Frequently asked questions

Honest answers to the questions we hear from security, compliance, legal, and IT leaders at Canadian organizations. Something not covered here? Get in touch.

A concrete example

An accountant pastes a client spreadsheet containing Social Insurance Numbers into ChatGPT to ask for a summary.

Request reaches Mandate Policy Engine before OpenAI
SIN and financial data patterns matched against policy rules
Sensitive fields redacted: sanitized request forwarded
Timestamped record written: who, what tool, what rule, what action
Doesn't using an Azure or AWS Canadian region solve the data sovereignty problem?

Not on its own. A Canadian region tells you where your data is physically stored. It doesn’t tell you which legal jurisdiction applies to the company operating that infrastructure. Those are two different properties.

The major hyperscalers are headquartered in the United States. The US CLOUD Act (2018) extends US legal process to data held by US-headquartered entities regardless of the data’s physical location. Equivalent extraterritorial provisions exist in other jurisdictions. This isn’t about whether a country’s law is good or bad. The law that applies to the vendor and the law that applies to where the data sits can be two different things, and your counsel evaluates which is which.

Mandate runs on Canadian-owned infrastructure under Canadian legal jurisdiction. The vendor jurisdiction is a knowable, named property of the product. Your privacy officer and counsel can evaluate the legal significance directly. We’re not providing legal advice; we’re documenting the property so they can.

Do you only serve Canadian organizations?

No. Mandate is a Canadian company and runs on Canadian infrastructure today, which is the cleanest fit for Canadian organizations. None of that is built into the product. The control plane, the policy engine, and the audit chain don’t depend on a country.

The architecture deploys in the region you require, and the detector catalog already ships bundles for more than one jurisdiction. Canadian PII (PIPEDA, Law 25, provincial health numbers) sits alongside US bundles like CCPA and HIPAA, and we add bundles for a new jurisdiction when a customer needs them.

If you operate outside Canada, tell us where and what governs your data, and we’ll build the deployment around it.

What does a policy enforcement decision actually look like in practice?

A concrete scenario: an HR manager opens ChatGPT and pastes a payroll export containing Social Insurance Numbers and salary bands to draft a summary for a board pack.

With Mandate routing that traffic:

  • The request reaches the Mandate Policy Engine before it reaches OpenAI.
  • The sync scan detects SIN and financial data patterns matching your configured rules.
  • Depending on your policy, Mandate either redacts the sensitive fields before forwarding the request, warns the employee and logs the event, or blocks the request with an explanation.
  • The interaction is logged: who, what tool, what policy was triggered, what action was taken, and when.
  • The employee continues working. The AI still responds, with redacted context, or if blocked, with a policy-compliant message explaining what happened.
  • Your admin sees the event in the dashboard within seconds.

When your privacy officer or auditor asks "what actually happened with AI and sensitive client data this quarter," you can answer with a timestamped, structured record instead of a recollection.

We already tell employees not to use AI with sensitive data. Isn't that enough?

A policy document sets an obligation. On its own it doesn't enforce anything or leave a record.

The practical test: if a regulator, auditor, or opposing counsel asked you today to produce a record of every time an employee sent sensitive data to an AI tool in the last 90 days, and what your organization did about it, could you? If you can't, what you have is a policy without a program behind it.

Mandate doesn't replace your AI policy. It gives your policy a mechanism and a record.

Can't we just build this ourselves?

Some organizations can. It's easy to underestimate what "this" involves: DLP rule maintenance across model provider API changes, accurate token and content logging without impacting latency, multi-tenant policy isolation, audit retention aligned to counsel-reviewed schedules, and ongoing updates as new AI tools emerge.

Mandate exists to handle exactly that job, and it's maintained as AI tools and provider APIs change. If your team's time is better spent on your core product or services, that's the practical reason to use Mandate rather than build it.

What AI tools does Mandate cover?

Any AI tool you route through Mandate: ChatGPT, Claude, Copilot, Gemini, and other AI APIs your organization uses. Coverage is directly tied to what you route through Mandate's connectors: an API gateway path for application and developer traffic, or a network forward proxy for browser-based AI tools across the organization.

Mandate enforces and logs the traffic it sees. Coverage expands as you route more traffic through it. We'll tell you clearly what a specific deployment covers and what it doesn't.

Does Mandate govern AI agents, not just people using chat tools?

Yes. An autonomous agent calling tools on its own behalf is a different governance problem than a person pasting text into ChatGPT, and Mandate treats it as one.

