For software developers building AI platforms for regulated industries, compliance doesn’t have to be a hindrance—provided you treat it as a design guideline from day one, rather than an afterthought. That’s the lesson we at Blinqx have learned over the past few years, and it’s also a topic we don’t discuss nearly enough with one another in the industry.
Regulatory burden is the defining issue of this decade. The AI Act is gaining momentum, DORA is in effect, and regulators are further tightening their expectations. For peers who, like us, build AI platforms for regulated industries, this raises a commercial question: how do we maintain momentum without running afoul of our clients’ compliance requirements?
In this article, I’ll share how we make this decision—not as a blueprint, but as a discussion piece.
Why Generic AI Is Going Off the Rails in Our Market
Anyone who builds AI products for the business and financial services sectors knows that generic AI models can’t simply be deployed for clients. Those who ignore this will quickly run into limitations. A large language model can summarize a contract or produce an advisory report in two seconds. Impressive in a demo. But a prospect in the legal or finance sector will then ask questions that force us, as an industry, to define the parameters: what data, what audit trail, what EU data location, and how is liability allocated in the event of an error?
These are not questions that a superficial layer of AI can answer effectively. We see that players in our industry either drop out at this stage (pilots that don’t move forward) or fundamentally redesign their approach. This presents a major commercial opportunity as well as a significant design challenge.
Our choice: compliance-by-design as an architectural principle
We have designed Blinqx so that traceability, source attribution, and human checkpoints are built into the architecture by default, rather than as an additional audit layer added afterward. Specifically: every action taken by an AI agent is traceable, models use only data whose origin we can verify, and a human review point is always built into the decision-making process.
In our experience, this principle goes beyond technology. It is a product strategy: we consciously invest in features that have little value in a generic consumer AI product, but that make the difference between a product being marketable or not in industry-specific AI. We are making that investment, and we believe that peers serving the same market will have to make the same choice, whether they call it “compliance-by-design” or something else.
Three building blocks that we have incorporated into our product DNA
The first is clear ownership in product design. Each agent has a defined scope and a designated person in charge within the client environment. We don’t leave that up to end customers; it’s built into how our workflows operate.
The second is traceability by design. It’s not just “we can provide logs upon request,” but rather: every decision is reproducible by default via an audit view. This speeds up both our customer compliance and our own product design.
The third is controlled scaling as a pattern. Our platform architecture encourages customers to start small and expand only once they have control in place. That’s not a feature—it’s how we plan for adoption. This approach clashes with rapid “land-grab” strategies, but aligns with the level of domain expertise that our industry requires.
The paradox: compliance makes our product easier to sell
In our experience, compliance-by-design actually gives us a competitive edge. Auditors give their approval early in the cycle, C-level executives don’t have to reevaluate every new use case, and we can quickly scale up to new processes without having to reopen a compliance discussion.
As an AI platform provider, this is a choice we need to make explicit: do we want to compete on speed without investing in architecture, or on speed with architecture? The second approach is slower to get started but offers greater structural scalability in regulated markets. That is the path we have chosen.
A Call to the Industry
The message is not “wait for regulations.” The message is that, as providers of AI for regulated sectors, we have a shared responsibility to build compliance into the design, rather than placing the responsibility solely on the user.
Are you a CPO, CTO, or CAIO at a fellow platform grappling with the same questions? We regularly exchange ideas on this topic on Tech TalQX—the podcast about AI in regulated industries.
Frequently Asked Questions
The AI Act establishes obligations regarding risk classification, documentation, logging, and human oversight for high-impact AI systems. For platform builders, this means that these safeguards must be provided at the product level—not something the customer has to figure out on their own. Combine that with existing sector-specific regulations such as DORA or Wft, and it becomes clear that responsibility is shifting, at least in part, toward the supplier.
Because a separate audit layer can never keep up with the pace. In regulated markets, customers want to be able to scale up consistently; that requires a platform where logging, traceability, and control points are simply standard features. A layer added after the fact will still have to be fundamentally rebuilt after just one industry audit. It’s better to get it right the first time.
By strategically placing checkpoints at key decision points—not everywhere. An AI agent can autonomously prepare and summarize; however, for decisions that have legal, financial, or customer implications, a human review is built into the process. This keeps the pace fast where possible and control tight where necessary.
An assistant responds to prompts and is relatively easy to monitor at the output level. An agent independently carries out multi-step processes and can therefore have a greater impact with each action. That is why agents require stricter architectural safeguards: traceable steps, limited scope, and explicit human handoffs. We consider these to be minimum requirements, not just nice-to-haves.
There is not yet a broad industry forum dedicated to this topic, but the conversation is gaining momentum through podcasts, industry events, and bilateral discussions among platform builders. At Blinqx, we are consciously investing in this dialogue—including through Tech TalQX—because a credible industry can drive its own progress more quickly than individual companies can on their own.
