What is VoltageGPU Confidential Chat?

A ChatGPT-style interface running inside Intel TDX hardware enclaves. Prompts and responses are encrypted in CPU memory at runtime and never leave the sealed Trust Domain. VoltageGPU cannot read user data, cannot log it, cannot train on it.

Do I need an account to try it?

No. Anonymous visitors get 3 free messages on Qwen3-32B-TEE without any signup, no credit card required. After the free trial, signup unlocks 50 free messages per month, Plus $20/mo unlocks 2000 messages with Qwen3-235B 262K context.

How is it different from ChatGPT Plus?

Same $20/mo price point but sealed in Intel TDX hardware. OpenAI trains on user data by default. VoltageGPU Plus cannot technically read user data — memory is encrypted with CPU-fused keys and even the hypervisor is outside the trust boundary. EU company (France, SIREN 943 808 824), native GDPR Article 28 DPA available.

Which TEE models are available?

3 models sealed in Intel TDX: Qwen3-32B-TEE (40K context, fast), Qwen3-235B-A22B-Instruct-2507-TEE (262K context, flagship, Plus/Pro), DeepSeek-R1-0528-TEE (163K context, reasoning model, Enterprise).

Can I use it for regulated work (legal, medical, finance)?

Yes. Beyond the generic chat, 8 specialized agents are available: Contract Analyst, Financial Analyst, Medical Records, Compliance Officer, Due Diligence, Cybersecurity, HR, Tax. GDPR Article 28, HIPAA, DORA, NIS2 ready. DPA available on request.

Yes — api.voltagegpu.com/v1 is OpenAI-compatible, pay-per-token starting at $0.15/M input tokens on Qwen3-32B-TEE. Drop-in replacement for the OpenAI SDK (change base_url).

How does DORA classify AI providers?

AI inference providers are ICT third-party service providers under DORA. Articles 28-30 require contractual arrangements with detailed obligations: location of data and processing, confidentiality, audit rights, exit strategy, sub-contracting controls, and incident reporting alignment.

Does Intel TDX support DORA Article 28 contractual obligations?

Yes. Hardware-sealed processing inside Intel TDX directly addresses confidentiality, integrity and availability obligations. Per-request ECDSA attestation provides ICT-related incident evidence aligned with DORA Article 17 reporting. EU controller (VOLTAGE EI, France) and EU regions limit critical ICT third-party concentration risk concerns.

DORA AI Compliance TDX Attestation Live

Applicable since 17 January 2025 · ICT third-party risk in scope

DORA-compliant AI for financial entities.

ICT third-party arrangements that satisfy Articles 28-30. Operational resilience by hardware. Attested incident evidence aligned with Article 17 reporting.

DORA scope

Who is in scope.

DORA has been applicable since 17 January 2025. It covers virtually every regulated financial entity in the EU plus their ICT third-party providers. AI inference providers serving financial workflows are ICT third parties under DORA — meaning the financial entity must contractually flow through Articles 28-30 obligations to the AI vendor, including audit rights, exit strategy and incident reporting.

Credit institutions
Payment & e-money institutions
Investment firms
Insurance and reinsurance undertakings
Crypto-asset service providers (MiCA)
Central counterparties and trading venues
Credit rating agencies
Crowdfunding service providers
IORPs and securitisation repositories
ICT third-party providers serving any of the above

Articles 28-30 — ICT third-party arrangements

How TDX maps to DORA contractual obligations.

Article 30 lists the contractual provisions DORA requires from any ICT third-party arrangement. Most are organisational (location, audit, exit). Two are technical — confidentiality and integrity of data — and these are the ones most AI vendors struggle to evidence on standard infrastructure. Hardware sealing answers them with cryptographic proof per request.

Art. 28

General principles

EU controller (VOLTAGE EI, France). ICT risk management framework documented. Single point of contact for the financial entity.

Art. 29

Preliminary assessment of concentration risk

Sub-processor list limited to Targon (compute) and Chutes (TEE inference). Financial entity can substitute providers without losing TDX guarantees.

Art. 30(2)

Confidentiality of data

Intel TDX with AES-256 memory encryption, NVIDIA Protected PCIe. Operators technically incapable of reading prompts or inference outputs.

Art. 30(2)

Integrity and availability

Per-request ECDSA attestation bound to enclave measurement. Tamper-evident logs. Multi-region failover within EEA.

Art. 30(2)

Audit rights

Customer-verifiable attestation per request. Written audit reports on demand. Right of inspection via the financial entity's designated auditor.

Art. 30(3)

Exit strategy

Open-weight base models (Qwen3, DeepSeek). LoRA adapters returned encrypted with the customer's public key. No vendor lock-in on weights or data.

Operational resilience

Article 5 ICT risk + Article 17 incident reporting.

DORA Article 5 requires a robust ICT risk management framework. Article 17 mandates ICT-related incident reporting to competent authorities within tight deadlines. Per-request attestation gives your incident responders an immediate, cryptographically verifiable timeline of every AI invocation — material evidence for the major incident classification under Commission Delegated Regulation 2024/1772.

Tamper-evident audit trail

Every request signed by the enclave. Forensics get cryptographic proof of what ran, when, and on which model version.

EU-only data path

Inference path stays inside EEA. No US sub-processor can be subpoenaed under FISA 702 or CLOUD Act.

Hardware-sealed integrity

CPU-fused memory keys block tampering even by a malicious hypervisor. The threat model assumes the host is hostile.

DORA FAQ

Questions financial entities ask.

Who must comply with DORA?

Credit institutions, payment institutions, e-money institutions, investment firms, crypto-asset service providers, central counterparties, trading venues, insurance and reinsurance undertakings, insurance intermediaries, IORPs, credit rating agencies, crowdfunding service providers, securitisation repositories — and ICT third-party service providers serving any of the above. DORA has been applicable since 17 January 2025.

Is an AI inference provider an ICT third party under DORA?

Yes. AI inference services that support, enable or contribute to a financial activity are ICT services under DORA Article 3(21). The financial entity must therefore flow through DORA Article 28-30 obligations to the AI vendor, including audit rights, exit strategy and incident reporting cooperation.

Does VoltageGPU sign DORA-aligned contractual provisions?

Yes. We provide ICT third-party agreements aligned with DORA Articles 28-30. Hardware sealing through Intel TDX directly evidences confidentiality and integrity. Per-request ECDSA attestation gives the financial entity a tamper-evident audit trail. Exit strategy is supported by open-weight base models and customer-encrypted LoRA adapters.

What about concentration risk under Article 29?

Our sub-processor list is limited to Targon (compute) and Chutes (TEE inference). Both EU-aligned, both substitutable. The hardware-sealing layer means the financial entity is not locked into any one provider — TDX attestation evidence is portable across compatible operators.

Could VoltageGPU become a critical ICT third-party provider under Article 31?

If we reach the thresholds set by the European Supervisory Authorities, yes — and in that case we would be subject to direct oversight by ESAs. The technical architecture (hardware sealing, EU jurisdiction, attestation) is already aligned with the obligations Article 31 designation would impose.

Related compliance pages

EU AI Act compliance pillar

Article 12, 14, 15 and 32 obligations enforceable from 2 August 2026.

GDPR-compliant AI agents

Article 28 native DPA, Article 32 confidentiality.

NIS2 AI compliance

Essential and important entities, supply chain security.

Article 12 AI Act logging

Sample attestation log JSON, retention and API access.

Sovereign agentic AI

Vertical agents for legal, finance and regulated professionals.

Live attestation evidence