sourceUrl": "https://aws.amazon.com/bedrock/security-compliance/"
        },
        "soc2": {
          "status": "yes",
          "detail": "Amazon Bedrock in scope for AWS SOC 1/2/3 (Type II).",
          "sourceUrl": "https://docs.aws.amazon.com/bedrock/latest/userguide/compliance-validation.html"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Amazon Bedrock in scope for ISO 27001 (and 27017/27018/27701).",
          "sourceUrl": "https://aws.amazon.com/compliance/iso-certified/"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Bedrock holds ISO 42001 at the service level; Guardrails sub-feature scope not separately confirmed."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Safety/filtering component; not itself a high-risk AI system."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary AWS SaaS; no OSS path.",
          "sourceUrl": "https://aws.amazon.com/bedrock/guardrails/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "google-model-armor",
      "name": "Google Model Armor",
      "category": "governance",
      "type": "vendor",
      "vendor": "Google",
      "description": "Model-agnostic prompt and response safety screening layer across Google enterprise infrastructure.",
      "strengths": [
        "Model-agnostic screening",
        "Google security integration",
        "Enterprise API fit"
      ],
      "clouds": [
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://cloud.google.com/security-command-center/docs/model-armor-overview",
      "websiteUrl": "https://cloud.google.com/",
      "pricing": "Pay-as-you-go.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "governance",
        "gcp",
        "safety"
      ],
      "logoKind": "official-vendor",
      "logoNotes": "Google Cloud does not expose a standalone public Model Armor logo on the official product page; this uses the owner-controlled Google Cloud header logo (`https://www.gstatic.com/cgc/google-cloud-logo.svg`) as the shared vendor mark for the service.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Worth evaluating for Google-first estates that need managed prompt and response protection, especially around injection and unsafe content controls.",
      "logoUrl": "/logos/google-cloud.svg",
      "logoSourceUrl": "https://cloud.google.com/security/products/model-armor",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "US/EU regional endpoints; in-memory processing without durable retention unless logging enabled.",
          "sourceUrl": "https://docs.cloud.google.com/model-armor/overview"
        },
        "deployment": {
          "status": "yes",
          "detail": "Stateless cloud-native SaaS via regional API; standalone or with Security Command Center.",
          "sourceUrl": "https://cloud.google.com/security/products/model-armor",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Audit logs via Cloud Logging filtering on modelarmor.googleapis.com.",
          "sourceUrl": "https://docs.cloud.google.com/model-armor/overview"
        },
        "soc2": {
          "status": "yes",
          "detail": "Runs on SOC 2 Type II Google Cloud infrastructure.",
          "sourceUrl": "https://cloud.google.com/security/compliance/soc-2"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Runs on ISO/IEC 27001-certified Google Cloud infrastructure.",
          "sourceUrl": "https://cloud.google.com/security/compliance/iso-27001"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Model Armor not confirmed in Google Cloud ISO 42001 scope as of 2026-05."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Prompt/response screening component; supports operators' compliance, not itself high-risk."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary GCP SaaS; full dependency on GCP.",
          "sourceUrl": "https://cloud.google.com/security/products/model-armor",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "databricks-unity-ai-gateway",
      "name": "Databricks Unity AI Gateway",
      "category": "governance",
      "type": "vendor",
      "vendor": "Databricks",
      "description": "Central AI governance layer for LLM endpoints, agents, MCP servers, and coding agents on Databricks.",
      "strengths": [
        "Usage tracking and audit logging",
        "Permissions, rate limits, and traffic controls",
        "Governance for endpoints and MCP interactions"
      ],
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.databricks.com/aws/en/ai-gateway/",
      "websiteUrl": "https://www.databricks.com/product/ai",
      "pricing": "Underlying Databricks platform consumption still applies; current AI Gateway beta governance features are documented as no-charge.",
      "pricingModel": "paid",
      "languages": [
        "Python",
        "SQL"
      ],
      "status": "active",
      "tags": [
        "governance",
        "databricks",
        "mcp",
        "guardrails",
        "observability"
      ],
      "logoKind": "official-vendor",
      "logoNotes": "Official Databricks wordmark reused across Databricks product entries because the public Databricks brand portal exposes the vendor lockup, while Unity AI Gateway does not expose a distinct standalone public mark.",
      "logoReviewedAt": "2026-05-24",
      "logoUrl": "/logos/databricks.png",
      "logoSourceUrl": "https://brand.databricks.com/databricks-logo",
      "practitionerNote": "Relevant when governance needs to sit directly on Databricks-hosted agents, endpoints, and MCP access instead of being bolted on from a separate gateway layer.",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Customer-selected cloud region (AWS/Azure/GCP); AI Guardrails limited to pay-per-token regions; no GovCloud.",
          "sourceUrl": "https://docs.databricks.com/aws/en/ai-gateway/"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS layer within Databricks on AWS/Azure/GCP; no standalone self-hosted (Beta).",
          "sourceUrl": "https://www.databricks.com/product/artificial-intelligence/ai-gateway",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Audit logging for MCP/AI endpoint requests; inference tables store request/response as Delta.",
          "sourceUrl": "https://docs.databricks.com/aws/en/ai-gateway/"
        },
        "soc2": {
          "status": "yes",
          "detail": "Databricks SOC 2 Type II across AWS/Azure/GCP.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/soc"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Databricks ISO/IEC 27001:2022 certified across clouds.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/iso-27001"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "Databricks references ISO 42001 as a customer framework (DASF 2.0) but has not published its own certification.",
          "sourceUrl": "https://www.databricks.com/blog/announcing-databricks-ai-security-framework-20"
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Governance control-plane component; helps customers govern their own AI."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; lock-in to Databricks-centric stacks.",
          "sourceUrl": "https://docs.databricks.com/aws/en/ai-gateway/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "nemo-guardrails",
      "name": "NeMo Guardrails",
      "category": "governance",
      "type": "opensource",
      "vendor": "NVIDIA",
      "description": "Open source guardrails framework for LLM and agent safety with a dedicated Colang DSL.",
      "strengths": [
        "Purpose-built guardrails DSL",
        "Conversation flow controls",
        "NVIDIA ecosystem alignment"
      ],
      "license": "Apache 2.0",
      "githubUrl": "https://github.com/NVIDIA-NeMo/Guardrails",
      "githubStars": 6661,
      "docsUrl": "https://docs.nvidia.com/nemo/guardrails/",
      "pricing": "Free OSS plus NVIDIA NIM options.",
      "pricingModel": "free",
      "status": "active",
      "statusNote": "Repository moved from NVIDIA/NeMo-Guardrails to NVIDIA-NeMo/Guardrails.",
      "tags": [
        "governance",
        "guardrails",
        "opensource",
        "nvidia"
      ],
      "version": "0.23.0",
      "logoKind": "official-vendor",
      "logoNotes": "NVIDIA does not expose a standalone public NeMo Guardrails logo on the official docs surface; this uses the owner-controlled NVIDIA logo asset referenced by the docs theme (`_static/nvidia-logo-horiz-rgb-blk-for-screen.svg`) as the shared vendor mark.",
      "logoReviewedAt": "2026-05-15",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Good fit when teams want code-defined conversational and retrieval guardrails they can run themselves, accepting more engineering ownership than a managed service.",
      "logoUrl": "/logos/nvidia.svg",
      "logoSourceUrl": "https://docs.nvidia.com/nemo/guardrails/latest/",
      "lastRelease": "2026-07-01",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; residency fully operator-controlled.",
          "sourceUrl": "https://github.com/NVIDIA-NeMo/Guardrails"
        },
        "deployment": {
          "status": "yes",
          "detail": "Open-source Python library deployed by the operator; NVIDIA NIM cloud separate.",
          "sourceUrl": "https://docs.nvidia.com/nemo/guardrails/",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "not-applicable",
          "detail": "No built-in audit logging; operators add their own."
