WaveOps for Regulated CTOs: Document AI That Audits

CTOs at regulated enterprises pick WaveOps because it delivers the NotebookLM document-workspace shape their teams already want, but ships with the deployment posture (air-gapped, OIDC/SAML, on-prem GPU) and per-document audit evidence (page-level citations, model/prompt manifests, exception queues) their regulators actually demand.

The conventional pitch sells regulated CTOs an 'AI readiness framework' or a six-pillar evaluation scorecard, but the real decision is narrower and more operational: which document classes move to AI in which wave, what evidence each wave produces for the regulator, and whether the workspace can be lifted from cloud to air-gap without rewriting the workflow — none of which a maturity model answers.

If you are the CTO of a regulated EU bank, insurer, hospital, TSO, or defence subcontractor, your teams have already shown you NotebookLM or ChatGPT Enterprise and asked why they cannot use it on internal documents. The honest answer is that the workspace shape is right, but the deployment posture fails DPIA, the evidence trail fails internal audit, and the sub-processor chain fails DORA. WaveOps was built to keep the workspace shape and fix the three things underneath it.

This page is not an AI readiness framework or a six-pillar maturity scorecard — those abstract the decision away from the work [8]. It is a sequencing model: which document classes move into WaveOps in wave 1, what evidence pack each wave emits, and whether you should start on WaveOps cloud or go straight to a WaveNode air-gapped deployment inside your perimeter.

The problem

Your users want NotebookLM and ChatGPT Enterprise, but neither passes DPIA, data-residency, or air-gap requirements for KYC files, claims dossiers, clinical notes, or credit memos.

WaveOps keeps the notebook-per-project shape and citation-first UX, but runs against open-weight models inside your perimeter — Hetzner EU region, on-prem GPU, or a sealed WaveNode appliance with no egress.

Pilots return answers without page-level citations, model version stamps, or confidence scores, so compliance refuses to sign off on production rollout — a known failure pattern where teams optimize accuracy and skip audit trails [3].

Every WaveOps answer ships with span-level source citations, the exact model and prompt manifest used, retrieval scores, and a per-question log entry that an auditor can replay months later.

There is no defensible sequencing for which document classes go first, so programs stall as big-bang initiatives — and 42% of enterprises now abandon most AI projects before production [7].

WaveOps is deployed wave-by-wave per document class (wave 1: internal policy + supplier contracts; wave 2: KYC + claims; wave 3: clinical/credit) with the Article 6 evidence pack defined before the wave starts, not after.

Human-in-the-loop is undefined: no reviewer SLAs, no sampling strategy, no exception queue, no path from reviewer correction back into prompts and retrieval — exactly the missing feedback loop regulators flag [3].

WaveOps ships an exception queue, configurable sampling (e.g. 100% of high-risk classes, 10% stratified on medium-risk), reviewer SLAs per queue, and a structured feedback path that updates retrieval and prompt templates with full version history.

Hosted document-AI APIs trap extracted fields, annotations, and workflow definitions in proprietary formats, leaving no exit when procurement asks for portability.

WaveOps stores notebooks, extracted fields, prompts, and workflow definitions in open formats (JSON + Markdown + Parquet) exportable on demand; the same workflow runs on WaveOps cloud and on a WaveNode appliance without rewrite.

Why WaveOps fits

Runs fully air-gapped on a WaveNode appliance with no outbound network — the same workflow your team built on WaveOps cloud lifts into your perimeter unchanged.
Federates with Entra ID and Keycloak via SAML and OIDC; no parallel user directory, group claims flow into notebook-level ACLs.
Every answer carries page-level citations, model version, prompt manifest, retrieval scores, and reviewer state — the evidence shape EU AI Act Article 6 high-risk workflows require and that GDPR/DORA auditors expect [1].
Runs on open-weight models (Gemma, Llama, Qwen families) on 2–8 H100/L40S equivalents — inference cost per document is bounded and predictable, not a per-token cloud bill.
Already in production at ELES, Slovenia's national TSO, running NEXUS on Wavenetic infrastructure inside critical-infrastructure perimeter requirements.
Exit-ready by default: notebooks, prompts, extracted data, and workflow definitions export to open formats, satisfying procurement's reversibility clause [4].

