Blog

Privacy-Preserving AI in Practice

Technical writing on split-knowledge architecture, EU regulation implementation, and building AI infrastructure that enforces privacy at the infrastructure level.

March 21, 2026·6 min read

GDPR Article 25 in Practice: How We Built Privacy Into AI Infrastructure

Article 25 demands data protection by design — not as an afterthought. Here's how we mapped each requirement to specific infrastructure decisions: NetworkPolicies, column-level encryption, row-level security, and pseudonymous token bridges.

GDPR Article 25(1) requires the controller to implement "appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles [...]...

GDPRArticle-25privacy-by-design+2

Read article →

March 20, 2026·7 min read

Auditors Will Stop Accepting Redaction for AI Privacy

Redaction fails open. Infrastructure isolation fails closed. As EU AI Act enforcement begins August 2026, the audit math changes.

Trigger: Discovered while building The Veil that the audit math for redaction is unbounded — every new feature, every new data field, every developer log statement expands the verification surface

GDPRprivacy-by-designdata-redaction+2

Read article →

March 18, 2026·6 min read

The EU AI Act and Your AI Architecture: What Changes in 2026

The EU AI Act introduces binding requirements for high-risk AI systems. Article 10 mandates data governance. Article 15 demands accuracy and robustness. Here's what that means for how you architect AI infrastructure.

Article 10 of the EU AI Act imposes binding data governance obligations on high-risk AI systems. Paragraph 2 requires that training, validation, and testing datasets be "subject to appropriate data...

EU-AI-Actcompliancehigh-risk-AI+2

Read article →

March 15, 2026·7 min read

Split-Knowledge Architecture: Separating Identity from AI Processing

No single system component should hold both identity information and AI-derived insights. This is the core invariant of split-knowledge architecture — and it changes how you think about privacy, security, and compliance.

No single sandbox holds sufficient information to both identify an individual and reason about their behaviour, preferences, or attributes. Every design decision flows from this constraint.

split-knowledgearchitectureprivacy+2

Read article →

March 12, 2026·7 min read

Privacy-Preserving AI for Financial Services: AML Without Identity Exposure

AML transaction monitoring requires AI to analyze behavioral patterns. It does not require the AI to know customer names, account numbers, or addresses. Here's how split-knowledge architecture enables compliant AML without identity exposure.

An AML model evaluates transaction patterns: amounts, frequencies, merchant categories, geographic distribution, velocity changes, structuring indicators. It flags anomalies — a sudden spike in...

financeAMLfraud-detection+3

Read article →