Regulatory compliance
Local-only inference materially reduces the security-review surface for AI-assisted execution in regulated environments.
What zero-egress eliminates
Section titled “What zero-egress eliminates”Because Flow’s inference is local:
- No cloud data processing agreements (DPAs). Inference data never crosses the workstation boundary, so there is no third-party processor to contract with.
- No external data-flow audits. There is no external data flow to audit on the inference path.
- No third-party inference endpoint certification. No external endpoint is involved.
The result is a significantly reduced security-review scope for AI-assisted execution, along with compatibility with on-prem and air-gapped deployments.
What it does not eliminate
Section titled “What it does not eliminate”Standard organizational IT sign-off for desktop software installation is still required, especially in regulated environments. Workstation-level controls continue to apply. These include endpoint protection, OS hardening, and credential-manager configuration.
What stays auditable
Section titled “What stays auditable”Even with zero egress, the following remain in scope for compliance review:
- Credential custody. The host process is the sole custodian, and it uses OS-native credential stores. See Credentials and PII.
- Privilege segmentation. See Isolation boundaries.
- Execution history. Flow runs and node outcomes are stored locally. Cloud-AI nodes persist metadata-only output by default.
- PII handling. The sanitizer redacts patterns before any text reaches a model.
Enterprise roadmap implications
Section titled “Enterprise roadmap implications”When Flow scales to enterprise deployment, the zero-egress boundary is preserved by deliberate design choice:
- The Governance Service processes flow-graph metadata only. It never sees inference data or spool content.
- Audit forwarding to a SIEM transmits execution metadata only, such as model versions, pass/fail, and who-ran-what. It never transmits inference inputs or outputs.