In production

A European retail bank with ~6 H100 of shared GPU capacity, Entra ID identity, and an active DORA gap assessment wanted to use a document AI workspace on supplier contracts and internal credit memos without sending content to US-hosted LLM APIs.

Wave 1 deployed WaveOps on Hetzner EU for non-personal supplier contracts within 4 weeks; wave 2 lifted the same workspace to a WaveNode appliance inside the bank's perimeter for credit memos under Article 6 high-risk evidence requirements, with reviewer SLAs and 100% sampling on credit decisions.

A national health network with clinical document workflows could not use NotebookLM or ChatGPT Enterprise due to GDPR Article 9 special-category data and a sub-processor chain that did not survive the DPIA.

WaveOps deployed air-gapped on hospital infrastructure with Keycloak SAML federation; clinical notes never leave the perimeter, every answer carries page-level citations to the source record, and the exception queue routes low-confidence extractions to designated clinicians.

ELES, Slovenia's national TSO, needed AI-assisted document operations inside critical-infrastructure boundaries with NIS2 traceability and no external dependencies.

NEXUS runs in production on Wavenetic infrastructure within ELES perimeter; the same WaveOps workspace primitives — citations, manifests, audit log — back the operational workflows engineers use daily.

When this is the right call

Pick WaveOps cloud (EU region) if your wave 1 document classes are non-personal or pseudonymised — supplier contracts, internal policy, technical documentation — and you need value inside 6 weeks.
Pick WaveOps on a WaveNode appliance if any wave includes Article 6 high-risk classes (KYC, credit, claims, clinical) or special-category data under GDPR Article 9 — start air-gapped, do not migrate later.
Pick WaveOps if your evaluation criteria include determinism, auditability, context persistence, and reversibility — the same dimensions enterprise tooling guides now require [4][6].
Defer WaveOps if your real bottleneck is data quality and source-of-truth governance, not the AI layer — fix the document lifecycle first, then deploy.
Skip WaveOps if your use case is single-document, ad-hoc summarisation by one analyst — a public NotebookLM or Claude session is the right shape and the credit cost is not justified.

Frequently asked

Does WaveOps run fully air-gapped, with no outbound connectivity?

Yes. The WaveNode appliance ships with no required egress: open-weight models, retrieval, the workspace UI, and audit logging all run locally. Updates are delivered as signed offline bundles your security team reviews before applying.

How does WaveOps federate with our Entra ID or Keycloak identity stack?

WaveOps speaks SAML 2.0 and OIDC natively. Group claims from your IdP map to notebook-level access control, so a user who loses access in Entra loses access in WaveOps on the next token refresh. There is no parallel user directory to maintain.

What evidence does WaveOps emit for an EU AI Act Article 6 high-risk workflow?

Per question: the answer, span-level page citations to source documents, the model identifier and version, the prompt manifest, retrieval scores, reviewer identity and decision, and timestamps. The pack is exportable as a signed bundle for internal audit or supervisory review.

How long does a first-wave deployment take, and what does it cost?

WaveOps cloud (EU region) deployment for a defined document class typically reaches production in 4–6 weeks. A WaveNode appliance deployment runs 8–12 weeks including hardware delivery, network integration, and reviewer training. Pricing is per-use via WaveCredits on cloud, and a fixed appliance + support contract on Enterprise.

What happens to our data and workflows if we decide to leave?

Notebooks, extracted fields, prompts, and workflow definitions export to open formats — JSON, Markdown, and Parquet — on demand. Procurement reversibility clauses are satisfied at signature, not promised at renewal.

Can WaveOps run on the GPU capacity we already have?

Typically yes. WaveOps workloads run comfortably on 2–8 H100 or L40S equivalents depending on document volume and concurrent users. We size the deployment against your actual document throughput before contracting, not against headline benchmark numbers.

The takeaway

The reader will be able to decide which document classes to put into WaveOps in wave 1 vs defer, what evidence pack each deployment must emit to survive an internal audit or supervisory review, and whether to start in WaveOps cloud or go directly to a WaveNode air-gapped deployment.