Standards your organisation can deliver against, for regulated AI.
Metaheuristic is the consulting firm that translates AI regulation into measurable standards your engineering, data and compliance teams can operate against. EventParity, our product, is how those standards become provable to a regulator. UK enterprise. Nigerian public sector. The same discipline.
Why this matters now
AI regulation is here. Standards are the consulting work.
The Nigeria Data Protection Act has been in force since 2023. The AI Code of Practice is in draft and adds non-repudiation requirements for high-risk AI systems. The EU AI Act is on a phased implementation timeline that touches any organisation selling AI services into Europe. UK GDPR is settled law. Beyond the UK and Nigeria, organisations expanding across the continent need to anticipate POPIA in South Africa, Kenya's Data Protection Act and the AU Data Policy Framework. EventParity is configured for those rule sets so the documentation does not have to be rebuilt later.
The regulator is no longer asking whether you have an AI policy. The regulator is asking which documented data your model was trained on, who approved it for production, and how you would prove it on twenty-four hours' notice. That is the work we do.
The consulting work
What an engagement actually delivers
We have one job: take the regulation that applies to your organisation and turn it into something your engineering, data and compliance teams can operate against. Concretely:
- Map the regulation that applies to you against the data assets that already exist. Where the documentation is in place we register it. Where it is absent we stand it up.
- Build a model registry. Every model deployed, every training and fine-tuning dataset, every approving officer, every lawful basis. One record per attestation. Hash-chained and non-repudiable.
- Embed approval and audit workflows into the existing release process. No additional ceremony for engineering teams. An audit pack that populates itself.
- Hand over to your team with the rituals and tooling in place. The work continues after the engagement ends.
Five-step maturity sequence: assess, govern, instrument, operate, AI-ready. The same sequence the home page describes; the regulation-specific work is what shapes it for a sovereign-AI deployment.
How it lands
What an engagement looks like
Four illustrative scenarios. The combinations vary by sector and jurisdiction; the work underneath is recognisably the same.
Ministry standing up a sovereign-AI service
A federal ministry is fine-tuning an indigenous LLM on operational data and wants to launch a citizen-facing service through SMS and USSD. Metaheuristic documents every training dataset against NDPA Section 25, registers the model with provenance and a named approving officer, and runs an audit-pack rehearsal before launch. At go-live the ministry produces a signed evidence pack mapping the deployment to the AI Code of Practice on demand.
Financial services CDO deploying an AI use case
A bank's CDO wants to roll out an LLM-assisted credit decisioning aid under UK GDPR, financial conduct rules and the EU AI Act. Metaheuristic stands up the data governance contract, registers the model, maps the use case to high-risk obligations under Articles 9, 10 and 11 of the AI Act, and embeds the audit and approval workflow into the engineering team's release process. The assistant ships with the audit pack already populated; legal sign-off becomes a document review rather than a six-month investigation.
Procurement officer buying multi-jurisdiction compliance
Illustrative scenario. A multinational running across Nigeria, South Africa, Kenya and the EU is buying a different governance tool for each jurisdiction. The work an engagement like this would scope: a single mapping that documents the same data assets against NDPA, the AI Code of Practice, POPIA, Kenya's Data Protection Act, UK GDPR and the EU AI Act, with EventParity's rule-set configurations providing the cross-jurisdiction coverage. One contract, one platform, one audit artefact at the end.
Public sector data leader rolling out instrumentation across ministries
A state digital office wants a single data standard across its ministries so AI use cases stop being one-off pilots. Metaheuristic delivers the standard, instruments the data flows with EventParity, and trains each ministry's data team to operate the rituals. Six months in, the office runs cross-ministry AI projects without renegotiating governance for every one.
The product behind the discipline
EventParity
EventParity is the product Metaheuristic has built to make the standards above measurable, sovereign and auditable. Available as SaaS at eventparity.com, as a single-tenant on-premise install inside your data centre, or as a federation across multiple departments with a central audit hub.
Model registry
Every AI model your organisation deploys carries a registry record: the datasets it was trained and fine-tuned on, the lawful basis, the named officer who signed it off for production, and a model card mapped to the EU AI Act's high-risk obligations. Each deployment is a fresh attestation. Approvals are tamper-evident; when a regulator asks who approved what and when, the record stands up.
Evidence pack
When a procurement officer, auditor or investigator asks for evidence of compliance, the pack is generated on demand. Every attested control is mapped to the requirements that apply: NDPA, the AI Code of Practice, the EU AI Act's high-risk obligations, UK GDPR, POPIA, Kenya's Data Protection Act, and the AU Data Policy Framework. The document procurement teams want on day one already exists.
Sovereign-tier deployment
The same product runs as SaaS for organisations that accept hosted services, as a single-tenant install inside your own data centre with no outbound calls required, as a federation across departments under one audit hub, or fully air-gapped for environments that cannot connect to the public internet at all. Deployment shape follows the regulatory and risk posture; the capabilities are the same.
Bring-your-own-key for any model
No vendor lock-in. EventParity governs any AI model your organisation chooses to run: the major commercial labs (Anthropic, OpenAI, Google), open-weight models running on your own infrastructure, and African-built LLMs including NaijaGPT, Awarri, CDIAL AI and the University of Jos AI Centre of Excellence. Switching providers, adding a new one, or running several in parallel does not change how governance works.
AI Governance Fabric: open standards
Your AI systems read governance state and write attestation events through open standards, including a native Model Context Protocol (MCP) interface. No proprietary integrations to negotiate, no vendor lock-in to inherit. The workflow stays the locus of control: no AI output modifies a record without a validation step the audit pack will later evidence.
Framework alignment
How this maps to the DPI Framework
The DPI Framework published at digitalpublicinfrastructure.ai gives this work a vocabulary. We've adopted the parts of it where the mapping is honest.
DPI Workflows
"The recipe that coordinates AI Blocks with DPI systems, policy rules, data flows, and human oversight."
EventParity functions as a DPI Workflow in the paper's sense for the governance dimension: schema contracts, approval workflows, audit trails. Service orchestration above it remains the responsibility of the platform or ministry deploying citizen-facing services.
Open standards as the interop surface
"AI Blocks connect through open standards, not proprietary integrations."
EventParity exposes a native MCP server interface and an HMAC-signed server endpoint, and consumes any model speaking the OpenAI Chat Completions protocol. The standards do the integration. Vendor lock-in does not enter the conversation.
Public Agents
Public Agents are not what we build. The paper defines them as the multi-channel constrained interfaces a ministry deploys to citizens through WhatsApp, voice, USSD or web. Where a ministry deploys them, EventParity sits beneath them as the audit substrate: every Agent interaction with the underlying workflow generates a non-repudiable trail.
The +1 Approach
"Governments don't need to replace legacy systems to become AI-ready."
Every registry cleaned, every API published, every governance process formalised is itself an AI-readiness enabler. The consulting work above is the operational form of that argument. AI deployment does not wait for a perfect data foundation; it advances alongside the foundation, governed inside DPI Workflows from day one.
How to engage
Engagement tiers
EventParity is tiered at the organisational level, not per seat. Each tier includes platform access, implementation support and ongoing maintenance. Professional services for migration, integration and bespoke regulatory mapping are scoped separately.
Ready to scope an engagement?
Whether you are a ministry standing up a sovereign-AI service, a financial services CDO deploying an AI use case, or a procurement officer consolidating compliance across jurisdictions, the first conversation is the same: what regulation applies, what is documented today, what is missing.
Contact us