Governance enforcement is most effective at chokepoints — places where all traffic must pass. In a multi-engine AI system, the control plane is that chokepoint. Every input, every engine output, every collation step passes through it. That makes it the natural place to enforce regulation.
Jurisdiction-Specific Engine Activation
The engine registry supports a restrictedToTeams field and an activationState. These can be extended to support jurisdiction-specific rules. A long-horizon-prediction engine that is lawful in the US may be prohibited in the EU as a high-risk AI system under the EU AI Act. The control plane can enforce this at request time, without any change to the engines themselves.
What Happens When a Control Plane Is Compromised
If the control plane is bypassed — by calling an engine directly, or by running the pipeline in a debug mode that skips the governance wrapper — every governance guarantee fails simultaneously. This is the single most dangerous failure mode in a multi-engine system. Minimum controls: the governance wrapper must be enforced at the API layer, not just within the pipeline runner.
What Regulators Should Consider
Mandatory audit logging at the control plane layer — not just at the input/output boundary — would give regulators visibility into the full engine execution trace. The EU AI Act's conformity assessment could require a control plane audit log as a standard deliverable.