אנו מתקינים בסיס אופקי של ממשל, הוכחה ואמינות תעשייתית, שעליו טקסי העבודה העסקיים שלכם נעשים לשחזירים, הפיכים ונצברים — לא PoC ולא copilot, אלא תשתית החלטות שניתן לבצע בה ביקורת.
4 min
Generation of an Audit Pack (p50) on a 1,000+ run dossier.
p99 < 12 min · SLA < 30 min
None works without the other two. Together they produce algorithmic capital — an asset on the organisation’s balance sheet.
PILLAR 01 · governance
The Core (Cockpit, FinOps, security, reversibility) spans every Vertical Suite. Enter through a critical business ritual. Scale on a shared foundation. The marginal cost of a new Ritual decreases with every deployment. This is what makes AI budgetable and industrialisable.
PILLAR 02 · proof
Every execution generates its own traceability. Run Receipt, Evidence Panel, Audit Pack — three proof objects generated without manual reconstruction. Evidence-native, not evidence bolted on afterwards.
PILLAR 03 · reliability
HITL Draft → Reviewed → Approved: three roles, three signatures, a timestamp at each step. The human expert remains signatory — each decision enriches the AI Knowledge Vault and feeds the platform’s virtuous circle.
PILLAR 01 · governance
The Core (Cockpit, FinOps, security, reversibility) spans every Vertical Suite. Enter through a critical business ritual. Scale on a shared foundation. The marginal cost of a new Ritual decreases with every deployment. This is what makes AI budgetable and industrialisable.
PILLAR 02 · proof
Every execution generates its own traceability. Run Receipt, Evidence Panel, Audit Pack — three proof objects generated without manual reconstruction. Evidence-native, not evidence bolted on afterwards.
PILLAR 03 · reliability
HITL Draft → Reviewed → Approved: three roles, three signatures, a timestamp at each step. The human expert remains signatory — each decision enriches the AI Knowledge Vault and feeds the platform’s virtuous circle.
Two dominant postures: tactical experimentation (POC copilots, isolated agents) and heavy mobilisation (data war rooms, unmanaged proprietary models). Neither delivers what regulators, auditors, and executive committees now demand: an audited, reversible, compounding decision infrastructure.
| Critère | Stagiaires IA | War-rooms data | Nexa Forward |
|---|---|---|---|
| Regulatory audit | Nonexistent | Reconstructed after the fact | Native Audit Pack < 5 min |
| Engine reversibility | Vendor lock-in | Full rebuild on every switch | Model-agnostic by design |
| Compounding | No institutional memory | Volatile tribal knowledge | Tenant-isolated AI Knowledge Vault |
| Cost per Run | Opaque, priced per seat | Heavy, project by project | Measured and capped per Ritual |
| AI Act compliance | Not mappable | Recurring manual effort | Arts. 12/14/15/17/26 mapped |
Nexa Forward s'installe comme une couche de gouvernance horizontale, au-dessus de votre SI existant. Ces quatre couches traversent tous vos Rituels métiers : chaque Vertical Suite hérite, par construction, du Cockpit, de l'Evidence-native, du HITL et du AI Knowledge Vault.
At Nexa, proof is not a compliance layer added after production. It is part of the product. Every execution generates its own traceability — without reconstructive manual work.
“With what, how, and under what conditions was this output produced?”
Technical receipt attached to every run. Full memory: sources, transformations, model versions, prompts, parameters, identities, timestamps. This makes the run reproducible and replayable.
“Why is this output sufficiently substantiated to be used?”
Native consultation surface in the business workflow. Surfaces cited sources, lineage, controls, statuses. Use AI on sensitive deliverables without a black box.
“Why is this output justified, acceptable, and compliant?”
Consolidated exportable dossier for internal review, audit, or regulatory control. Answer an audit in under 5 minutes — not several weeks.
PILLAR 03 · Human In The Loop
The operator produces a draft assisted by the AI Platform.
