Compliance
Compliance boundaries for agent products — third-party model APIs, training-data feedback, model output liability are friction points traditional SaaS lacks. Five core topics and section guide.
Customer data leaves you on every inference
All agent product compliance issues trace back to one fact: every inference sends customer data (prompt content, attachments, context) to a third-party model provider (Anthropic, OpenAI, etc.). Customer data passes through at least two organizations — your product plus the upstream model vendor — and compliance commitments must cover the entire chain.
This data chain creates three compliance problems unique to agent products:
1. Data leaves your control
Traditional SaaS compliance boundaries are defined by your deployment architecture — customer data flows within your infrastructure. Agent product data crosses organizations on every inference; each organization’s rules for retention, training, and secondary use must be explicitly negotiated, not left at default.
2. Output liability allocation is unclear
Traditional SaaS: user decides, product provides tools. If the user wrote the wrong contract clause in Notion, the responsibility is the user’s.
Agent products: agent makes autonomous decisions. If the agent wrote a wrong clause for the user, where does responsibility lie — user, vendor, or model provider — there is no mature legal precedent. Most compliance frameworks (SOC2, GDPR) also lack specific clauses.
3. Training-data feedback
Traditional SaaS: customer data is used for product features; usage scope is explicit by contract.
Agent products: upstream model providers may retain prompt / output for model training. This behavior can typically be disabled by commercial contract (OpenAI, Anthropic both offer “zero retention” options), but the default is retention — the vendor must explicitly cut this chain and prove it to customers.
Five core topics
Data residency and cross-border
Where customer data is processed / stored geographically is the first compliance question.
- Where your own infrastructure sits — AWS us-east-1, self-hosted IDC, Cloudflare edge nodes
- Which geographic endpoint upstream model API calls hit — Anthropic, OpenAI each have US / EU region endpoints
- Locations of intermediate components (vector DB, cache layer, log pipeline)
- Compliance constraint matrix: GDPR data export, China’s Data Export Security Assessment, US ITAR, industry-specific rules (healthcare, finance)
Audit trail
The traceability granularity of agent behavior is the core compliance requirement for agent products.
- Task level: user submission → agent plan → tool call sequence → output
- Token level: input/output tokens per step, cache hit status, model called
- Tool-call level: which tool invoked, parameters, return value, HITL trigger or not
- Retention period and queryability: compliance typically requires 1-7 year retention, < 1 hour query response
Practical difficulty: token-level log data volume is massive (100× task-level); tiered storage + indexing strategy is required.
Model output liability
See model-output-liability. Core topics:
- Where the line between autonomous decisions and HITL sits
- How responsibility is allocated in contracts
- Whether insurance products cover agent errors
Industry certifications
Scope of common certifications:
- SOC2 Type II: general security controls; required for B2B sales; typically takes 12-18 months
- HIPAA: healthcare industry; requires BAA + HIPAA-compliant upstream model providers
- GDPR: EU users; DPA + data export mechanism + user deletion right
- CCPA / China PIPL: regional, similar to GDPR but with different clauses
- ISO 27001: preferred by international large customers; partial overlap with SOC2
- Industry-specific: FedRAMP (US government), Bafin (German finance), various country-specific data laws
Typical acquisition order: SOC2 → GDPR DPA → ISO 27001 → industry-specific.
Data feedback and training
See data-feedback. Core topics:
- Whether upstream model providers retain prompt / output by default
- How to cut feedback at both contract and technical layers
- How to prove “data not used for training” to customers
Cross-section connections
- Audit trail implementation: log pipeline in operations/overview
- HITL position in the ROI model: economics/controls-and-roi
- Customer onboarding flow involving compliance: playbooks/onboarding