Countervail provides custody surface assessments and governance documentation for organizations deploying AI at scale. We map what your vendors retain, what is legally reachable, and what it costs when you can't answer those questions.
In February 2026, a federal court in the Southern District of New York held that consumer AI interaction logs are ordinary discoverable ESI — subject to the same production obligations as email and documents. Earlier precedent established a ceiling: work product protection over AI-assisted deliberation is possible but narrow. Between those boundaries lies an unaddressed governance problem.
Most organizations cannot identify what AI interaction records exist on their infrastructure, cannot confirm that vendor-side deletion controls reach backend storage, and have no governance documentation for litigation, regulatory inquiry, or underwriting purposes. Several developments have made the problem more acute:
Planning traces, tool invocation records, and delegation logs now persist across multi-step workflows, generating artifact classes that did not exist two years ago.
Infrastructure providers create independent retention surfaces through API logs and observability tools — regardless of model provider policies.
Tools like Datadog and Splunk capture AI interaction content through automatic instrumentation, outside any governance control.
User-derived embeddings stored in vector databases may persist indefinitely and may require freezing an entire database to honor a single preservation order.
Expose is Countervail's diagnostic service line — the front door to every engagement. Each Expose assessment surfaces the custody landscape before any implementation decision is made. Expose reports are standalone deliverables with independent value, designed for legal counsel, compliance teams, procurement, and insurance underwriters.
Expose reveals. Countervail then implements controls, documents posture, and supports ongoing governance. The diagnostic and the remediation are structurally distinct offerings, deliberately priced and scoped apart.
Maps the enterprise deployment surface across all AI vendors. Classifies each deployment against the governance tier framework. Estimates defense-cost exposure across the full configuration. Identifies what each vendor retains by default and under what conditions.
Extended assessment for organizations running agentic AI workflows. Maps six artifact classes unique to agentic deployments: planning and reasoning traces, tool invocation metadata, permission and authorization records, persistent memory, orchestration logs, and error recovery paths.
Targeted assessment for organizations facing active litigation, regulatory inquiry, or preservation obligations. Produces a matter-scoped record surface map, privilege classification matrix, preservation obligation analysis, and recommended responses to discovery requests.
Reviews vendor MSAs, API terms, and data processing agreements. Produces a vendor retention posture report for negotiating retention terms, evaluating vendor alternatives, and documenting governance due diligence.
For organizations operating as hosts, gateways, or orchestration layers between users and underlying AI vendors. Identifies whether interaction records persist in databases, logging systems, analytics pipelines, or backup environments controlled by the client.
For law firms, accounting firms, investment advisors, healthcare providers, and auditors. Reviews AI usage in workflows where retained interaction records could affect privilege, duty of care, supervision obligations, or audit requirements.
When a person uses an AI system to work through a problem, the platform retains the entire deliberative chain on corporate servers under the provider's data handling terms — not the user's preferences.
Cognitive trace risk exists even when the AI model is accurate, the data is lawfully collected, the system operates as designed, and the user consents to the terms of service. The risk arises from the fact of retention itself.
This is not a subcategory of data privacy risk. Privacy tools govern access to existing records. Custody governs whether records exist on reachable infrastructure. These are structurally independent layers, and most governance programs address only one.
The custody surface is a distinct governance layer. Most tools and consultancies address adjacent problems. Countervail addresses this one specifically.
We assess governance posture for organizations that use AI. We are not an AI vendor and have no model to promote.
Map what AI vendors retain and under what terms, producing custody surface documentation for institutional use.
Countervail is a professional services firm. Assessments produce written deliverables, not dashboards or SaaS seats.
Deliver fixed-fee engagements producing structured documentation for legal counsel, compliance, procurement, and underwriters.
Privacy governs access to existing records. Custody governs whether records exist on reachable infrastructure. Different layer, different controls.
Address the retention and custody layer that sits beneath privacy controls — the layer no existing framework covers.
Where interaction records exist across operator and vendor infrastructure.
Which entities hold copies — and under what retention terms.
Which records are legally reachable through subpoena, regulatory demand, or audit.
Which records can be accessed by whom, and through which institutional mechanisms.
Every Expose assessment maps all four surfaces across the enterprise's vendor portfolio and deployment configurations, producing a structured record for legal, compliance, procurement, and underwriting audiences.
