Answer — AI Governance
What is independent custody of an AI governance record?
Independent custody means the keeper of your AI record is neither the AI provider nor your own organization, but a third party you authorize. It matters because a record you keep about yourself carries only your word; an independently held one carries evidentiary weight before any relying party.
Why does independence give a record its weight?
Evidence is only as good as the independence of whoever keeps it. A record an organization keeps about itself carries only that organization’s word; a record the AI provider keeps about its own tools carries only the provider’s. The principle is old and simple: no one is a credible witness to their own conduct. Microsoft cannot be the independent witness to Microsoft, and an organization cannot be the independent witness to itself.
That is why the vendor’s own logs are not enough on their own. Microsoft Purview Audit (Standard) retains records for 180 days by default — Copilot activity included — and ten-year retention requires a paid add-on. Even setting the expiry aside, it is the provider’s account of the provider’s tools, kept under the provider’s control. Independent custody moves the record out of the hands of every party with an interest in what it says.
What does independent custody mean in practice?
Independent custody has a concrete meaning, not a slogan:
- You own the data. The record is yours. Agentica is the custodian, never the owner — the keeper of the account, not a party to it.
- You control access and exports. What leaves the record, to whom, and who may verify it are your decisions. A council, a board, an auditor, a regulator, a lender, or an insurer sees the record because you authorized it — not because Agentica chose to show them.
- The custodian is neither the AI provider nor you. That third position is the whole point: it is what lets a relying party check the record rather than take anyone’s word for it.
How is the record kept beyond any one party’s reach?
Custody is backed by design, not just by promise. The record is designed so that no single party — Agentica included — can rewrite its history or sign a record alone. Its integrity is designed to be anchored to a public ledger, so a relying party can verify that a record has not changed since it was written — without trusting Agentica to say so. And the keys that seal the record are designed to sign only its integrity and its exports, never a judgment about your risk: the custodian keeps the account, it does not rate you.
What custody does not do
Independent custody makes a record trustworthy — it does not make its contents favorable. A neutral record can show gaps as readily as it shows diligence: an agent that reached data it was never authorized to touch, a control that lapsed, a period that went unwitnessed. Agentica issues no grade and signs no relying party’s assessment; the record simply holds what happened. That neutrality is not a weakness to manage — it is the precise reason a third party believes the record at all. A record that could only ever flatter its subject would prove nothing.
Agentica, an AI Governance company in Montréal, is that custodian: it continuously maps every AI agent in your business environment and records it in a tamper-proof history under independent custody — read-only, metadata and signals by default. You own the data; Agentica keeps the account.