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; certification applies to the operator."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; certification applies to the operator's ISMS."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; applies to the operator."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "OSS library component; deployers carry obligations for systems they build."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Apache-2.0 — permissive, OSI-approved.",
          "sourceUrl": "https://github.com/NVIDIA-NeMo/Guardrails/blob/main/LICENSE.md",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "guardrails-ai",
      "name": "Guardrails AI",
      "category": "governance",
      "type": "opensource",
      "vendor": "Guardrails AI",
      "description": "Validation-focused guardrails framework with a large validator ecosystem and freemium model.",
      "strengths": [
        "50+ validators",
        "Structured output guardrails",
        "Python-first integration"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/guardrails-ai/guardrails",
      "githubStars": 7124,
      "docsUrl": "https://guardrailsai.com/docs",
      "pricingModel": "freemium",
      "status": "active",
      "tags": [
        "governance",
        "validators",
        "opensource"
      ],
      "version": "0.10.0",
      "logoKind": "project-logo",
      "logoNotes": "Official Guardrails AI project logo from the owner-controlled GitHub repo (`docs/assets/Guardrails-ai-logo-for-white-bg.svg`), committed byte-for-byte.",
      "logoReviewedAt": "2026-05-14",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Practical for Python-heavy application teams that want validator-style output controls in app code rather than buying a full enterprise governance platform.",
      "logoUrl": "/logos/guardrails-ai.svg",
      "logoSourceUrl": "https://github.com/guardrails-ai/guardrails",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; residency operator-controlled.",
          "sourceUrl": "https://github.com/guardrails-ai/guardrails"
        },
        "deployment": {
          "status": "yes",
          "detail": "Open-source Python library; paid managed Guardrails Hub/server also offered.",
          "sourceUrl": "https://guardrailsai.com/docs",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "not-applicable",
          "detail": "No built-in audit log for the OSS library; managed tier unverified."
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; certification applies to the operator."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; applies to the operator's ISMS."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; applies to the operator."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Validation library component; deployers carry obligations."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Apache-2.0 upstream (tracked license under data-correction review).",
          "sourceUrl": "https://github.com/guardrails-ai/guardrails/blob/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "llm-guard",
      "name": "LLM Guard",
      "category": "governance",
      "type": "opensource",
      "vendor": "Palo Alto Networks (Protect AI)",
      "description": "Open source safety filtering toolkit whose development has slowed following acquisition activity.",
      "strengths": [
        "Prompt/output scanning",
        "PII and toxicity detectors",
        "Useful safety primitives"
      ],
      "license": "MIT",
      "githubUrl": "https://github.com/protectai/llm-guard",
      "githubStars": 3163,
      "docsUrl": "https://protectai.github.io/llm-guard/",
      "pricingModel": "free",
      "status": "maintenance",
      "statusNote": "Development slowed significantly post acquisition. Last meaningful commit noted as December 2025 in the guide.",
      "tags": [
        "governance",
        "opensource",
        "maintenance"
      ],
      "version": "0.3.16",
      "logoKind": "project-logo",
      "logoNotes": "Official LLM Guard docs-site logo asset from the owner-controlled Protect AI project docs (`assets/logo.png`), post-acquisition.",
      "logoReviewedAt": "2026-05-13",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Best for security-minded teams that want open source scanning around prompts and outputs and are comfortable assembling their own policy pipeline.",
      "logoUrl": "/logos/llm-guard.png",
      "logoSourceUrl": "https://protectai.github.io/llm-guard/",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Self-hosted library; data stays on operator infrastructure.",
          "sourceUrl": "https://github.com/protectai/llm-guard"
        },
        "deployment": {
          "status": "yes",
          "detail": "Open-source Python library; maintenance mode, no managed service.",
          "sourceUrl": "https://protectai.github.io/llm-guard/",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "not-applicable",
          "detail": "No built-in audit log in the OSS library."
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Self-hosted library; certification applies to the operator."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; applies to the operator's ISMS."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Self-hosted library; applies to the operator."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "OSS safety-filtering library; not itself an AI system."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "MIT — permissive; note maintenance-mode operational risk.",
          "sourceUrl": "https://github.com/protectai/llm-guard/blob/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "rebuff",
      "name": "Rebuff",
      "category": "governance",
      "type": "opensource",
      "vendor": "Palo Alto Networks",
      "description": "Prompt injection defense project archived in May 2025 and not recommended for new projects.",
      "strengths": [
        "Prompt-injection focus",
        "Archived OSS reference point",
        "Historically notable"
      ],
      "license": "Apache 2.0",
      "githubUrl": "https://github.com/protectai/rebuff",
      "githubStars": 1510,
      "docsUrl": "https://github.com/protectai/rebuff",
      "pricingModel": "free",
      "status": "archived",
      "statusNote": "Archived May 16, 2025. Do not recommend for new projects.",
      "tags": [
        "governance",
        "archived",
        "opensource"
      ],
      "version": "0.1.1",
      "logoKind": "project-logo",
      "logoNotes": "Official Rebuff logo asset from the owner-controlled protectai/rebuff repo (`server/public/logo.png`), committed here as an optimized downscaled copy for badge use.",
      "logoReviewedAt": "2026-05-15",
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "practitionerNote": "Most relevant as a lightweight prompt-injection defense layer in custom stacks, not as a broad end-to-end AI governance product.",
      "logoUrl": "/logos/rebuff.png",
      "logoSourceUrl": "https://github.com/protectai/rebuff",
      "governance": {
        "dataResidency": {
          "status": "not-applicable",
          "detail": "Archived OSS library; operator-controlled if used."