Begin an assessment →AWS infrastructure creates its own retention surfaces regardless of what Bedrock states about prompt and response content. CloudTrail logs API invocations. CloudWatch can be configured to log model inputs and outputs. Bedrock features — Knowledge Bases, Agents, Guardrails — generate durable artifacts. Downstream application servers, observability tools, and backups generate additional surfaces that Bedrock does not address. AWS itself becomes an intermediary custodian. Subpoenas can be directed at AWS. Legal holds can require AWS to preserve customer account metadata. This pattern applies across any cloud provider that routes AI interactions through its infrastructure.
Each engagement follows a structured methodology derived from the Automated Record Custody Standard (ARCS), a governance specification filed with NIST in March 2026. The methodology is consistent across all Expose assessment types; scope and artifact classes vary by deployment context.
Enumerate all AI vendors, APIs, and infrastructure layers. Review each vendor's data handling terms, API terms of service, and data processing agreements. Apply a structured disclosure framework to identify retention defaults, deletion behavior, and intermediary surfaces.
Identify all artifact classes generated by the enterprise's AI deployment: session content, moderation outputs, operational logs, observability telemetry, vector embeddings, agentic traces, and infrastructure-layer records. Assign governance classification to each artifact class.
Classify each deployment configuration against the governance tier framework: non-retentive with verifiable audit artifacts; operator-controlled retention with documented governance controls; or vendor-retained with default logging. Estimate defense-cost exposure for each configuration.
Produce structured deliverables for each audience: custody surface map, vendor retention posture report, configuration exposure matrix, privilege classification matrix (litigation engagements), and remediation roadmap. All deliverables follow a standard schema designed for institutional use.
Every Countervail engagement produces written deliverables in a defined format. The primary audience for each deliverable is identified at scoping. Deliverables are designed to be used directly by legal counsel, compliance teams, boards, insurers, and procurement — not translated.
All engagements are fixed-fee or retainer-based. Countervail does not bill hourly except expert testimony. Deliverables are designed for legal counsel, compliance, procurement, insurers, boards, and engineering leadership.
Identifies a custody surface category that conventional assessments miss: user-derived embeddings stored in vector databases. Evaluates lifecycle management, cross-user co-mingling, and whether a litigation hold targeting one user would require freezing the entire database.
Standalone briefings for boards, audit committees, and C-suite on AI record exposure, custody surface, and defense-cost trajectory under litigation and regulatory scenarios. Written summary suitable for board minutes and audit committee files.
For AI vendors, research groups, and internal ML teams. Examines custody posture for labeling data, evaluation traces, prompt corpora, feedback sets, fine-tuning datasets, and experiment logs across development environments.
Configuration of retention controls, deployment of ARCS-conformant governance tooling, establishment of audit artifact pipelines, and verification that the deployed configuration achieves the target governance tier classification.
When Datadog, Sentry, or Splunk capture AI interaction content through automatic instrumentation, governance implementation alone is insufficient. Designs and implements exclusions, closes parallel capture paths, and verifies that remediated pipelines no longer retain governed content.
Design and implementation of verifiable governance evidence workflows for compliance, audit, and litigation contexts. Includes receipt schema customization, verification endpoint configuration, and integration with document management systems.
Advisory at the system-design level for platforms integrating AI APIs, orchestration systems, or agent runtimes. Reviews architecture to identify where interaction records are created and how they persist — before production deployment.
Structured engagement: assessment (weeks 1–2), governance implementation in defined scope (weeks 3–6), and verification with delta proof (weeks 7–8). Includes initial surface map, post-deployment map, delta proof, and sample audit artifacts.
Complete retention architecture: classification of artifact types, assignment of retention classes, configuration of destruction schedules, and legal hold accommodation mechanisms that allow compliance with preservation orders without disrupting non-custodial architecture.
Maps governance controls to applicable regulatory frameworks: NIST SP 800-53, NIST AI RMF, HIPAA, FINRA Rule 17a-4, ISO/IEC 42001, EU AI Act, SOC 2 Type II, FERPA, and state-level AI legislation. Applied to the enterprise's specific deployment configuration.
When an enterprise receives a regulatory inquiry or enforcement action touching AI deployment practices, Countervail produces the technical governance analysis and evidence package that supports the enterprise's legal response. Countervail produces the technical record; counsel uses it in the proceeding.
Development of the enterprise's playbook for responding to subpoenas, civil investigative demands, and preservation notices targeting AI interaction records. Addresses staged production protocols, sampling frameworks, protective order templates, and privilege review workflows.