Each agent is a named identity resolved from a verified credential, not a key shared across a fleet. Mandate reads the specific tool calls in the request and applies your policy to them: an allowlist and a denylist per tool, and the same decision verbs your people get (allow, warn, redact, block, or escalate a call for a human to approve). Revoke an agent and its next request is refused.

Every agent action is written to the same tamper-evident audit chain as a human request, attributed to the agent that made the call. There's no separate, weaker log for machine traffic, and the decision register shows agent and human activity side by side.

Do you support MCP (Model Context Protocol)?

Yes. Agents connect through Mandate’s MCP ingress, authenticated with OAuth 2.1. You register which MCP servers a tenant’s agents may reach; a request to anything unregistered is refused.

Tool calls and tool results on that route run through the same policy engine and land on the same hash-chained audit trail as everything else: the same five decision verbs, the same record. Traffic you route through the ingress is traffic Mandate governs.

Results are evaluated on the way back too. Invisible characters are stripped, a result can be held until the policy decision lands, and sensitive spans are redacted before the agent reads them.

What does Mandate do about prompt injection?

It bounds the blast radius; it does not prevent the attack. Prompt injection comes from how a model reads instructions and data on a single path, and no traffic-layer product fixes that.

What the gateway does: outbound requests are scanned against your policy before they leave. Results and responses are evaluated on the way back in, with invisible characters stripped and sensitive spans redacted before an agent reads them, and a result can be held for a person when a rule asks for it. Every one of those decisions is written to the audit trail.

Treat Mandate as one layer in a defence-in-depth design, alongside model-side and application-side controls.

What about employees using AI on personal devices or outside our network?

Mandate doesn't govern AI traffic it doesn't see. If an employee uses a personal device on a personal network, that traffic won't route through Mandate unless your network policy is configured to cover it.

The forward proxy path covers devices and networks you control: company-managed devices, the office network, and VPN-routed traffic. The API gateway path covers application and developer traffic that uses your configured API credentials.

The sensitive-data risk you can act on first sits with AI use on managed devices during work hours. That's where Mandate's coverage is measurable and deployable in a pilot. We discuss the exact scope in the discovery conversation and put it in the written pilot criteria. If your threat model requires governing personal-device AI use, we'll tell you upfront whether the current deployment model addresses it.

Does Mandate work with Microsoft 365 Copilot?

Microsoft 365 Copilot presents a specific challenge: it's integrated deeply into M365 apps (Word, Excel, Teams, Outlook), and that traffic doesn't flow through a standard HTTPS proxy the same way browser-based ChatGPT use does.

Mandate's forward proxy path covers browser-based AI tools: ChatGPT, Claude, Gemini, and other AI accessed via browser. For M365 Copilot specifically, coverage depends on whether your Microsoft tenant traffic routes through Mandate's proxy, which varies by your M365 configuration and network architecture. For developer and API traffic (GitHub Copilot via API, Azure OpenAI Service API calls), the API gateway path covers that directly.

M365 Copilot coverage is one of the first things we ask about in the discovery conversation. If complete Copilot governance is a requirement, we'll tell you exactly what it takes to achieve it, or where the current limits are, before you commit to a pilot.

What do employees see when their request is blocked or redacted?

Redact: The request is forwarded with sensitive fields removed. The employee receives the AI provider's response based on the sanitized prompt. Depending on your policy configuration, they receive a notification that content was removed before forwarding.

Block: The request is stopped. The employee receives a configurable policy-compliant message explaining that the request was blocked and which category of content triggered the rule. They're not left with a cryptic error.

Warn: The request is forwarded and logged. The employee receives a notification that the interaction was flagged against a policy rule. The intent is a visible accountability moment without disrupting their work.

Escalate: The request is held, and the employee sees that it’s waiting on an approval. A reviewer approves or declines from the admin console; the request then proceeds or returns a policy message, and both the hold and its outcome are written to the audit record. A hold that isn’t decided in time expires and the request is refused, never silently forwarded.

Mandate's defaults are transparent with employees about what happened and why, without exposing internal rule logic. The specific notification messages are configurable. The warn outcome tells employees their AI use was flagged, which changes behaviour without the friction of blocking outright.

Do we need to replace our existing security stack?

No. Mandate handles AI traffic governance and sits alongside your existing web security, DLP, and SIEM tools. It's not a Secure Web Gateway or SASE product for all enterprise traffic. It's the enforcement and audit layer for AI-related traffic you route through it.

Mandate exports structured audit events to SIEM and webhook endpoints, so it fits into existing security operations rather than requiring them to change.

