VoltageGPU ships three confidential AI agents for finance teams that cannot legally send ledgers, AML alerts or audit work-papers to US hyperscaler co-pilots: an AML Monitoring agent, an Audit Automation agent and an FP&A agent. All three run inside Intel TDX hardware enclaves operated in EU jurisdiction. Memory is AES-256 encrypted at runtime — VoltageGPU operators are technically incapable of reading prompts, transaction data or forecasts. EU company (VOLTAGE EI, France, SIREN 943 808 824), native RGPD Article 28 Data Processing Agreement, ECDSA attestation report per request.
Microsoft Copilot for Finance runs on Microsoft 365 / Azure OpenAI infrastructure. ChatGPT Enterprise runs on OpenAI infrastructure provisioned in Microsoft Azure US regions. Both are excellent products but neither offers Intel TDX hardware sealing nor an EU-only data path with attestation evidence per request. VoltageGPU is built explicitly for EU regulated finance teams whose DPO and CCO will not accept a US sub-processor chain.
Team Starter ($349/mo) — single team, AML triage + audit drafting on Qwen3.5-397B-TEE (256K context). Pro ($1,199/mo) — small finance department, 10 seats, Qwen3.5-397B-TEE 256K context, FP&A agent included. Enterprise ($3,499/mo) — DeepSeek-R1-TEE reasoning, SSO, SCIM, RBAC, DORA evidence pack, dedicated tenant, SOC 2 / ISO 27001 path.
AML monitoring, audit automation, FP&A. Sealed in Intel TDX. EU-hosted. SOC 2 / ISO 27001 path.
DORA Article 28-30 third-party risk evidence. GDPR Article 32 confidentiality of processing satisfied by hardware. No FISA 702. No CLOUD Act exposure.
The financial-data confidentiality problem
In 2026, every CFO, Chief Compliance Officer and Head of Internal Audit is asked the same question by their board: where is the AI that lets us close books faster, triage AML alerts faster and draft audit work-papers faster — without breaking DORA, GDPR or SOX? The default answers — Microsoft Copilot for Finance, ChatGPT Enterprise, Google Gemini — all share one architectural property: they run on US hyperscaler infrastructure with sub-processor chains that touch FISA 702 and the CLOUD Act.
For an EU regulated financial entity, a strict reading of GDPR Article 32 (confidentiality of processing) and DORA Article 28-30 (third-party ICT risk) makes that architectural property a legal and operational blocker. Pasting a transaction anomaly batch into ChatGPT Enterprise sends it through a sub-processor chain the DPO cannot evidence to a French ACPR or German BaFin examiner. Co-pilots in Microsoft 365 inherit the data residency problem unless every prompt stays inside the EU data boundary, with full attestation — which is not the default behavior.
VoltageGPU exists to remove that blocker. We are an EU-only ICT third party (VOLTAGE EI, France, SIREN 943 808 824). We run open-weights models — Qwen3.5-397B, DeepSeek-R1, Qwen3-32B — sealed inside Intel TDX hardware enclaves we operate. AES-256 memory encryption is fused into the CPU. NVIDIA Protected PCIe seals the CPU-GPU path. An ECDSA attestation report is signed for every request. We are technically incapable of reading the data your finance team feeds the agents.
Three confidential finance agents
Each agent is a vertical specialist with the right prompts, retrieval indexes, output formats and guardrails wired in for one finance workflow. None of them are regulated advisors — they are decision-support tools that a qualified compliance officer, auditor or finance professional reviews and signs.
AML Monitoring
Reviews transaction batches against FATF / 6AMLD typologies, drafts SAR-ready narratives and flags structuring, layering and unusual cross-border patterns for a human MLRO to sign.
Audit Automation
Drafts walkthroughs, sample-test summaries, control narratives and audit work-papers. Useful for both internal audit functions and external auditors who need TDX attestation as a control over the AI tool itself.
FP&A
Variance analysis, forecast drafting, board memo drafting and sensitivity-table generation on management accounts the CFO refuses to send to OpenAI — for very good reasons.
DORA mapping
The Digital Operational Resilience Act applies to banks, insurers, investment firms, crypto-asset service providers and most EU financial entities. We provide the contractual provisions and technical evidence regulated buyers need to onboard VoltageGPU as an ICT third-party provider.
DORA Art. 28
Third-party ICT risk register
VoltageGPU appears as an EU-based ICT third-party provider. We supply the register fields (entity, jurisdiction, sub-processors, data flow, exit plan) on request.
DORA Art. 29
Concentration risk assessment
EU-only data path with no US sub-processor in the inference loop. Useful for documenting concentration mitigations against existing US hyperscaler dependencies.
DORA Art. 30
Contractual provisions
Standard DORA Article 30 contractual provisions available without negotiation: location of processing (EU), audit rights, exit / portability, incident notification timelines.
