From Public Demo to Air-Gapped Deployment: Building Slovenia's AI CCO

An AI assistant drafts. A governed AI CCO prepares cited workpapers for human sign-off.

The market has quietly conflated two very different products. An AI assistant for compliance summarizes a memo, drafts a clause, and saves a senior associate three hours. A governed AI CCO performs the compliance preparation function: it monitors transactions against current accounting treatment, flags exposure under a specific tax authority's latest decision, prepares a draft response with an evidentiary chain, and preserves that evidence trail for human sign-off and supervisory review. Only the second category requires the architecture — citation tracking, audit trail, version control, immutable decision logs — that makes an agentic system legally usable inside a regulated entity.

Grant Thornton's CompliAI, built on Microsoft Azure OpenAI Service, is positioned as letting professionals do in minutes what used to take days or weeks ^[4]. That is the assistant pattern. The claim is throughput, not accountability. A governed AI CCO is judged on a different axis: every figure it produces, every clause it interprets, every reconciliation it prepares must trace back to a specific paragraph of a specific standard at a specific revision date — and replay under supervisory review. An agentic compliance system that cannot evidence its reasoning to that bar is not a CCO. It is an intern with a fast keyboard.

The line between the two products is the line between productivity software and regulated infrastructure. Wavenetic builds the second.

How we build it: a citation-bound architecture, jurisdiction-bound to Slovenia

Globally, vertical AI platforms such as Harvey have shown that professional-services AI works best when it is domain-specific, workflow-aware, and grounded in sources the user can verify ^[8]. Wavenetic applies the same category lesson to a different problem: Slovenian accounting, tax, and compliance. The goal is not a generic legal assistant or a foreign legal-AI tenancy with a Slovenian language layer. The goal is a finance-first AI CCO that understands Slovenian source material, produces cited outputs, and can be deployed in the customer's chosen perimeter.

The reference architecture for domain-bound reasoning is well established: foundation models accessed through a controlled inference layer, retrieval-augmented generation against a curated, version-controlled corpus, citation enforcement at generation time, agent workflows that decompose multi-step tasks, and tenant-isolated data handling so client matter never leaks into training. That pattern works because professional output is only useful when every claim is anchored to a specific authority the user can verify.

Wavenetic's stack pushes that pattern further on the axes Slovenian compliance actually requires. We can run open-weight models on local GPUs inside WaveNode hardware, with RAG bound to the full Slovenian legislative corpus through PISRS, continuously monitored and version-synced from official sources ^[7]. Every act, amendment, and consolidated text the register publishes propagates into the agent's retrieval layer, with the PISRS reference, version, and revision date captured at inference. On top of that retrieval layer we run agent workflows specific to Slovenian accounting, tax, and legal practice: SRS treatment selection, VAT reconciliation against current FURS decisions, contract clause review against the consolidated PISRS text, draft responses to tax authority inquiries with citations attached.

Slovenia is the proving ground precisely because the corpus is bounded

Slovenia has a small, codified legal corpus, the official PISRS register of legislation and amendments (Pravno-informacijski sistem Republike Slovenije) ^[7], a single set of Slovenian Accounting Standards (SRS), and a national tax authority (FURS) that publishes interpretive decisions through identifiable channels. For an integrated accounting-legal-financial agent, this is the ideal substrate: bounded, structured, citable, and updated through known mechanisms.

For an AI CCO, continuous PISRS binding is the difference between citing the law as it stands today versus as it stood when a model was last trained. For accounting, it means SRS treatments, corporate tax provisions, and VAT rules used in any reconciliation or draft are always anchored to the current statutory text — not a stale snapshot — and the citation back to PISRS is part of the audit log.

The state-level tooling reinforces this. The OECD documents that Slovenia has implemented impact assessment guidance, stakeholder consultation processes, and an SME Test designed to measure regulatory compliance cost on small businesses ^[1]. What that machinery produces — structured, machine-readable regulatory artifacts — is exactly the input layer an AI CCO consumes.

Slovenia already has legal-AI assistants. What has been missing is a finance-first AI CCO: a system built around accounting treatment, tax compliance, corporate finance, source citations, audit logs, and deployability inside regulated enterprise environments. Slovenia is not a constraint on the addressable market; it is the jurisdiction where the full stack is small enough to be solved end-to-end first.

Continuous PISRS and FURS propagation kills the quarterly advisory cycle

The Big 4 advisory model is calibrated to a quarterly bulletin: an amendment publishes, partners interpret it, a client memo follows weeks later, finance teams retrofit their treatment. That cadence is an artifact of human bandwidth, not of how regulation actually changes. When PISRS publishes an amendment to a corporate income tax provision or FURS issues a binding decision on VAT treatment, the underlying compliance posture of every affected entity changes that day — not next quarter.

An AI CCO with a continuous ingestion pipeline against PISRS ^[7] and FURS updates accounting treatment, scans open contracts for affected language, and re-scores risk posture within minutes of publication. It does not write a memo. It rewrites the working set. The CFO's gain is not 'faster advice.' It is that the company's books and contracts no longer drift between regulator action and advisor response.

The valuable property is not speed; it is continuous synchronization between the regulatory state and the entity's internal state, with every delta logged and citable. For any company that operates faster than its auditor, the quarterly bulletin model is already obsolete.

