Deployment
Public, private or hybrid
A modern data & AI architecture for the regulated enterprise — engineered end-to-end, from open lakehouse and ingest, through data products and AI, to decisioning, governance and audit.
The reference architecture spans every plane the regulated enterprise has to engineer — from the open lakehouse to the audit ledger. Click any plane or component to drill in.
The blueprint is opinionated where it has to be, and modular where it shouldn't be. Six principles run through every plane.
Iceberg, Delta, Parquet, Arrow. No proprietary lock-in at the storage or interchange layer — your data stays portable across engines and clouds.
Compute moves to where data lives. Snowflake, Databricks, BigQuery, Iceberg-on-S3 — models and decisions execute in-engine, not in a side car.
Every ingest, every data product, every model output is a versioned contract — schema, semantics, SLOs and ownership all explicit.
Shared-nothing isolation across data plane, control plane and audit log. Cryptographic separation per organisation, region or business line.
Every decision and every data movement is signed, content-addressed and replayable. Evidence is a property of the architecture, not paperwork.
Adopt one plane at a time. Each layer is independently deployable, with stable contracts to its neighbours — so you can modernise progressively.
Each plane is independently deployable, but designed to compose. You can adopt the architecture progressively — one plane at a time, one decision at a time.
An open lakehouse on Iceberg or Delta, deployed in your hyperscaler of choice. Storage, compute and catalog are decoupled, so you can run multiple engines on the same tables — Snowflake, Databricks, Trino, DuckDB — without copying data or fragmenting governance.
Boundary contracts on every source — Kafka topics, batch loads, CDC from operational stores. Schemas are versioned, quality SLAs are testable, and breaking changes are caught before they reach a data product.
Domains own their data products. Each product has a contract — schema, semantics, SLOs and an owning team — and is published into a catalog the rest of the enterprise discovers and consumes from. The mesh isn't the destination; it's how the architecture stays coherent at scale.
Approval policies, classification rules and residency constraints expressed as code, executed at every boundary. Lineage is captured automatically, end-to-end, from source through data product to model output and decision.
A feature store on the same lakehouse as your data products. A model registry with stage gates and approvals. Training pipelines that are reproducible from contract to artifact. Evaluation harnesses for both ML and LLM use cases.
The runtime that turns models into decisions and agents into actions. Sub-150 ms p99 routing over your features and models, HITL queues for everything that needs a human, MCP-native tool calling for agentic workflows — all under one evidence chain.
Population, feature and outcome drift on every tenant, in real time. Every decision content-addressed and signed. Replay any decision, any model, any data product as it was on any given day. Six years of retention, regulator-API ready out of the box.
| Capability | What it does | SLO / spec |
|---|---|---|
| Open lakehouse | Iceberg or Delta on object storage in your cloud, with shared-nothing tenancy and in-region residency. | Iceberg · Delta |
| Multi-engine execution | Models and decisions execute in-engine on Snowflake, Databricks, Trino or BigQuery — zero-copy. | native · zero-copy |
| Data products | Domain-aligned products with versioned contracts, SLOs, ownership and catalog publication. | contracted · catalogued |
| Lineage | End-to-end lineage from source through data product to model output and decision, OpenLineage compatible. | 100% coverage |
| Policy-as-code | Approval, classification and residency policies expressed as code, executed at every boundary. | OPA-compatible |
| Feature store | Point-in-time correct features served from the same lakehouse, in-engine. | in-engine · PIT |
| Decision routing | Tenant-aware routing of decisions to the correct model version, with contract validation and signed output. | p99 142 ms · 99.97% / mo |
| Drift monitoring | Population, feature and outcome drift detected per tenant in real time. Escalates via HITL queue. | ≤ 60 s detection |
| Audit ledger | Every decision and every data movement content-addressed, signed and replayable. Regulator-API ready. | 6 yr retention |
| Compliance mappings | SR 11-7, PRA SS1/23, FCA Consumer Duty, EU AI Act, DORA — exported as evidence. | five frameworks |
| Deployment | Runs natively in your cloud — hyperscaler-managed, private VPC or hybrid — under your IAM. Helm or Terraform; 28-day provisioning average. | 28 d avg |
Ninety minutes with our founding engineers. We bring the reference architecture, you bring one decision your business depends on. We map one to the other, in the room.