EnforceCore is provided "AS IS", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement.
In no event shall the authors, copyright holders, or contributors be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the software or the use or other dealings in the software.
EnforceCore is a technical tool that provides runtime enforcement capabilities for agentic AI systems. It is not a compliance certification, legal guarantee, or regulatory approval.
Specifically:
- Using EnforceCore does not guarantee compliance with the EU AI Act, GDPR, CCPA, HIPAA, SOC 2, ISO 27001, or any other regulatory framework.
- EnforceCore does not provide legal advice. Always consult qualified legal counsel for compliance requirements specific to your jurisdiction and use case.
- Policy correctness is the user's responsibility. EnforceCore enforces the policies you define — if your policies are incomplete or incorrect, enforcement will reflect that.
- No guarantee of security. While EnforceCore is designed to fail closed and enforce policies at the runtime boundary, no software can guarantee absolute security. Defense in depth is always recommended.
To the maximum extent permitted by applicable law, in no event shall AKIOUD AI, SAS, its contributors, or affiliates be liable for:
- Any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or goodwill.
- Any damages arising from the use or inability to use EnforceCore, even if advised of the possibility of such damages.
- Any damages resulting from unauthorized access to or alteration of your data or transmissions.
- Any damages resulting from the actions of AI agents that use or fail to use EnforceCore's enforcement mechanisms.
EnforceCore is intended to be used as one layer in a defense-in-depth security strategy for agentic AI systems. It should be used alongside — not instead of — other security measures including but not limited to:
- Network-level security controls
- Authentication and authorization systems
- Input validation and sanitization
- Monitoring and alerting systems
- Human oversight and review processes
- Regular security audits
The PII redaction capabilities in EnforceCore are provided on a best-effort basis. No PII detection system achieves 100% accuracy. Specifically:
- False negatives (missed PII) may occur. Do not rely solely on EnforceCore for PII protection in regulated environments.
- False positives (non-PII flagged as PII) may occur, potentially affecting the functionality of enforced tool calls.
- PII detection accuracy varies by language, format, and context.
The Merkle-tree audit trail provides cryptographic integrity verification for audit entries generated by EnforceCore. However:
- Audit trails only record events that pass through EnforceCore's enforcement points. Activity outside of enforced calls is not captured.
- The integrity of audit trails depends on the security of the underlying
storage system. Use
Auditor(immutable=True)for OS-enforced append-only protection andAuditor(witness=...)for external hash witnessing to strengthen tamper evidence. - Audit trails are not a substitute for comprehensive system logging and monitoring.
EnforceCore is licensed under the Apache License 2.0. This license includes its own limitation of liability and disclaimer of warranties in Sections 7 and 8, which are incorporated here by reference.
If you discover a security vulnerability in EnforceCore, please report it responsibly by emailing security@akios.ai. Do not open a public GitHub issue for security vulnerabilities.
Last updated: February 2026