Does Mandate make us compliant with PIPEDA or provincial privacy laws?

Mandate provides technical controls that support your compliance program: policy enforcement, logging, and a verifiable audit trail. It doesn't substitute for legal advice, and we won't tell you that deploying Mandate makes you "PIPEDA compliant." Compliance is a legal determination your counsel and auditors make, not a software feature.

What Mandate does: it gives your counsel and auditors something concrete to evaluate. That's a meaningful contribution to a compliance program. It's not the program itself.

Can Mandate help us answer a data subject request under PIPEDA or Law 25?

Yes, for the records Mandate holds. Audit and usage events tied to a subject can be pulled into a signed access pack your privacy officer hands over, verifiable offline the same way as any Mandate export.

Deletion works the same way: subject-scoped records are removed, and the deletion itself leaves a verifiable trace, so the audit chain stays intact and you can show the erasure happened.

The request process, identity verification, and the legal determination stay with your privacy program. Mandate supplies the records and the proof.

Is Mandate relevant if we're facing a CPAB inspection, OSFI review, PHIPA audit, or Law Society requirement?

Each of those bodies has published AI expectations. CPAB set out how it expects audit firms to manage AI-enabled tools (September 2024). OSFI’s Guideline E-23 brings AI and machine-learning models under model-risk governance from May 2027, alongside the 2024 OSFI-FCAC report on AI risk. The Law Society of Ontario issued a white paper on licensee use of generative AI (April 2024), and Ontario’s privacy commissioner published PHIPA-grounded AI guidance for the health sector (January 2026). The common thread is demonstrable control: evidence that the policy was enforced, and that you know what happened.

Mandate produces the structured, timestamped audit trail that answers those questions directly: which AI tools were used, by whom, on what data categories, what policy rules triggered, what action was taken, and when. The records are hash-chained and verifiable as unaltered after the fact.

We don’t certify regulatory compliance, and we won’t tell you Mandate satisfies any specific obligation. Your counsel and auditors make that call. Mandate gives them something real to work from.

How does Mandate map to the major AI-risk frameworks?

We map our coverage to the MIT AI Risk Repository, a neutral 24-risk taxonomy used in independent research. We use an outside yardstick on purpose: it shows where Mandate reaches and where it does not.

Mandate is strongest on the data-centric risks you can control at the point of use. Loss of privacy is the direct fit: the detector catalog finds personal, financial, and Canadian-identifier data in a prompt and warns, redacts, or blocks it before it reaches an AI tool. Mandate contributes a secondary control on several others, including credential and secret leakage, the transparency and tamper-evident audit record behind governance and accountability, and a usage record relevant to overreliance and fraud exposure.

It does not cover the risks that sit upstream of how your organization uses AI. Dangerous capabilities, weapons, misalignment, competitive dynamics, and the concentration of AI power are proximate to the model itself or to markets and policy. Those stay with model developers, governments, and your own data-science and risk functions. Mandate is one control layer, not the whole program.

An independent expert panel (Saeri et al., 2026) judged information, finance, and national security the sectors most exposed to AI risk, and found the monitoring and audit instruments that would close the gap are still nascent or absent. That is the layer Mandate produces. Our note on the study has the detail.

Industry research points the same way from the demand side. NTT DATA's 2026 Global AI Report, a survey of 2,567 senior decision-makers, found data sovereignty is the single biggest governance concern for AI leaders, and that the question has moved to proving AI was used safely every time. Our note on the report maps what Mandate covers and what it leaves to the rest of an AI program.

Our cyber insurer is asking about AI governance controls. Does Mandate help?

Yes. This comes up in underwriting now. Coalition, one of the largest cyber insurers, added an Affirmative AI Endorsement to its US surplus and Canadian cyber policies, expanding what counts as a covered security failure to include an AI security event.

Mandate produces the evidence that kind of underwriting asks about: proof that AI use on the traffic you route through Mandate is monitored and governed, a structured timestamped audit record of AI interactions, documentation of policy rules enforced during the coverage period, and data residency evidence.

Ask your broker what they need. We provide the technical documentation for their coverage evaluation and a plain statement of what Mandate covers and doesn’t.

How do I make the business case for Mandate to my CFO or board?

The business case starts with three numbers from external sources your board can verify:

  • $144M/year: what AI irregularities cost large Canadian enterprises in aggregate (IBM Institute for Business Value, May 2026), and half of those losses are governance failures, not technology failures.
  • ~$6.32M: average cost of a Canadian data breach (IBM Cost of a Data Breach Report, 2024).
  • 18%: the share of Canadian organizations that currently have AI governance systems in place.

