Compliance,
rebuilt by the people
who actually do it.

Supervisory is a free, community-built system of record for DORA. Every requirement, control and piece of evidence is connected and managed under an agent framework. All features are decided by the users. Submit a feature request in the Roadmap now.

DORA · 64 articles
RTS 2024/1772–1774
RTS TLPT
EBA · ESMA · EIOPA
/ Platform

One model. Every relationship preserved.

Built for the messy reality of group structures, third parties, and ICT estates that change daily.

01

Article browser

Every DORA article and RTS, expanded into requirements with mapped controls, evidence and current status across entities.

02

Canonical graph

Entities, ICT services, third parties, contracts, controls, incidents and evidence — a single graph, no spreadsheets.

03

Automated gap assessment

From your inventory and policies, every requirement is classified and the evidence to close each gap is proposed for you.

/ Capabilities

Built for the way you actually run compliance.

Automation where it matters, on the model stack of your choice — yours, your enterprise's, or fully open source.

01

Compliance automation

Continuous gap assessment, evidence collection, control testing and report drafting — running in the background instead of a quarterly scramble.

02

Agent harness for compliance

A purpose-built harness that breaks down regulations, plans the work, drafts evidence and policies, and hands control back to you for review.

03

Bring your own model

Plug Supervisory into the model provider you already trust. No lock-in, no shadow data residency surprises, no per-seat model tax.

04

Private and open-source models

Connect to your own self-hosted open-source LLM or your enterprise provider. Sensitive evidence never leaves your perimeter.

/ How it works

An agent harness, your model, your evidence.

Every action is a tool call against your compliance graph. Writes are proposals a human approves. Nothing is auto-mutated, everything is logged.

Step 01

Plan

Pick an agent kind — gap review, evidence gather, incident triage, control drafter, TPP due diligence. The harness loads the whitelisted tools available for that kind.

Step 02

Reason

Your chosen LLM — OpenAI, Azure, Anthropic, vLLM, Ollama, or the default — calls tools to read requirements, evidence, incidents and TPPs. Every step is hash-chained into the audit ledger.

Step 03

Propose

Writes are filed as recommendations a human approves. Each recommendation is traceable back to the exact agent run, model, and tool calls that produced it.

/ Bring your own LLM
OpenAI·Azure OpenAI·Anthropic·AWS Bedrock·vLLM·Ollama·any OpenAI-compatible endpoint

Sensitive evidence stays inside your perimeter. The harness pings your endpoint with the same tool schema regardless of provider.

/ Manifesto

A new era of compliance.

Staying compliant should be easy, and the tools to make it so are now cheap to build. So they should be free to use.

Supervisory is maintained by Cardinal and built in the open with the practitioners who file the reports, run the tests, and answer the regulator's questions. The community shapes the roadmap and contributes the controls, the mappings, the connectors. Compliance stops being a team and becomes shared infrastructure.

Free01

Always free for teams.

Open02

Built in the open. Forkable.

Shared03

Contributions belong to everyone.

/ Method

Posture vs Policy.

Most platforms collapse intent and reality into a single number. Supervisory keeps them apart.

What your policies say should be true sits alongside what your live telemetry, tests and attestations show is true. The delta is your gap surfaced on the dashboard, never buried in a quarterly review.

Policy
declared
Posture
observed
/ Pricing

One plan. Always free.

No seats, no tiers, no enterprise upsell. The whole platform, for the whole team, forever.

€0/ month

Unlimited users. Unlimited entities. Every feature, every article, every report. No credit card.

What's included
  • Unlimited users and seats
  • Unlimited entities and tenants
  • All DORA articles and RTS
  • Automated gap assessment
  • Compliance automation
  • Agent harness for compliance
  • Bring your own model
  • Private and open-source LLM support
  • Register of information (XBRL export)
  • Third-party risk and contracts
  • ICT inventory and dependency graph
  • Incident classification and reporting
  • TLPT scenario library
  • Continuity and recovery testing
  • Evidence collection and audit trail
  • Posture vs policy dashboard
  • Policy templates and version control
  • Read-only auditor and regulator portal
  • Trust portal for third parties
  • Public API and webhooks
  • Connectors and integrations
  • Community-shaped roadmap

Free to use. Built with you.

Spin up a workspace, import your entities, and have an article-by-article posture in an afternoon then help shape what Supervisory becomes next.