        },
        "deployment": {
          "status": "yes",
          "detail": "Archived (2025-05-16); self-hosted if used; not recommended for new deployments.",
          "sourceUrl": "https://github.com/protectai/rebuff",
          "models": [
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "not-applicable",
          "detail": "Archived library; no infrastructure."
        },
        "soc2": {
          "status": "not-applicable",
          "detail": "Archived OSS library."
        },
        "iso27001": {
          "status": "not-applicable",
          "detail": "Archived OSS library."
        },
        "iso42001": {
          "status": "not-applicable",
          "detail": "Archived OSS library."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Archived prompt-injection defense library; not an active AI system."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Apache-2.0 — permissive; archived (abandonment risk).",
          "sourceUrl": "https://github.com/protectai/rebuff/blob/main/LICENSE",
          "level": "low"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "lakera-guard",
      "name": "Lakera Guard",
      "category": "governance",
      "type": "commercial",
      "vendor": "Check Point",
      "description": "Commercial LLM security layer integrating into broader cloud security offerings after acquisition.",
      "strengths": [
        "Managed prompt-injection defense",
        "Security platform alignment",
        "Freemium entry path"
      ],
      "license": "Proprietary",
      "docsUrl": "https://platform.lakera.ai/docs/api",
      "websiteUrl": "https://lakera.ai/",
      "pricingModel": "freemium",
      "status": "active",
      "tags": [
        "governance",
        "commercial",
        "security"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Lakera Guard icon asset from the owner-controlled Lakera Guard product page (`677da5b755934cb6289a0bb3_guard corner logo.svg` on the Lakera Webflow CDN), committed byte-for-byte as a square service icon.",
      "logoReviewedAt": "2026-05-14",
      "practitionerNote": "Strong option when security and abuse prevention need a managed specialist layer that can sit in front of multiple model/application surfaces.",
      "cloudBadgeReviewedAt": "2026-05-08",
      "logoUrl": "/logos/lakera-guard.svg",
      "logoSourceUrl": "https://www.lakera.ai/lakera-guard",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "SaaS plus self-hosted container option; residency regions not publicly listed (Check Point acquisition).",
          "sourceUrl": "https://www.lakera.ai/security"
        },
        "deployment": {
          "status": "yes",
          "detail": "Primary SaaS API; self-hosted container for enhanced control.",
          "sourceUrl": "https://www.lakera.ai/security",
          "models": [
            "saas",
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "unknown",
          "detail": "No specific audit-logging documentation on public pages."
        },
        "soc2": {
          "status": "yes",
          "detail": "Independent SOC 2 audits per the Lakera security page.",
          "sourceUrl": "https://www.lakera.ai/security"
        },
        "iso27001": {
          "status": "unknown",
          "detail": "Not stated on the public security page / Trust Center."
        },
        "iso42001": {
          "status": "unknown",
          "detail": "No documentation found."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Runtime AI security enforcement component; supports operator compliance."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; Check Point acquisition adds vendor-change and lock-in risk.",
          "sourceUrl": "https://www.checkpoint.com/press-releases/check-point-acquires-lakera-to-deliver-end-to-end-ai-security-for-enterprises/",
          "level": "high"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "arthur-genai-engine",
      "name": "Arthur GenAI Engine",
      "category": "governance",
      "type": "commercial",
      "vendor": "Arthur",
      "description": "Agent governance and discovery platform following Arthur AI's January 2026 GenAI Engine rename.",
      "strengths": [
        "Enterprise governance focus",
        "Observability and evaluation fit",
        "Agent governance positioning"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.arthur.ai/",
      "websiteUrl": "https://www.arthur.ai/",
      "pricingModel": "contact",
      "status": "active",
      "statusNote": "Rebranded from Arthur AI to Arthur GenAI Engine and pivoted toward agent discovery and governance.",
      "tags": [
        "governance",
        "commercial",
        "arthur"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official Arthur homepage logo asset captured from the owner-controlled site after the January 2026 GenAI Engine rebrand (`arthur-logo-dark.avif` via the Arthur Webflow CDN).",
      "logoReviewedAt": "2026-05-13",
      "practitionerNote": "Better suited to enterprises that want governance tied to observability, evaluation, and runtime risk monitoring rather than isolated content filters alone.",
      "cloudBadgeReviewedAt": "2026-05-08",
      "logoUrl": "/logos/arthur-genai-engine.avif",
      "logoSourceUrl": "https://www.arthur.ai/",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "SaaS, on-prem, and direct-GCP/AWS deploy options; SaaS residency regions not documented.",
          "sourceUrl": "https://www.arthur.ai/"
        },
        "deployment": {
          "status": "yes",
          "detail": "Deploy via SaaS, on-prem, or directly on GCP/AWS.",
          "sourceUrl": "https://www.arthur.ai/",
          "models": [
            "saas",
            "self-hosted",
            "on-prem"
          ]
        },
        "auditLogging": {
          "status": "unknown",
          "detail": "No specific audit-logging documentation surfaced; observability-oriented platform."
        },
        "soc2": {
          "status": "unknown",
          "detail": "No SOC 2 claim found on public Arthur pages."
        },
        "iso27001": {
          "status": "unknown",
          "detail": "No ISO 27001 claim found on public Arthur pages."
        },
        "iso42001": {
          "status": "unknown",
          "detail": "No ISO 42001 claim found."
