Audition AI
Data Sovereignty Rules Framework

The three tiers your firm already has — enforced.

Your data classification policy names the tiers. The Data Sovereignty Rules Framework turns each tier into a running rule: which AI models may see it, where it may travel, and what happens the moment a prompt tries to cross the line.

The framework

One sovereignty rule per tier

Financial firms classify data in remarkably consistent ways. We adopted the industry's standard three tiers — then gave each one a technical rule the platform enforces on every prompt.

Tier 1

Public / Low Sensitivity

Marketing materials, published research, general product information, press releases.

  • Broadly available — no confidentiality requirements
  • Basic integrity controls to prevent unauthorized edits
  • Shareable externally without approval
Sovereignty rule
Models
Any approved model — frontier models included
Data path
May leave your environment on approved routes
Controls
Integrity checks and standard logging
Tier 2

Internal / Confidential

Internal reports, non-public business strategy, vendor contracts, aggregated (non-identifiable) client data.

  • Employees and authorized contractors only — role-based access
  • Encryption at rest and in transit, access logging
  • Need-to-know sharing across departments
Sovereignty rule
Models
Powerful models on governed, org-approved routes only
Data path
Org-controlled, logged, compliance-reportable calls
Controls
Identity-bound access, DLP screening, full audit trail
Tier 3

Highly Restricted / Regulated

Customer PII, transaction records, trading algorithms, KYC/AML data, material non-public information (MNPI).

  • Strict least-privilege access with information barriers
  • Strong encryption, continuous monitoring, DLP tooling
  • Governed by GLBA, SEC/FINRA rules, Reg S-P, CCPA/CPRA
Sovereignty rule
Models
In-tenant Azure models or local models on your hardware only
Data path
Prompts physically cannot reach external endpoints
Controls
Circuit breakers, dual-layer DLP, immutable audit trails

A practical note on Tier 3.

Many firms split Tier 3 into “Restricted” and “Highly Restricted” — MNPI carries insider-trading risk while PII carries identity-theft risk, and the failure modes differ. The framework supports as many tiers as your policy defines; three is simply where most firms start. Your compliance and legal teams map the tiers to the statutes that apply to your license type and jurisdiction — the framework makes their mapping enforceable.

Every prompt, every time

What happens when someone hits Enter

The framework isn't a quarterly review. It runs in the request path — four checks between a keystroke and a model.

01

Classify

The assistant, its connectors, and the data involved establish which tier the interaction touches — inherited from your existing labels and permissions.

02

Route

The sovereignty policy selects the allowed destination: frontier models for Tier 1, governed routes for Tier 2, in-tenant or local models for Tier 3.

03

Enforce

DLP and Generative Rules screen the content itself. Circuit breakers stand ready to interrupt or constrain the interaction if conditions trip.

04

Record

The full decision — user, tier, model, route, outcome — lands in an immutable audit trail your compliance team can search and report on.

Enforced, not assumed

The enforcement stack behind the rules

Six technical controls make the tiers real. None of them depend on people remembering the policy.

Assistants carry the rules

Each assistant is built for a job and carries the tier rules for that job. A trading-desk assistant and a marketing assistant get different models, different data, different boundaries — by default.

Connectors honor permissions

Connectors decide what data an assistant can reach. They honor your existing access controls and sensitivity labels, so the AI only ever sees what the authenticated person already can.

Sovereignty policy checks every prompt

Set the rule once per tier: which models, for which teams, with which data. Every prompt is evaluated against that policy before anything moves — not reviewed after the fact.

Dual-layer protection watches content

Deterministic DLP pattern matching catches SSNs, account numbers, and sensitive data patterns. AI-powered Generative Rules catch the behavioral cases regex can't.

Circuit breakers act in real time

When defined conditions are met, enforcement can interrupt, constrain, or stop an interaction as it happens — a technical control, not a policy reminder.

Immutable audit trails record it all

Who asked what, which model answered, which tier the data belonged to, what the policy decided. Answer regulators with evidence rather than assertions.

The framework builds on our Data Sovereignty architecture — the whole platform runs inside your own cloud. See also Transparency & Audit Trails and Governance & Compliance.

Grounded in Microsoft's own guidance

We didn't invent a new taxonomy

The framework applies the same tiered-sensitivity and AI-data-control principles Microsoft documents for Purview and Entra — extended across every model and every assistant, not just Microsoft 365 Copilot.

Same tiered-sensitivity shape

Our three tiers mirror the sensitivity label taxonomy Microsoft recommends in Purview — Public, General, Confidential, Highly Confidential — collapsed to the tiers most regulated firms already run.

Microsoft Learn — Default sensitivity labels and policies

Same idea as DSPM for AI, generalized

Microsoft's own answer to “should AI see this data?” is Purview DSPM for AI, which can block Microsoft 365 Copilot from processing content carrying certain sensitivity labels. Our Tier 3 rule applies that logic to every model and every assistant — not just Copilot.

Microsoft Learn — Purview DSPM for AI

Identity-bound access, not a new model

Every assistant acts through the user's own Microsoft Entra ID, honoring the verify-explicitly and least-privilege principles Microsoft documents as the identity pillar of Zero Trust.

Microsoft Learn — Identity, the first pillar of Zero Trust

Audit trails in the same spirit as Purview

Microsoft's Purview audit logs capture every Copilot and AI-application interaction — who, when, what was touched. Our immutable audit trail holds every model and assistant to that same evidentiary standard.

Microsoft Learn — Audit logs for Copilot and AI applications

Note: Microsoft also uses “sovereignty” to describe Microsoft Sovereign Cloud, its data-residency and operational-sovereignty offering for governments and regulated industries. That's a different, broader layer — infrastructure and residency. This framework operates one level up: which model may see which tier of data, enforced on every prompt, regardless of where your infrastructure sits.

Why now

Regulators are asking the enforcement question

The SEC's amended Reg S-P is in full effect as of June 2026, and examiners increasingly ask not whether your safeguards exist on paper, but whether they operate when AI touches customer information.

A tiered framework that routes by sensitivity, blocks by policy, and logs immutably answers that question with a report — not a story.

Explore Reg S-P readiness

Reg S-P & SEC/FINRA rules

Safeguards and incident response for customer information — the primary driver for broker-dealers and advisers.

GLBA & state privacy laws

Gramm-Leach-Bliley and CCPA/CPRA-style statutes govern PII handling, breach notification, and retention.

MNPI & information barriers

Insider-trading exposure demands barriers between desks — a different failure mode than identity theft, with different controls.

See your tiers as running policy

Bring your firm's classification policy. We'll walk through how each tier becomes an enforced sovereignty rule inside your own environment.

Read the thinking behind the framework: How We See Data Privacy Protections