The reviewer checks the Evidence Panel and resolves weak points.
The approver signs with timestamping. The run enters the Audit Pack.
The more the organisation uses Nexa, the more auditable proof and validated patterns it accumulates. That becomes infrastructure no competitor can reproduce — because it cannot be bought; it is built in use.
Moat 01
The more Nexa is used, the more Run Receipts, Audit Packs, and Replayable Runs accumulate. That proof history becomes a compliance stack no migration can reproduce. Leaving Nexa is not just rebuilding — it is giving up the historical proof dossier.
Moat 02
Every ritual enriches the Vault with tuned prompts, validated patterns, hardened configurations. Strictly tenant-isolated: one customer’s patterns are never visible to another.
The Nexa Forward Core comprises eight services collaborating via REST APIs and events. Each is containerised, observable, deployable as SaaS, Private Cloud, or on-premise.
Node.js · TypeScript · React
Console FinOps, politiques, observabilité. Authentification SAML / OIDC / Okta. RBAC + ABAC granulaire.
Python 3.11 · FastAPI
Cœur d'exécution des Rituels métiers. Orchestration des prompts, garde-fous, lineage. Latence p95 sous 4 secondes.
PostgreSQL 15 · S3 / object store
Stockage immuable des Run Receipts. Mode WORM, AES-256 at rest, BYOK supporté. Rétention configurable.
Python · WeasyPrint · PKCS#7
Génère bundles PDF + JSON signés. 4 minutes p50, 12 minutes p99. Compatible NIST AI RMF, ISO 42001.
Python · Temporal.io
Workflows durables Draft → Reviewed → Approved. Reprise automatique sur incident. Horodatage cryptographique.
PostgreSQL · pgvector · Neo4j
Capital algorithmique du tenant : prompts validés, patterns, configurations. Strictement tenant-isolé.
TypeScript · LiteLLM
Abstraction Model-Agnostic au-dessus de OpenAI, Anthropic, Mistral, Llama, Vertex AI. Fallback automatique.
OpenTelemetry · Prometheus · Loki · Grafana
Métriques, traces, logs structurés. Export SIEM-ready (CEF / LEEF / Syslog) vers Splunk, Sentinel, QRadar.
The Nexa Core is designed for your governance, sovereignty, and compliance constraints. All three models share the same proof objects, APIs, and Cockpit.
Nexa hosting on sovereign European cloud. Fast onboarding, economies of scale, continuous updates. Strict logical isolation.
Reference: 6 Tier 2 enterprises
Dedicated deployment in customer VPC (AWS, Azure, GCP, OVH). Physical isolation. Dedicated KMS, BYOK supported.
Reference: Groupama Gan Vie
Full installation on customer infrastructure. No data egress, no external calls without explicit validation. LLMs hosted locally.
Reference: Bpifrance — internal AI backbone
The Nexa Core embeds security, compliance, and audit as structural properties — not layers added downstream. Detailed reports available under NDA for qualified buyers.