        },
        "euAiAct": {
          "status": "not-applicable",
          "role": "not-applicable",
          "detail": "Agent governance/observability component; helps operators manage their own AI compliance."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary product (contact pricing); venture-backed startup risk.",
          "sourceUrl": "https://www.arthur.ai/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "github-copilot",
      "name": "GitHub Copilot",
      "category": "assistants",
      "subcategory": "coding",
      "type": "vendor",
      "vendor": "GitHub/Microsoft",
      "description": "Coding assistant platform delivered through IDE plugins with individual, business, and enterprise tiers.",
      "strengths": [
        "Broad IDE adoption",
        "Free tier for light usage",
        "Enterprise controls available"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.github.com/copilot",
      "websiteUrl": "https://github.com/features/copilot",
      "pricing": "Individual $10/mo; Business $39/user/mo; Enterprise custom.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "assistants",
        "coding",
        "copilot"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Copilot icon asset from the GitHub brand toolkit (`GitHub_Logos.zip` -> `Copilot_Icon_Black.svg`). GitHub changed standalone Copilot logo treatments in 2025, but this icon remains in the official pack and is used here as the compact service mark.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Safe default for enterprises standardising AI coding help broadly, especially when GitHub, VS Code, and policy controls already sit in the delivery path.",
      "cloudBadgeReviewedAt": "2026-05-08",
      "logoUrl": "/logos/github-copilot.svg",
      "logoSourceUrl": "https://brand.github.com/brand-identity/copilot",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "EU data residency on GitHub Enterprise Cloud (US/EU only, surcharge); Business/Individual default US.",
          "sourceUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/data-residency/github-copilot-with-data-residency"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS via IDE plugins; no self-hosted/on-prem option.",
          "sourceUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/data-residency/github-copilot-with-data-residency",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Enterprise audit logs cover seat/access/policy and Copilot interactions; audit-log API.",
          "sourceUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise"
        },
        "soc2": {
          "status": "yes",
          "detail": "GitHub SOC 2 Type II; Copilot in scope.",
          "sourceUrl": "https://copilot.github.trust.page/faq"
        },
        "iso27001": {
          "status": "yes",
          "detail": "GitHub ISO/IEC 27001:2022; Copilot in scope.",
          "sourceUrl": "https://copilot.github.trust.page/faq"
        },
        "iso42001": {
          "status": "yes",
          "detail": "GitHub Copilot listed in Microsoft ISO/IEC 42001:2023 scope.",
          "sourceUrl": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001"
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; GitHub/Microsoft ecosystem lock-in.",
          "sourceUrl": "https://github.com/features/copilot",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "amazon-q-developer",
      "name": "Amazon Q Developer",
      "category": "assistants",
      "subcategory": "coding",
      "type": "vendor",
      "vendor": "AWS",
      "description": "AWS coding assistant integrated into IDE workflows with agentic request limits and AWS-native context.",
      "strengths": [
        "AWS-native development fit",
        "Free tier",
        "Enterprise plans available"
      ],
      "clouds": [
        "aws"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/what-is.html",
      "websiteUrl": "https://aws.amazon.com/q/developer/",
      "pricing": "$19/user/mo Pro; $39/user/mo Pro+.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "assistants",
        "coding",
        "aws"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official AWS architecture icon for Amazon Q (`Arch_Amazon-Q_64.svg` from the AWS Architecture Icons pack), intentionally reused because AWS presents these surfaces as Amazon Q variants rather than with separate public per-variant icons.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Best fit for AWS-heavy engineering teams that want coding help tied closely to cloud context, IAM, and internal AWS workflows.",
      "logoUrl": "/logos/amazon-q.svg",
      "logoSourceUrl": "https://aws.amazon.com/architecture/icons/",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Pro tier stores in the profile region; free tier defaults US East; EU inference kept in EU.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/data-storage.html"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS via IDE plugin / AWS console; no self-hosted option.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/what-is.html",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "All Pro API calls logged via CloudTrail; configurable S3 delivery.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/logging-using-cloudtrail.html"
        },
        "soc2": {
          "status": "yes",
          "detail": "Amazon Q Developer in scope for AWS SOC 1/2/3.",
          "sourceUrl": "https://aws.amazon.com/compliance/services-in-scope/SOC/"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Amazon Q Developer ISO/IEC 27001:2022 certified.",
          "sourceUrl": "https://aws.amazon.com/compliance/iso-certified/"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "AWS ISO 42001 scope names Q Business/Bedrock/Textract/Transcribe; Q Developer not explicitly listed."
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; AWS toolchain lock-in.",
          "sourceUrl": "https://aws.amazon.com/q/developer/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "gemini-code-assist",
      "name": "Gemini Code Assist",
      "category": "assistants",
      "subcategory": "coding",
      "type": "vendor",
      "vendor": "Google",
      "description": "Google coding assistant for IDE workflows with a generous free completion tier.",
      "strengths": [
        "VPC-SC + IP indemnification",
        "Google ecosystem fit",
        "Private codebase customization"
      ],
      "clouds": [
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://cloud.google.com/gemini/docs/codeassist/overview",
      "websiteUrl": "https://cloud.google.com/products/gemini/code-assist",
      "pricing": "$19/user/mo Standard; ~$45/user/mo Enterprise.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "assistants",
        "coding",
        "gcp"
      ],
      "logoKind": "project-logo",
      "logoNotes": "Official Gemini Code Assist wordmark asset from the owner-controlled Code Assist for Business site, verified byte-for-byte against `https://www.gstatic.com/cgc/codeassist/logo-gemini-code-assist-2025.png` on 2026-05-14.",
      "logoReviewedAt": "2026-05-14",
      "practitionerNote": "Worth considering for Google Cloud-centric teams, but enterprise rollout quality still depends heavily on how much of the stack already lives in Google tooling.",
      "logoUrl": "/logos/gemini-code-assist.png",
      "logoSourceUrl": "https://codeassist.google/products/business",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Stateless by default; Enterprise data-at-rest residency in US/EU; GitHub variant excluded from scope.",
          "sourceUrl": "https://docs.cloud.google.com/gemini/docs/discover/certifications"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS via IDE extensions and GCP; CMEK/VPC-SC for Enterprise; no self-hosted.",
          "sourceUrl": "https://cloud.google.com/products/gemini/code-assist",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Cloud Audit Logs cover admin activity and data access.",
          "sourceUrl": "https://docs.cloud.google.com/logging/docs/audit/understanding-audit-logs"
        },
        "soc2": {
          "status": "yes",
          "detail": "Holds SOC 1/2/3 (Q2 2025 reassessment).",
          "sourceUrl": "https://docs.cloud.google.com/gemini/docs/discover/certifications"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Holds ISO 27001/27017/27018/27701.",
          "sourceUrl": "https://docs.cloud.google.com/gemini/docs/codeassist/security-privacy-compliance"
        },
        "iso42001": {
          "status": "yes",
          "detail": "Gemini for Google Cloud (incl. Code Assist) holds ISO 42001:2023.",
          "sourceUrl": "https://docs.cloud.google.com/gemini/docs/discover/certifications"
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; GCP lock-in (offsetting IP indemnification offered).",
          "sourceUrl": "https://cloud.google.com/products/gemini/code-assist",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "databricks-genie-code",
      "name": "Databricks Genie Code",
      "category": "assistants",
      "subcategory": "coding",
      "type": "vendor",
      "vendor": "Databricks",
      "description": "Context-aware Databricks coding assistant for SQL, Python, debugging, and agentic data-work flows.",
      "strengths": [
        "Understands Unity Catalog metadata",
        "Helps generate, explain, and fix SQL/Python",
        "Agent mode across notebooks, Lakeflow, dashboards, and MLflow"
      ],
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.databricks.com/aws/en/genie-code/",
      "websiteUrl": "https://www.databricks.com/product/ai",
      "pricing": "Current Genie Code capabilities are documented without a separate add-on fee, but Databricks workspace and compute consumption still apply.",
      "pricingModel": "paid",
      "languages": [
        "Python",
        "SQL"
      ],
      "status": "active",
      "tags": [
        "assistants",
        "coding",
        "databricks",
        "sql",
        "python"
      ],
      "logoKind": "official-vendor",
      "logoNotes": "Official Databricks wordmark reused across Databricks product entries because the public Databricks brand portal exposes the vendor lockup, while Genie Code does not expose a distinct standalone public mark.",
      "logoReviewedAt": "2026-05-24",
      "logoUrl": "/logos/databricks.png",
      "logoSourceUrl": "https://brand.databricks.com/databricks-logo",
      "practitionerNote": "Useful for data teams already living in Databricks, especially where table metadata and notebook context matter more than general-purpose IDE breadth.",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "AI assistive feature using Databricks Geos; residency per workspace region across clouds.",
          "sourceUrl": "https://docs.databricks.com/aws/en/databricks-ai/databricks-ai-trust"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS within the customer's Databricks workspace (AWS/Azure/GCP).",
          "sourceUrl": "https://docs.databricks.com/aws/en/genie-code/",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Interactions logged to the system.access.audit system table.",
          "sourceUrl": "https://www.databricks.com/blog/introducing-genie-code"
        },
        "soc2": {
          "status": "yes",
          "detail": "Databricks SOC 2 Type II across clouds/regions.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/soc"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Databricks ISO/IEC 27001:2022 certified across clouds.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/iso-27001"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "No Databricks ISO 42001 certification found as of 2026-05."