DORA Art. 17
ICT-related incident reporting
Webhook / SIEM integration for ICT incidents. Incident classification mapped to the DORA Implementing Technical Standards categories.
DORA Art. 25
Testing of ICT tools
Per-request ECDSA attestation evidence usable in TLPT (Threat-Led Penetration Testing) scopes and routine ICT testing programs.
SOX angle
SOX Section 404 internal control testing produces work-papers, walkthroughs and substantive test evidence that auditors must protect under PCAOB independence and confidentiality requirements. Pasting that material into ChatGPT Enterprise creates a sub-processor relationship most audit firms have not blessed. Pasting it into Microsoft Copilot inside a client's Microsoft 365 tenant blurs the line between auditor data and auditee data.
VoltageGPU keeps that boundary clean. Each tenant runs in its own logical enclave on shared TDX hardware (or a dedicated tenant on the Enterprise plan). The attestation log gives the engagement partner cryptographic evidence that the AI tooling ran where it was supposed to run, on the model it was supposed to run on, with no operator able to read the work-papers. That is auditable, signable, defendable evidence — not a marketing claim.
We position VoltageGPU as audit tooling. The auditor's professional judgment, sample selection and conclusions remain the auditor's. The agent drafts; the human signs.
VoltageGPU vs Microsoft Copilot for Finance vs ChatGPT Enterprise
We have nothing against Copilot or ChatGPT Enterprise — they are excellent products for organisations whose threat model and regulator is comfortable with US hyperscaler sub-processing. Most EU regulated finance teams are not.
Pricing
Flat monthly tiers. No per-token surprises. Inference quotas reset every month. Annual contracts available with standard volume discounts.
Starter
$349/ mo
Pro
$1,199/ mo
Enterprise
$3,499/ mo
FAQ
Can a regulated bank legally use this under DORA?
Yes, subject to your own DORA risk-register entry and the standard board-level approval for ICT third parties. We provide the EU-jurisdiction processing location, the Article 30 contractual provisions and the technical evidence (TDX attestation per request) most ACPR / BaFin / FINMA examiners ask for.
Is anything sent to OpenAI, Anthropic or any US provider?
No. The agents run on open-weights models (Qwen3.5-397B, DeepSeek-R1, Qwen3-32B) we operate inside Intel TDX enclaves on infrastructure under EU jurisdiction. There is no OpenAI or Anthropic API call in the inference loop.
Is this regulated financial advice?
No. VoltageGPU is a confidential AI tooling platform. The agents draft suggestions a qualified MLRO, internal auditor or finance professional reviews and signs. We do not offer regulated financial, legal or audit advice.
How does the Audit Automation agent stay independent of the auditee?
On Pro / Enterprise, audit work-papers stay in your tenant. Engagement-level segregation is enforced via tenant boundaries. The TDX attestation log is engagement-bound — useful evidence under PCAOB AS 1215 work-paper retention controls.
What if our DPO requires SOC 2 or ISO 27001 before signing?
Enterprise customers get the SOC 2 Type II / ISO 27001 path documented and rolling. Until certifications close, we provide the readiness package, control mapping and the underlying TDX attestation evidence — strictly stronger than a self-attested audit on a US standard VM.
Can the agents run on cron, before the team logs in?
Yes. Scheduled agents at /scheduled run DORA-relevant sweeps overnight — daily AML re-scoring, weekly sanctions-list refresh, monthly DORA-Article-28 third-party reassessment, end-of-quarter SOX 404 evidence collection — each run carries its own ECDSA attestation for the engagement file.
Does it pull from our GL, TMS, case manager and DMS?
Connectors at /connectors cover GLs (NetSuite, SAP, Sage, Pennylane), TMS feeds, case managers, sanctions providers, Slack alert channels, Drive/SharePoint and email intake. Starter includes 3 connectors, Pro 5, Enterprise unlimited.
Keep going
Sovereign suspicious transaction triage. FATF and 6AMLD aligned. SAR-ready drafts.
Walkthroughs, sample-test summaries, SOX 404 control narratives — sealed in TDX.
Variance analysis, forecast drafts, board memos. Confidential by hardware.
The hub: vertical agents for legal, finance and regulated professionals.
How VoltageGPU lines up with DORA Article 28-30 third-party risk obligations.
Article 26 deployer evidence, model cards, logging — under the staged 2026 timeline.
Plus / Starter / Pro / Enterprise — see what each tier includes.
Verify the live ECDSA quote stream against the public attestation root.
The flagship legal agent. Useful reference for the same architecture pattern.
Sector page: AML, KYC, DORA and SOX-aligned agent workflows.
The full agent line-up across legal, finance, healthcare and operations.
The infrastructure layer: Intel TDX, Protected PCIe, attested GPUs as raw compute.
Pick a tier, sign the standard DORA Article 30 pack, deploy the agents on the data your DPO would never let you paste into a US co-pilot. Or talk to us first — we answer DPO and CCO questions directly.