Slovenia's oversight gap is exactly where an auditable AI CCO earns its license

The same OECD review that praised Slovenia's better-regulation toolkit was explicit about the gap: evaluation and stakeholder engagement do not always follow prescribed guidelines, and the country would benefit from an institution with the authority and capacity to review impact assessments, alongside renewed political commitment to better regulation ^[2]. The tools exist. The oversight does not.

Waiting for an institutional fix is not a strategy a regulated entity can pursue. The deficit the OECD describes at the state level reproduces inside individual companies as inconsistent compliance evidence, gaps in version control on legal interpretations, and decisions that cannot be reconstructed two years later under audit. A citation-bound, audit-logged AI CCO fills that oversight gap at the entity level — not by replacing a regulator, but by ensuring every internal compliance decision is defensible without one.

The same conditions that make oversight institutionally weak make evidence-linked AI compliance commercially urgent.

Deployment options: from public demo to air-gapped enterprise

WaveFlow's public AI CCO is available online today for low-friction testing. Enterprise deployments are different. The same product stack can run in a customer-controlled cloud, private cloud, on-premise environment, Microsoft Foundry deployment, or sealed WaveNode appliance. For the most sensitive workloads, Wavenetic supports air-gapped operation with no outbound telemetry, offline updates, local inference, source-level citations, and full audit logs.

Generic cloud copilots are useful for drafting and research, but regulated compliance work needs a different control plane: jurisdiction-specific sources, source-level citations, model-version records, human-approval gates, and deployment options that match the customer's data perimeter. For some teams that means cloud. For banks, insurers, critical infrastructure, and public-sector buyers, it may mean private cloud, on-premise, or a sealed air-gapped appliance.

When a reviewer asks which model version produced a given treatment decision, against which revision of SRS, citing which PISRS article, with which human sign-off — the answer must be reconstructible from logs the entity controls. That is what the deployment optionality is for.

EU AI Act and auditability: high-risk-grade controls by design

Under the EU AI Act, the classification of an AI system depends on intended purpose and deployment context. A public demo that answers general questions is not the same risk profile as an enterprise system embedded in financial controls, credit decisions, audit workflows, or critical infrastructure compliance. A compliance AI used in accounting, tax, audit preparation, or financial controls may not be automatically 'high-risk' in every deployment. But regulated buyers should still expect high-risk-grade controls: technical documentation, logging, human oversight, transparency, accuracy controls, cybersecurity, and post-deployment monitoring.

If the system is used in Annex III contexts — for example creditworthiness, essential services, critical infrastructure, or decisions affecting natural persons — the classification analysis becomes much more serious. That is why Wavenetic designs the AI CCO with high-risk-grade controls even where a specific deployment is not automatically classified as high-risk: source traceability, technical documentation, model-version records, human-oversight gates, access controls, audit logs, and deployment options that keep sensitive data inside the customer's perimeter.

The architecture is built so that, when the customer's intended use does trigger high-risk obligations, the evidence required by supervisory authorities — documentation, logs, conformity assessment artifacts, quality management records — is already in place.

The liability architecture: what the AI prepares, what the human signs

A serious AI CCO is defined as much by what it does not do as by what it does. The agent monitors transactions, reconciles ledgers against source documents, drafts responses to FURS inquiries, evidences every position with citations to specific PISRS articles and SRS paragraphs at known revisions, and surfaces exceptions for review. Licensed professionals — auditors, tax advisors, legal counsel — retain sign-off on anything that constitutes a binding interpretation or external filing. This boundary is the liability architecture, not a limitation of current models.

What the entity gets from this split is a defensible chain of evidence behind every recommendation: the prompt, the retrieved sources, the model version, the citation set, the human reviewer, the timestamp, the final signed artifact. EY Slovenia anchors high-quality audit on independence, professional skepticism, and due professional care ^[5]. An AI CCO does not replace those duties. It produces the evidentiary substrate that makes them executable at machine speed and reviewable at human cadence.

Inside Wavenetic's accounting application, every recommendation the agent participates in — every classification, reconciliation, draft clause, treatment proposal — is bound to its sources and logged immutably. The CFO does not choose between automation and accountability. The architecture makes both true at once.

Slovenia's last banking crisis is the argument against opaque compliance

Slovenia's own banking history is the clearest argument against opaque compliance systems. Research on the Slovenian banking crisis documented how discretionary credit rating decisions drift from underlying credit reality when reporting incentives are misaligned, with material consequences for financial stability ^[6]. The lesson is not that humans cannot be trusted. It is that any compliance system — human, software, or hybrid — that does not hyperlink every figure and every legal interpretation to its source, with timestamps, is structurally vulnerable to the same drift.

An AI CCO built without citation tracking and audit logs reproduces that vulnerability at machine scale. An AI CCO built with them inverts it: every classification carries its evidence, every interpretation carries its statutory anchor, every revision carries its date. A reviewer two years later — internal audit, external auditor, or regulator — can reconstruct not just the recommendation but the regulatory state it was made against.

This is why citation-bound architecture is not a feature checklist. It is the only design that learns the right lesson from the last Slovenian financial crisis and does not silently set up the next one.

The public demo is live now. Regulated entities can deploy the same architecture in private cloud, on-premise, or air-gapped form.