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; Unity Catalog / workspace lock-in (multi-cloud eases portability).",
          "sourceUrl": "https://www.databricks.com/product/ai",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "cursor",
      "name": "Cursor",
      "category": "assistants",
      "subcategory": "coding",
      "type": "commercial",
      "vendor": "Anysphere",
      "description": "Standalone AI coding IDE with rapid enterprise growth and credit-based pricing controversy.",
      "strengths": [
        "Strong adoption",
        "Standalone IDE UX",
        "High-end coding focus"
      ],
      "license": "Proprietary",
      "docsUrl": "https://cursor.com/",
      "websiteUrl": "https://cursor.com/",
      "pricing": "$20 Pro; $60 Pro+; $200 Ultra.",
      "pricingModel": "paid",
      "status": "active",
      "statusNote": "Switched to credit-based pricing in June 2025, causing backlash.",
      "tags": [
        "assistants",
        "coding",
        "cursor"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Cursor favicon/icon asset from the owner-controlled site (`/marketing-static/favicon.svg`). Checked-in copy is a normalized local SVG variant for site use (namespaced ids / title) rather than a byte-identical mirror.",
      "logoReviewedAt": "2026-05-14",
      "practitionerNote": "Strong for fast-moving product teams that optimize for developer speed, though central governance and cost predictability need more scrutiny than incumbent platform copilots.",
      "cloudBadgeReviewedAt": "2026-05-08",
      "logoUrl": "/logos/cursor.svg",
      "logoSourceUrl": "https://cursor.com/",
      "governance": {
        "dataResidency": {
          "status": "no",
          "detail": "No data-residency options documented; no EU residency option found.",
          "sourceUrl": "https://cursor.com/security"
        },
        "deployment": {
          "status": "yes",
          "detail": "Standalone SaaS IDE; Privacy Mode (zero retention); MDM supported; no self-hosted LLM in standard tiers.",
          "sourceUrl": "https://cursor.com/security",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Enterprise audit logs (admin/security/auth) with SIEM streaming (Splunk/Datadog/S3).",
          "sourceUrl": "https://cursor.com/docs/enterprise/compliance-and-monitoring"
        },
        "soc2": {
          "status": "yes",
          "detail": "SOC 2 Type II available on request via trust.cursor.com.",
          "sourceUrl": "https://cursor.com/security"
        },
        "iso27001": {
          "status": "unknown",
          "detail": "Listed by some secondary sources; no primary Anysphere certificate confirmed."
        },
        "iso42001": {
          "status": "unknown",
          "detail": "No ISO 42001 certification found for Cursor/Anysphere."
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; 2025 credit-pricing change controversy; smaller vendor, no self-hosted escape.",
          "sourceUrl": "https://cursor.com/",
          "level": "high"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "windsurf",
      "name": "Windsurf",
      "category": "assistants",
      "subcategory": "coding",
      "type": "commercial",
      "vendor": "Cognition AI",
      "description": "Standalone coding IDE shaped by major 2025 acquisition turbulence and later Cognition ownership.",
      "strengths": [
        "Standalone IDE",
        "Agentic coding workflows",
        "Enterprise path available"
      ],
      "license": "Proprietary",
      "docsUrl": "https://windsurf.com/",
      "websiteUrl": "https://windsurf.com/",
      "pricing": "$20 Pro; $200 Max.",
      "pricingModel": "paid",
      "status": "active",
      "statusNote": "OpenAI acquisition deal collapsed; Google hired key staff; Cognition acquired remaining product and brand.",
      "tags": [
        "assistants",
        "coding",
        "windsurf"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Windsurf favicon/icon asset from the owner-controlled site (`/favicon.svg`). Checked-in copy preserves the vendor-provided cream background tile and adds a title for accessibility, so it is source-verified but not byte-identical.",
      "logoReviewedAt": "2026-05-14",
      "practitionerNote": "Can be attractive for teams chasing agentic coding workflows, but ownership churn means larger enterprises should validate roadmap stability before standardizing.",
      "cloudBadgeReviewedAt": "2026-05-08",
      "logoUrl": "/logos/windsurf.svg",
      "logoSourceUrl": "https://windsurf.com/",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "EU residency via Frankfurt (Enterprise); US default; FedRAMP High via AWS GovCloud.",
          "sourceUrl": "https://windsurf.com/security"
        },
        "deployment": {
          "status": "yes",
          "detail": "Cloud, Hybrid (customer data + Windsurf compute), and fully self-hosted (Docker/K8s, private LLM).",
          "sourceUrl": "https://windsurf.com/security",
          "models": [
            "saas",
            "hybrid",
            "self-hosted"
          ]
        },
        "auditLogging": {
          "status": "partial",
          "detail": "Audit logging on Enterprise Hybrid and Self-hosted only; not in the cloud SaaS tier.",
          "sourceUrl": "https://windsurf.com/security"
        },
        "soc2": {
          "status": "yes",
          "detail": "SOC 2 Type II; annual pen testing.",
          "sourceUrl": "https://windsurf.com/security"
        },
        "iso27001": {
          "status": "unknown",
          "detail": "Not stated on the Windsurf security page; post-Cognition-acquisition status unverified."
