Observability tools track costs and latency. Enterprise governance platforms cost six figures and take months to implement. Nothing exists for healthtech companies that need to demonstrate AI compliance now — before August 2026, before the next procurement conversation, before the first audit.
Point your application at the Velarc proxy endpoint instead of your AI provider directly. Add structured business context as metadata — use case, business object, user. That's the integration. A Spring Boot starter SDK for zero-boilerplate configuration is coming soon.
Who initiated it, what clinical object it touched, what the AI decided. Structured business context, not just prompts and responses.
When an auditor or NHS trust asks for your AI audit trail, you have one. Export it, share it, stand behind it.
Every AI interaction logged automatically. Audit events are append-only by design — the application layer never modifies or deletes them. Database-level enforcement is on the security roadmap.
Not just prompts and responses — clinical objects, user identity, use case metadata captured with every call.
Articles 12 and 19 for high-risk AI systems — automatic event logging and minimum six-month retention. Enforceable 2 August 2026.
Export what an auditor actually needs — not a developer dashboard. Structured records of AI activity by use case, by user, for any given period. Compliance reporting is on the roadmap.
Works with OpenAI and Anthropic. Azure OpenAI — required by many NHS and UK enterprise customers for data residency — is next on the provider roadmap. Additional providers follow.
Built by an engineer with 30 years' experience in regulated industries — healthcare, finance, and energy.
Built for healthtech. Applicable to any regulated industry operating high-risk AI.
Required by NHS and UK enterprise customers who mandate Azure data residency. In active development — next provider on the roadmap.
A single Maven dependency that auto-configures the Velarc proxy client via your existing application.yml. Zero boilerplate. No manual HTTP client wiring required.
If Velarc is ever unreachable, your AI traffic continues directly to your provider — uninterrupted. The SDK captures the interaction locally and reconciles it with your audit trail automatically on recovery.
AES-256-GCM application-layer encryption for AI request and response content, with per-tenant key management via external KMS. Infrastructure and schema are already in place.
Export what an auditor actually needs — a structured record of AI activity for a given period, by use case, by user. Manual export and scheduled automated delivery are both on the roadmap.
Enforce minimum retention periods per pricing tier — six months on Starter, twelve months on Professional. Six months meets the EU AI Act Article 19 minimum. Professional's twelve-month default and Enterprise's configurable retention accommodate sectoral obligations — such as those common in healthcare — that require longer.
Run Velarc on your own infrastructure for full data residency control. Available at Enterprise tier. Designed for organisations with strict cloud infrastructure requirements.
Healthcare AI is explicitly classified as high-risk under the EU AI Act. From August 2026, operators must automatically log AI interactions with a minimum six-month retention period. Velarc is built specifically to meet these obligations — not retrofitted from a developer observability tool.
- Audit trail and trace logging
- Up to 3 use cases
- 6-month retention
- Manual export
- Email support
- Data Processing Agreement included
- Everything in Starter
- Unlimited use cases
- 12-month retention
- Scheduled compliance reports
- Priority support
- Data Processing Agreement included
- Everything in Professional
- Self-hosted deployment
- Custom retention period
- Dedicated support + SLA
- Data Processing Agreement included
Request early access
We're onboarding a small number of healthtech companies ahead of the August 2026 deadline. Get in touch to start the conversation.