| Framework | Status | Due date | Scope |
|---|---|---|---|
| SOC 2 Type II | En cours | Q4 2026 | Plateforme AI complète |
| ISO 27001 | Planifié | 2027 | SMSI Nexa Forward |
| HDS | Non applicable | — | Aucun client santé |
| Pentest annuel · cabinet français certifié PASSI | Acquis | Annuel | Rapport sous NDA |
| Article | Requirement | Nexa response |
|---|---|---|
| Art. 12 | Traçabilité des journaux d'événements | Run Receipt + Audit Pack — journalisation native |
| Art. 14 | Supervision humaine | HITL Draft → Reviewed → Approved, signataire identifié |
| Art. 15 | Robustesse, exactitude, cybersécurité | Replayable Runs, monitoring de drift, RTO < 4h |
| Art. 17 | Système de gestion de la qualité | AI Knowledge Vault versionné, prompts gouvernés |
| Art. 26 | Obligations des déployeurs | Documentation déploiement, registre des Rituels |
| Domain | Standard | Detail |
|---|---|---|
| Identité & accès | SAML 2.0 · OIDC · MFA forcé | Okta, Azure AD, Keycloak. RBAC + ABAC granulaire. |
| Chiffrement | AES-256 (rest) · TLS 1.3 (transit) | KMS dédié par tenant, rotation 90 jours, BYOK. |
| Logs & SIEM | CEF · LEEF · Syslog | Export temps réel vers Splunk, ArcSight, QRadar. |
| Continuité | RTO < 4h · RPO < 15 min | Réplication multi-AZ. PCA/PRA testé semestriellement. |
| Multi-tenancy | Isolation logique stricte | AI Knowledge Vault tenant-isolé. Aucune fuite. |
| Data Residency | France · UE · On-Premise | Choix client. Aucune sortie hors zone sans accord. |
Cost per Run and observability are not optional modules. They are the condition for industrialisation. No measured cost, no cap. No cap, no scale.
Chaque run remonte son coût marginal en temps réel — appel LLM, calcul, stockage Evidence, export. Pas d'agrégat opaque, pas de facture surprise en fin de mois.
Stack OpenTelemetry standard, exportable vers votre outillage existant. Aucune dépendance propriétaire. Vous restez maître de votre monitoring.
Target p95 latency < 4 seconds per run. Observed availability 99.7% vs contractual SLA 99.5%. Audit Pack generated in 4 minutes p50, 12 minutes p99.
Nexa separates intelligence (the engine) from control (the Core). LLMs can change every six months: your proof policies, workflows, and algorithmic capital remain yours.
Data, lineage, policies, guardrails, HITL workflows, Audit Packs, AI Knowledge Vault. Built to last — whatever the cognitive layer of the moment.
LLMs, prompts, agents, cloud vendors. Model-agnostic: swap an engine without rebuilding the governance chain.
Three real production switches documented via the Model Gateway. Zero incidents, zero loss of algorithmic capital, Audit Pack updated automatically.
| Date | Operation | Duration | Audit Pack regenerated |
|---|---|---|---|
| 12 mars 2026 | GPT-4o → Claude 3.5 Sonnet · Rituel risque crédit | 4 min | Oui — automatique |
| 28 janvier 2026 | Mistral Large → Llama 3.1 70B · Rituel pricing | 6 min | Oui — automatique |
| 15 novembre 2025 | Ajout fallback Mistral Small en mode dégradé | 12 min | Sans objet |
Two adoption paths: Nexa as organisation-wide AI industrialisation backbone, or a targeted Ritual on a differentiating use case. Both converge on the same platform.
Proof through usage. One public institution, one regulated insurer. Six major enterprises in production on targeted rituals.
Tier 1 — When Nexa becomes the AI infrastructure for the whole organisation
Nexa Forward is Bpifrance’s internal standardisation backbone for AI. Deployed on-premise on sovereign infrastructure. 8+ business rituals in production: risk, marketing, compliance, documents.
Deployed on Private Cloud for actuarial comment generation. ACPR audit response in under 5 minutes — instead of 2 weeks.
Tier 2 — Six major enterprises in production on targeted business rituals
Industrialisation des claims marketing avec contrôle réglementaire intégré.
Pattern matching et capitalisation de formulations sur AI Knowledge Vault.
Assistance à la décision de pricing avec Audit Pack pour les achats.
Recherche structurée dans la documentation technique avec lineage complet.
Enrichissement de catalogue 600 000 références — Cost per Run mesuré.
Vérification de conformité réglementaire produit avec Audit Pack natif.
No standard demo. No generic pitch. A scoping session focused on your critical decisions, your regulator’s constraints, and a realistic path to a first Audit Pack in production.
No standard demo. A scoping session focused on your critical decisions and the path to a first Audit Pack in production.