        },
        "iso42001": {
          "status": "unknown",
          "detail": "No ISO 42001 certification found for Windsurf/Cognition."
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; 2025 ownership turbulence (Cognition acquisition) adds roadmap risk.",
          "sourceUrl": "https://windsurf.com/",
          "level": "high"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "microsoft-365-copilot",
      "name": "Microsoft 365 Copilot",
      "category": "assistants",
      "subcategory": "productivity",
      "type": "vendor",
      "vendor": "Microsoft",
      "description": "Productivity assistant tightly integrated with Microsoft 365, Graph, and enterprise workflow data.",
      "strengths": [
        "Deepest M365 integration",
        "Graph data access",
        "Enterprise assistant packaging"
      ],
      "clouds": [
        "azure"
      ],
      "license": "Proprietary",
      "docsUrl": "https://learn.microsoft.com/microsoft-365-copilot/",
      "websiteUrl": "https://adoption.microsoft.com/en-us/microsoft-365-copilot/",
      "pricing": "$30/user/mo full AI tier.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "assistants",
        "productivity",
        "microsoft"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Microsoft Copilot icon asset from the owner-controlled Microsoft 365 adoption site (`icon-copilot.svg`), reused for Microsoft 365 Copilot branding. Checked-in SVG adds title/accessibility metadata, so it is source-verified on 2026-05-14 but not byte-identical.",
      "logoReviewedAt": "2026-05-14",
      "practitionerNote": "Natural fit when the real value is inside Microsoft 365 workflows and Graph-connected knowledge, not just generic chat over documents. Uses the shared Microsoft Copilot visual identity rather than a separate M365-specific product mark.",
      "logoUrl": "/logos/microsoft-365-copilot.svg",
      "logoSourceUrl": "https://adoption.microsoft.com/wp-content/uploads/2023/09/icon-copilot.svg",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "EU Data Boundary compliant; Advanced Data Residency and Multi-Geo offerings.",
          "sourceUrl": "https://learn.microsoft.com/en-us/microsoft-365-copilot/microsoft-365-copilot-privacy"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS within the Microsoft 365 tenant on Azure OpenAI; no self-hosted option.",
          "sourceUrl": "https://learn.microsoft.com/en-us/microsoft-365-copilot/microsoft-365-copilot-privacy",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Microsoft Purview audit logging of Copilot prompts/responses/citations; retention/eDiscovery.",
          "sourceUrl": "https://learn.microsoft.com/en-us/microsoft-365-copilot/microsoft-365-copilot-privacy"
        },
        "soc2": {
          "status": "yes",
          "detail": "Covered by Microsoft 365 SOC scope (Service Trust Portal).",
          "sourceUrl": "https://learn.microsoft.com/en-us/microsoft-copilot-studio/admin-certification"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Microsoft 365 (incl. Copilot) ISO 27001:2022 certified.",
          "sourceUrl": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-27001"
        },
        "iso42001": {
          "status": "yes",
          "detail": "Microsoft 365 Copilot achieved ISO 42001:2023 (March 2025).",
          "sourceUrl": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001"
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; deep M365 Graph / Azure lock-in.",
          "sourceUrl": "https://adoption.microsoft.com/en-us/microsoft-365-copilot/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "gemini-for-workspace",
      "name": "Gemini for Workspace",
      "category": "assistants",
      "subcategory": "productivity",
      "type": "vendor",
      "vendor": "Google",
      "description": "Workspace assistant now bundled across plans with Google productivity and collaboration integration.",
      "strengths": [
        "Workspace-native fit",
        "Bundled packaging",
        "Clear productivity focus"
      ],
      "clouds": [
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://knowledge.workspace.google.com/admin/gemini/google-workspace-with-gemini",
      "websiteUrl": "https://workspace.google.com/solutions/ai/",
      "pricing": "$14/user/mo Standard full AI tier.",
      "pricingModel": "paid",
      "status": "active",
      "statusNote": "Bundled into Workspace plans in January 2025 with higher base pricing.",
      "tags": [
        "assistants",
        "productivity",
        "google"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Gemini product logo asset from the owner-controlled Google Workspace Gemini page (`logo_gemini_2025_color_2x_web_96dp.png`), verified byte-for-byte against the live source on 2026-05-14; Google uses this shared Gemini mark across Workspace Gemini packaging.",
      "logoReviewedAt": "2026-05-14",
      "practitionerNote": "Pragmatic for Google Workspace estates that want AI features embedded in existing docs, mail, and meetings without a separate assistant rollout.",
      "logoUrl": "/logos/gemini-shared.png",
      "logoSourceUrl": "https://www.gstatic.com/images/branding/productlogos/gemini_2025/v1/web-96dp/logo_gemini_2025_color_2x_web_96dp.png",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Workspace data-residency settings and EU data-boundary protections; LLM processing can cross regions for capacity.",
          "sourceUrl": "https://workspaceupdates.googleblog.com/2024/12/hippa-and-more-iso-certifications-for-the-gemini-app-on-web-and-mobile.html"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS bundled into Google Workspace; no self-hosted option.",
          "sourceUrl": "https://workspace.google.com/solutions/ai/",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Workspace Admin Activity audit logs cover Gemini-in-Workspace actions.",
          "sourceUrl": "https://workspaceupdates.googleblog.com/2024/08/gemini-soc-compliance.html"
        },
        "soc2": {
          "status": "yes",
          "detail": "SOC 1/2/3 for Gemini across Workspace apps (Aug 2024).",
          "sourceUrl": "https://workspaceupdates.googleblog.com/2024/08/gemini-soc-compliance.html"
        },
        "iso27001": {
          "status": "yes",
          "detail": "ISO 27001/27017/27018/27701 (Dec 2024).",
          "sourceUrl": "https://workspaceupdates.googleblog.com/2024/12/hippa-and-more-iso-certifications-for-the-gemini-app-on-web-and-mobile.html"
        },
        "iso42001": {
          "status": "yes",
          "detail": "ISO 42001:2023 certified (Dec 2024).",
          "sourceUrl": "https://workspaceupdates.googleblog.com/2024/12/hippa-and-more-iso-certifications-for-the-gemini-app-on-web-and-mobile.html"
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; Google ecosystem lock-in.",
          "sourceUrl": "https://workspace.google.com/solutions/ai/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "databricks-genie-spaces",
      "name": "Databricks Genie Spaces",
      "category": "assistants",
      "type": "vendor",
      "vendor": "Databricks",
      "description": "Natural-language data assistant surface for exploring selected enterprise datasets inside Databricks.",
      "strengths": [
        "Natural-language access to curated datasets",
        "Built on Unity Catalog governance",
        "Business-insight workflow inside the Databricks workspace"
      ],
      "clouds": [
        "aws",
        "azure",
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.databricks.com/aws/en/databricks-ai/",
