FCA Mills Review · EU AI Act August 2026 · Compliance deadline approaching

Prove every AI decision is compliant. Before the regulator asks.

Aegis Trace gives wealth managers and regulated fintechs a tamper-proof audit trail for every AI-driven recommendation, credit decision, and portfolio action. When the FCA requests evidence, you have it.

Request Early Access →See How It Works

FCA Consumer Duty · EU AI Act Art.12 · GDPR Art.25 · UK Data Residency · Hosted on Google Cloud

Aegis Trace

Decision LogExportsSettings

Total Records

12,847

Pass Rate

97.3%

Flagged

Failed

Certificate IDAgentVerdictSealed

AT-2026-04-07-a3f8c1dsuitability-engine-v3PASS07 Apr 2026

AT-2026-04-07-b7e2d4ccredit-scoring-v2PASS07 Apr 2026

AT-2026-04-07-c9d2e8fportfolio-rebalance-v1FLAG07 Apr 2026

AT-2026-04-06-d4c1b8eunderwriting-model-v4FAIL06 Apr 2026

AT-2026-04-06-e2f9a3bsuitability-engine-v3PASS06 Apr 2026

Why Now

AI is making regulated decisions across your firm. The question is whether you can evidence them.

Regulatory expectations are crystallising

The FCA Mills Review, launched January 2026, is examining how firms govern AI decisions. The Treasury Committee has recommended comprehensive AI guidance by end of 2026. The direction is clear, even if the final rules are not.

EU AI Act enforcement begins August 2026

High-risk AI systems in financial services must maintain automatic logging of decisions. Credit scoring, risk assessment, and algorithmic trading are explicitly listed. Most firms have not yet built this capability.

AI decisions are difficult to reconstruct

Reconstructing why an AI model made a specific recommendation six months ago is a hard problem. Application logs were not designed for regulatory evidence. The gap between what firms deploy and what they can evidence is growing.

Manual documentation does not keep pace

Spreadsheets and email trails cannot match the volume and velocity of AI-driven decisions. Compliance teams need infrastructure, not process. The challenge is structural, not a question of effort.

What Aegis Trace Does

From AI decision to regulatory evidence, automatically.

Automatic Decision Records

Every time your AI system makes a recommendation, scores a risk, or approves a transaction, Aegis Trace captures a complete, structured record, including inputs, outputs, model version, and reasoning context, automatically via a single API call.

Your compliance team has complete evidence for every AI decision, without manual documentation.

Tamper-Proof Provenance

Each decision record is cryptographically signed and stored in a tamper-proof ledger with a defined retention policy. Records cannot be altered, deleted, or backdated. Every record includes a verifiable chain of provenance from input to output.

When a regulator asks "prove this record has not been modified", you can. Mathematically.

Regulator-Ready Exports

Export audit trails in formats mapped directly to FCA Consumer Duty, EU AI Act Article 12, and MiFID II requirements. One click generates the evidence package a regulator or auditor expects to see.

Cut audit preparation from weeks to hours.

How It Works

Four steps. One API call. Complete audit coverage.

Capture

Your AI system sends a decision payload to a single API endpoint. Python, Node.js, and Java SDKs available. Integration takes less than a day.

Protect

Personal data is automatically stripped before it leaves your network. Our redaction engine runs inside your infrastructure, covering names, financial identifiers, and national IDs across 13 EU countries and 9 languages. No personal data ever reaches our servers.

Seal

The decision record is cryptographically signed and sealed with a unique certificate. The timestamp, signature, and provenance chain are immutable. Records cannot be altered after sealing.

Retrieve

When a regulator, auditor, or internal review requests evidence, retrieve any decision record via API or the compliance dashboard. Export in FCA, EU AI Act, or custom formats.

AEGIS TRACE AUDIT RECORDVERIFIED

audit_record_id AT-2026-07-14-c3a9f1e

agent_id underwriting-model-v3

verdict PASS

confidence 0.9412

hmac_signature b7e2d4c8...f19a03e1

regulatory_refs FCA PS22/3, MiFID II

sealed_at 2026-07-14T09:31:44Z

Example: a sealed audit record for an AI-driven portfolio recommendation. Certificate ID, verdict, regulatory mapping, and cryptographic seal, all retrievable on demand.

The Scale of the Problem

The numbers that matter.

75%

of UK financial services firms are already using AI

Bank of England & FCA Joint Survey, 2024

59%

of institutions report measurable productivity gains from AI, up from 32% a year earlier

Lloyds Financial Institutions Sentiment Survey, 2025

1 in 3

UK customers use AI weekly to manage their money

Lloyds, 2025

August 2026

EU AI Act high-risk enforcement begins. Most firms are not ready.