Configures the preservation hold within the enterprise's governance architecture: identifies artifact categories within scope, switches governed records from automatic purging to hold mode, verifies that automatic deletion is suspended, and documents the configuration for litigation counsel.
For enterprises that have deployed non-custodial architecture, produces the evidence package supporting the temporal defense against spoliation claims: deployment timeline, policy authorization chain, audit artifact archive, and written analysis mapping posture to the relevant legal framework.
Expert advisory and testimony on AI interaction record governance in litigation, regulatory proceedings, and arbitration. Expert reports, declarations, deposition and trial testimony.
Constructs realistic scenarios — subpoena, regulatory inquiry, audit, internal investigation — to illustrate record production paths and governance consequences. Used for board briefings, audit committees, underwriting discussions, and internal risk reviews.
CLE-eligible programming for attorneys on AI record retention risk and custody surface exposure. Training workshops for compliance officers, CISOs, and records management professionals. Half-day executive briefing, full-day workshop, or CLE-eligible presentation formats.
Countervail deliverables are designed for each audience's use case. A custody surface assessment produces distinct outputs for legal counsel, compliance, procurement, underwriters, and boards — structured for direct use, not translation.
Assess what AI records exist, whether privilege protection applies, what preservation obligations attach, and how to respond to production demands. The privilege classification matrix and matter-scoped surface map are built for litigation counsel.
Map AI deployment behavior against applicable regulatory frameworks, identify governance gaps before an audit or inquiry, and assemble the documentary record for regulatory response. Covers HIPAA, FINRA, EU AI Act, SOC 2, and state AI legislation.
Understand what each vendor retains before signing, identify gaps between vendor retention claims and actual infrastructure behavior, and negotiate MSA and DPA terms using a structured vendor retention posture report.
Produce governance posture documentation that supports underwriting classification, policy renewal, and tier migration. The governance posture package is structured for underwriter use without requiring translation.
Receive a structured briefing on AI record exposure, custody surface, and defense-cost trajectory under realistic litigation and regulatory scenarios. Written summary suitable for board minutes and audit committee files.
Identify which architecture decisions determine custody posture, where records are inadvertently created through observability and logging tools, and how to integrate governance controls before production deployment rather than retrofitting them.
Vendor terms change. New AI integrations go live without governance review. SDK configurations drift. Retention class assignments expire. Continuous monitoring detects posture degradation as it occurs rather than discovering it when a legal demand arrives. The resulting evidence trail also supports insurance tier renewal and the spoliation defense's temporal continuity argument.
SaaS continuous monitoring detecting vendor term changes, new AI integrations without governance review, configuration drift, and expiring retention class assignments. Annual subscription priced by deployment scale.
Ongoing re-administration of structured vendor disclosure across the enterprise's AI vendor portfolio. Identifies changes from prior baseline and flags new governance gaps.
A governed workspace to track posture, store assessment history, and assemble documentation for renewal, audit, and certification. Includes vendor posture records, remediation tracking, and tier classification history.
Governance posture documentation required at policy renewal: updated assessment, posture continuity evidence, governance tool operational history, and tier migration analysis. Priced below a full de novo assessment.
Technical tooling to identify retained interaction records across enterprise systems. Scans integrations, logging paths, storage systems, and vendor configurations to detect retention exposure and posture drift.
A scoping call to understand your deployment surface, vendor portfolio, and current governance posture. No deliverable required, no fee. We determine whether a custody surface assessment is warranted and at what scope.
A fixed-fee engagement producing the custody surface map, vendor retention posture analysis, configuration exposure matrix, and recommended governance actions. Deliverables are designed for legal counsel, compliance, procurement, and underwriting audiences.
A governance record that demonstrates custody controls, supports legal hold obligations, informs insurance underwriting, and provides a baseline for ongoing conformance. Continuous monitoring and annual renewal support available.
All engagements contracted through Countervail, LLC. Fixed-fee or retainer-based. No hourly billing except expert testimony. Contact : info@countervail.group
Professional services. Conducts custody surface assessments, produces Expose reports, implements governance controls, and supports litigation readiness and regulatory compliance. countervail.ai / countervailai.com
Automated Record Custody Standard. The governance specification that Countervail implements as commercial services. Published by Vega Commons Project, Inc. and filed with NIST in March 2026. ARCS is a standard, not a legal entity.
New York not-for-profit standards body. Publishes ARCS and related governance doctrine. Countervail is a wholly owned subsidiary. Revenue from Countervail engagements flows to VCP.