      "websiteUrl": "https://www.databricks.com/product/ai",
      "pricing": "Packaged as part of Databricks AI assistive features; Databricks workspace and compute usage still apply.",
      "pricingModel": "paid",
      "languages": [
        "SQL"
      ],
      "status": "active",
      "tags": [
        "assistants",
        "productivity",
        "databricks",
        "analytics"
      ],
      "logoKind": "official-vendor",
      "logoNotes": "Official Databricks wordmark reused across Databricks product entries because the public Databricks brand portal exposes the vendor lockup, while Genie Spaces does not expose a distinct standalone public mark.",
      "logoReviewedAt": "2026-05-24",
      "logoUrl": "/logos/databricks.png",
      "logoSourceUrl": "https://brand.databricks.com/databricks-logo",
      "practitionerNote": "Better treated as a governed internal data-assistant surface than a broad office-suite copilot replacement.",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "AI assistive feature using Databricks Geos; residency per workspace region.",
          "sourceUrl": "https://docs.databricks.com/aws/en/databricks-ai/databricks-ai-trust"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS within the Databricks workspace (multi-cloud); no standalone option.",
          "sourceUrl": "https://docs.databricks.com/aws/en/databricks-ai/",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Audit events to the system.access.audit system table; SQL-queryable.",
          "sourceUrl": "https://docs.databricks.com/gcp/en/ai-bi/admin/audit"
        },
        "soc2": {
          "status": "yes",
          "detail": "Databricks SOC 2 Type II across clouds.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/soc"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Databricks ISO/IEC 27001:2022 certified across clouds.",
          "sourceUrl": "https://www.databricks.com/trust/compliance/iso-27001"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "No Databricks ISO 42001 certification found as of 2026-05."
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; Unity Catalog / workspace lock-in (multi-cloud eases portability).",
          "sourceUrl": "https://www.databricks.com/product/ai",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "amazon-q-business",
      "name": "Amazon Q Business",
      "category": "assistants",
      "subcategory": "productivity",
      "type": "vendor",
      "vendor": "AWS",
      "description": "Enterprise business assistant with many data connectors and the lowest entry pricing in this segment.",
      "strengths": [
        "40+ data connectors",
        "Low entry price",
        "Standalone business assistant"
      ],
      "clouds": [
        "aws"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/what-is.html",
      "websiteUrl": "https://aws.amazon.com/q/business/",
      "pricing": "$20/user/mo Pro, $3/user/mo Lite entry.",
      "pricingModel": "paid",
      "status": "active",
      "tags": [
        "assistants",
        "productivity",
        "aws"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official AWS architecture icon for Amazon Q (`Arch_Amazon-Q_64.svg` from the AWS Architecture Icons pack), intentionally reused because AWS presents these surfaces as Amazon Q variants rather than with separate public per-variant icons.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Useful when enterprises want a connector-heavy internal assistant with AWS alignment, especially if a lower entry price matters for broad rollout.",
      "logoUrl": "/logos/amazon-q.svg",
      "logoSourceUrl": "https://aws.amazon.com/architecture/icons/",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Primary-region storage; cross-region inference stays within geography; in-country needs AWS Support.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/cross-region-inference.html"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS on AWS with 40+ connectors; no self-hosted option.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/what-is.html",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "CloudTrail integration for all Q Business (and Q Apps) API calls.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/logging-qapps-using-cloudtrail.html"
        },
        "soc2": {
          "status": "yes",
          "detail": "Amazon Q Business in scope for AWS SOC 1/2/3.",
          "sourceUrl": "https://aws.amazon.com/compliance/services-in-scope/SOC/"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Amazon Q Business ISO/IEC 27001:2022 certified.",
          "sourceUrl": "https://aws.amazon.com/compliance/iso-certified/"
        },
        "iso42001": {
          "status": "yes",
          "detail": "Amazon Q Business listed in AWS ISO 42001 scope.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/compliance-validation.html"
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; AWS ecosystem lock-in.",
          "sourceUrl": "https://aws.amazon.com/q/business/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "copilot-studio",
      "name": "Copilot Studio",
      "category": "assistants",
      "subcategory": "build-your-own",
      "type": "vendor",
      "vendor": "Microsoft",
      "description": "Low-code platform for building and publishing copilots and agents across Microsoft channels.",
      "strengths": [
        "Low-code builder",
        "Teams and Power Platform integration",
        "Multiple publishing channels"
      ],
      "clouds": [
        "azure"
      ],
      "license": "Proprietary",
      "docsUrl": "https://learn.microsoft.com/microsoft-copilot-studio/",
      "websiteUrl": "https://adoption.microsoft.com/en-us/ai-agents/copilot-studio/",
      "pricing": "Free with M365 Copilot; $200/mo standalone.",
      "pricingModel": "paid",
      "status": "active",
      "statusNote": "Formerly Power Virtual Agents (renamed Nov 2023).",
      "tags": [
        "assistants",
        "build-your-own",
        "low-code"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Copilot Studio icon from the Microsoft Power Platform icons pack (`Power-Platform-icons-scalable.zip` -> `CopilotStudio_scalable.svg`). Checked-in SVG adds title/accessibility metadata for inline use, so it is source-verified on 2026-05-14 but not byte-identical.",
      "logoReviewedAt": "2026-05-14",
      "practitionerNote": "Best when business teams need to assemble Microsoft-native copilots quickly, provided architecture and environment sprawl are still governed centrally.",
      "logoUrl": "/logos/copilot-studio.svg",
      "logoSourceUrl": "https://learn.microsoft.com/en-us/power-platform/guidance/icons",
      "governance": {
        "dataResidency": {
          "status": "yes",
          "detail": "Geographic data residency configurable via Power Platform admin center; DLP controls.",
          "sourceUrl": "https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-and-governance"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS via Microsoft Power Platform; CMK available; no self-hosted option.",
          "sourceUrl": "https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-and-governance",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Maker audit logs in Microsoft Purview; agent activity streamable to Sentinel; Customer Lockbox.",
          "sourceUrl": "https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-and-governance"
        },
        "soc2": {
          "status": "yes",