European Commission

Who It's For

Built for regulated industries where AI decisions carry consequences.

Financial Services (Wealth Management & Investment)

Your AI suitability engine recommended selling a client's position. Six months later, the FCA asks why. Aegis Trace provides the signed, tamper-proof record of every factor the model considered, retrievable in seconds.

FCA Consumer Duty, MiFID II, FCA PS22/3

Financial Services (Credit & Lending)

Your credit scoring model declined an application. The applicant requests an explanation under GDPR Article 22. Aegis Trace provides the complete decision record, including inputs, risk factors, and outcome, structured for regulatory submission.

EU AI Act, GDPR Art.22, FCA CONC

Insurance & Underwriting

Your automated underwriting model assessed a commercial policy and declined it. Aegis Trace captures the full decision provenance, including risk score, contributing factors, and model version, so you can demonstrate fair treatment and satisfy FCA ICOBS requirements.

FCA ICOBS, Solvency II, GDPR Art.22

Healthcare & Life Sciences

A clinical decision support system flagged a drug interaction. Aegis Trace records the complete recommendation chain, including model version, input data hash, output, and confidence, for MHRA compliance and patient safety audit.

MHRA AI Guidance, EU MDR, NHS AI Framework

HR & Workforce AI

AI screening tools, performance scoring, and compensation models are classified as high-risk under EU AI Act Annex III. Aegis Trace provides the automatic logging these systems require.

EU AI Act Annex III, UK Equality Act

Any Regulated Industry

Custom redaction profiles. Custom regulatory mappings. If your industry uses AI to make decisions that carry legal, financial, or safety consequences, Aegis Trace provides the evidence infrastructure.

Custom regulatory mapping

Deployment

Deploy where your compliance architecture requires.

Get started in days

Cloud API

Managed service hosted on Google Cloud Platform in EU data centres (europe-west2, London). Sub-2s API response time. No infrastructure to manage. Your compliance team is operational within a week.

Best for: Firms wanting fast time-to-value with managed infrastructure.

Your cloud, your control

Private Cloud

Containerised deployment in your own cloud tenant, whether AWS, GCP, or Azure. Complete data sovereignty. Managed updates. Your security team retains full network control.

Best for: Firms with existing cloud infrastructure and data residency requirements.

Nothing leaves your network

On-Premises

Full deployment within your own data centres. Air-gapped and restricted network environments supported. For the most regulated environments where data must never leave the premises.

Best for: Firms with the strictest data sovereignty and regulatory requirements.

Regulatory Alignment

Mapped to the regulations governing your AI decisions.

The FCA Mills Review and AI Spotlight Programme

The FCA has launched a long-term review into AI in retail financial services, led by Sheldon Mills, with recommendations to the FCA Board in Summer 2026. The Treasury Committee has recommended the FCA publish comprehensive AI guidance by end of 2026. MSDK Labs has been selected for the FCA AI Spotlight programme, which showcases real-world case studies of AI innovation in financial services. Aegis Trace is designed to meet the evidence requirements this regulatory direction implies.

FCA PS22/3

Suitability evidence for consumer investment advice

Consumer Duty

Outcome monitoring for client-appropriate recommendations

EU AI Act Art.12

Automatic logging of high-risk AI system decisions

MiFID II

Audit trail for investment decisions and order execution

GDPR Art.25 / Art.30

PII never leaves your network. Full processing records by design.

FCA SYSC 9

Record retention to reconstruct regulated activities

Trust & Security

Enterprise-grade security. Transparent compliance posture.

Hosted on Google Cloud Platform

Production infrastructure runs on GCP in EU data centres. Kubernetes orchestration. Managed database services. Enterprise-grade SLA.

EU Data Residency

All data processed and stored within EU regions (europe-west2, London). Full GDPR compliance by architecture.

GDPR Art.25, By Architecture

PII redaction runs exclusively inside your network. Aegis Trace never receives raw personal data. Data protection by design and by default.

EU AI Act Conformity

Designed to meet EU AI Act requirements for high-risk AI system providers and deployers. Automatic logging, transparency, and human oversight support.

Built on Secure, Industry-Certified Infrastructure

Hosted on ISO 27001 and SOC 2 certified Google Cloud infrastructure. Enterprise security controls, audit logging, and encryption at rest and in transit.

HIPAA Ready

Architecture supports HIPAA compliance requirements for healthcare deployments. BAA available on request.

Get Started

Tell us your regulatory context.

We are onboarding a select number of FCA-regulated wealth managers and fintechs. Integration takes less than a day. No commitment required.

NDA available on request. Technical documentation provided to qualified organisations.