The internal framing that works: Mandate is the evidence that demonstrates the organization took reasonable steps to govern AI use. That evidence has direct value in a regulatory or audit inquiry, a client vendor questionnaire, or a board risk presentation. The question for your CFO is what one AI-related incident costs, and what it takes to demonstrate governance before it happens.

We can provide a one-page summary of the IBM study data and Mandate's position for internal use. Ask when you contact us.

What happens to AI traffic if Mandate is unavailable? Does everything stop?

Mandate is configured fail-closed by default: if the Mandate Policy Engine is unreachable, AI requests are blocked rather than forwarded without governance. This is the conservative posture. It prevents ungoverned traffic from reaching AI providers during an outage.

Fail-open configuration is available for organizations that require uninterrupted AI access and accept the risk that requests proceed ungoverned if Mandate is down. It's a deliberate choice with a documented trade-off.

We discuss fail behaviour at pilot kickoff and document the chosen posture in the written success criteria before day one. There's no ambiguity about what happens during an outage.

What does Mandate actually see in each AI request?

API gateway path: Mandate receives the full API request body, including the prompt text and the provider response. This is necessary to evaluate policy rules against request content.

Forward proxy path: Mandate decrypts HTTPS traffic (TLS inspection required) to evaluate request content before forwarding to the AI provider. Your organization installs Mandate's CA certificate once at the network level; no changes to employee browsers or applications.

What is written to the audit record by default: request metadata (user identity, tool, timestamp, correlation ID), the policy decision, the triggered rule identifier, and the redacted field identifiers (the pattern type that matched, not the matched content itself). Raw prompt bodies are not stored by default.

Full prompt body capture is opt-in per tenant, governed by a separately configured retention schedule, and off by default for all tenants. We discuss your data minimization requirements at kickoff.

How do audit events get into our SIEM?

Mandate exports structured audit events in JSON format. Each event includes: tenant ID, correlation ID, user, tool, timestamp, policy decision, triggered rule, action taken, redacted field identifiers, and the hash chain link. The format is importable by any SIEM or SOAR platform that accepts structured JSON.

Webhook delivery is available for targets that accept a signed JSON payload. Microsoft Sentinel and Splunk are the integration targets we cover in the pilot; other targets follow the same webhook format. If a native connector for your specific platform isn't yet available, we'll tell you up front rather than have you discover it mid-pilot.

Can Mandate run in our private network or on-premises?

Mandate runs as a hosted SaaS on Canadian-owned infrastructure. On-premises and private-network deployment are not offered.

If your organization requires AI traffic to never leave your own infrastructure, a Mandate deployment isn't currently possible. We'll say that clearly in the first conversation rather than partway through a pilot. On-premises deployment is a future product consideration; we won't commit to a timeline we can't hold.

The current architecture runs on Canadian-owned infrastructure under Canadian legal jurisdiction, which addresses the sovereignty concern Canadian organizations face. If your requirement is specifically about on-premises deployment for reasons beyond sovereignty (network isolation, air-gapped environments), that's an important conversation to have at the start.

You're an early-stage company. What happens to our audit records if Mandate shuts down?

Your audit records are your data. At any point during your subscription, you can export your complete audit log in structured JSON format. That export is yours to retain and submit to auditors or regulators without Mandate's involvement. The records are hash-chained and can be verified as unaltered without requiring Mandate to vouch for them. You can rehearse that verification today: the verify page has sample evidence packs and the offline verifier.

When your subscription ends, for any reason including Mandate shutting down, your records are available for export for 30 days. After that window, they're deleted from our systems. We don't retain your data beyond the off-boarding period.

So if you run a 30-day pilot and export at the end, those records are yours regardless of what happens to Mandate.

We're a young company, so the honest answer is to run the pilot, evaluate the record quality and governance value, and judge the vendor risk yourself. We'd rather you ask now than after signing.

How do we get started?

The first step is a short conversation to understand your environment, what connectors make sense for your setup, and what success would look like for a pilot. Learn how the 30-day pilot works, or get in touch directly.

Mention your industry type and the AI tools your team currently uses. It helps us make the first call productive rather than spending the first 15 minutes on context.

Question not answered here?
Ask directly.

We respond to every technical and commercial enquiry. If your question is about a specific deployment scenario, your regulatory context, or something not covered above, email or call.

contact@mandateco.ca  ·  1-905-630-1908