          "detail": "Audited as SOC compliant (Service Trust Portal).",
          "sourceUrl": "https://learn.microsoft.com/en-us/microsoft-copilot-studio/admin-certification"
        },
        "iso27001": {
          "status": "yes",
          "detail": "In Microsoft ISO 27001 scope (Azure / Other Online Services).",
          "sourceUrl": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-27001"
        },
        "iso42001": {
          "status": "yes",
          "detail": "Microsoft Copilot Studio listed in ISO 42001:2023 scope.",
          "sourceUrl": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001"
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; Power Platform / Azure lock-in.",
          "sourceUrl": "https://adoption.microsoft.com/en-us/ai-agents/copilot-studio/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "amazon-q-apps",
      "name": "Amazon Q Apps",
      "category": "assistants",
      "subcategory": "build-your-own",
      "type": "vendor",
      "vendor": "AWS",
      "description": "No-code AI app builder delivered as a feature within Amazon Q Business Pro.",
      "strengths": [
        "No-code creation",
        "Natural-language app building",
        "Connected to Q Business"
      ],
      "clouds": [
        "aws"
      ],
      "license": "Proprietary",
      "docsUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/qapps.html",
      "websiteUrl": "https://aws.amazon.com/q/business/",
      "pricing": "Included in Amazon Q Business Pro.",
      "pricingModel": "paid",
      "status": "active",
      "statusNote": "Feature within Q Business Pro, not a standalone product.",
      "tags": [
        "assistants",
        "build-your-own",
        "no-code"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official AWS architecture icon for Amazon Q (`Arch_Amazon-Q_64.svg` from the AWS Architecture Icons pack), intentionally reused because AWS presents these surfaces as Amazon Q variants rather than with separate public per-variant icons.",
      "logoReviewedAt": "2026-05-15",
      "practitionerNote": "Most relevant for lightweight internal app generation inside an existing Amazon Q Business deployment, not as a standalone enterprise app platform.",
      "logoUrl": "/logos/amazon-q.svg",
      "logoSourceUrl": "https://aws.amazon.com/architecture/icons/",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "Inherits Q Business residency; cross-region inference within geography; in-country needs AWS Support.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/cross-region-inference.html"
        },
        "deployment": {
          "status": "yes",
          "detail": "Feature within Amazon Q Business Pro; SaaS only; no standalone deployment.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/qapps.html",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Q Apps API calls logged via CloudTrail.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/logging-qapps-using-cloudtrail.html"
        },
        "soc2": {
          "status": "yes",
          "detail": "Inherits Amazon Q Business SOC 1/2/3 scope.",
          "sourceUrl": "https://aws.amazon.com/compliance/services-in-scope/SOC/"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Inherits Amazon Q Business ISO 27001:2022.",
          "sourceUrl": "https://aws.amazon.com/compliance/iso-certified/"
        },
        "iso42001": {
          "status": "yes",
          "detail": "Inherits Amazon Q Business ISO 42001 scope.",
          "sourceUrl": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/compliance-validation.html"
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary feature of Q Business Pro; cannot be used outside Q Business.",
          "sourceUrl": "https://aws.amazon.com/q/business/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    },
    {
      "id": "gemini-enterprise",
      "name": "Gemini Enterprise",
      "category": "assistants",
      "subcategory": "build-your-own",
      "type": "vendor",
      "vendor": "Google",
      "description": "Enterprise agentic AI platform and successor packaging for the former Agentspace product line.",
      "strengths": [
        "No-code enterprise agent path",
        "Broad enterprise integrations",
        "Google assistant consolidation"
      ],
      "clouds": [
        "gcp"
      ],
      "license": "Proprietary",
      "docsUrl": "https://knowledge.workspace.google.com/admin/gemini/google-workspace-with-gemini",
      "websiteUrl": "https://workspace.google.com/solutions/ai/",
      "pricing": "$21/user/mo Business; contact for higher tiers.",
      "pricingModel": "paid",
      "status": "active",
      "statusNote": "Agentspace has been absorbed into Gemini Enterprise.",
      "tags": [
        "assistants",
        "build-your-own",
        "google"
      ],
      "logoKind": "service-icon",
      "logoNotes": "Official Gemini product logo asset from the owner-controlled Google Workspace Gemini page (`logo_gemini_2025_color_2x_web_96dp.png`), verified byte-for-byte against the live source on 2026-05-14; Gemini Enterprise currently uses the same shared Gemini visual identity.",
      "logoReviewedAt": "2026-05-14",
      "practitionerNote": "Worth evaluating for Google-first organizations that want assistant and agent capabilities under one commercial umbrella, but packaging maturity should still be checked closely.",
      "logoUrl": "/logos/gemini-shared.png",
      "logoSourceUrl": "https://www.gstatic.com/images/branding/productlogos/gemini_2025/v1/web-96dp/logo_gemini_2025_color_2x_web_96dp.png",
      "governance": {
        "dataResidency": {
          "status": "partial",
          "detail": "US/EU multi-region; residency per Workspace settings; relaxed when Search grounding is enabled.",
          "sourceUrl": "https://docs.cloud.google.com/gemini/enterprise/docs/compliance-security-controls"
        },
        "deployment": {
          "status": "yes",
          "detail": "SaaS via Google Workspace / GCP; CMEK/VPC-SC in US/EU; no self-hosted option.",
          "sourceUrl": "https://workspace.google.com/solutions/ai/",
          "models": [
            "saas"
          ]
        },
        "auditLogging": {
          "status": "yes",
          "detail": "Access Transparency and Cloud Audit Logs cover Gemini Enterprise.",
          "sourceUrl": "https://docs.cloud.google.com/gemini/enterprise/docs/compliance-security-controls"
        },
        "soc2": {
          "status": "yes",
          "detail": "Gemini Enterprise (Standard/Plus) holds SOC 1/2/3.",
          "sourceUrl": "https://docs.cloud.google.com/gemini/enterprise/docs/compliance-security-controls"
        },
        "iso27001": {
          "status": "yes",
          "detail": "Holds ISO 27001/27017/27018/27701.",
          "sourceUrl": "https://docs.cloud.google.com/gemini/enterprise/docs/compliance-security-controls"
        },
        "iso42001": {
          "status": "unknown",
          "detail": "ISO 42001 not listed on the Gemini Enterprise compliance page (the Workspace app SKU holds it)."
        },
        "euAiAct": {
          "status": "unknown",
          "role": "limited-risk",
          "detail": "Assessed limited-risk by product category; no published vendor EU AI Act conformity assessment."
        },
        "licenseRisk": {
          "status": "yes",
          "detail": "Proprietary SaaS; GCP/Workspace lock-in.",
          "sourceUrl": "https://workspace.google.com/solutions/ai/",
          "level": "medium"
        },
        "reviewedAt": "2026-05-26"
      }
    }
  ]
}
