What control model lets you move that fast?
Queryable Decision Traces, logged approvals, and a second signer on regulated workflows
What does the control model look like that lets you move that fast? We have heard a version of that question in every regulated conversation since the first one.
It is the right question. A buyer who has lived through deployments measured in quarters knows what speed usually costs. When a vendor moves in weeks, the buyer goes looking for the control that got skipped, and a vendor who cannot describe the control model in plain language never finishes answering.
The model has three parts. A second signer on regulated workflows. A queryable Decision Trace on every action. A log of every human approval, edit, and decline. Each part exists so that someone outside the room, an internal auditor next quarter or a regulator two years out, can reconstruct what the system did and why without taking anyone's word for it.
The second signer
Start with the part buyers have not heard from an AI vendor before. Regulated workflows do not execute on one approval. When a proposed workflow touches a regulated category, the system requires a second signer before anything runs. The first approver owns the decision. The second confirms it. Until both have signed, the workflow stays a draft, and nothing moves in any downstream system.
The Nodes loop already puts a human on every workflow. Agents read across the Systems of Record, draft a cross-system workflow, attach the cost of action and the cost of inaction, and surface it for a person to approve, edit, or decline. The second signer is the layer above that, reserved for the workflows where a single judgment should not be enough.
Which categories require it is set with the customer during deployment, in the customer's own terms. A carrier draws the line where its compliance obligations sit: decisions subject to adverse-impact monitoring, anything a regulator has audited before and will audit again. The system enforces whatever line the customer draws. It does not get to argue with the line.
A second signature costs time, and the design accepts the cost on purpose. The asymmetry is the reason. On most workflows, the price of a wrong approval is a bad week. On a regulated workflow, the price is a finding and a consent decree. Friction belongs where the downside is asymmetric, and nowhere else. Buyers notice the placement, because they have all seen the opposite: vendors who advertise zero friction everywhere, which tells you the vendor has not thought about where the downside lives.
Internal audit has a name for this control: dual authorization. Banks have run payments on it for decades, two people on any action that carries regulatory weight. That is why the second signer is the detail that travels after a meeting. A CFO forwards it to internal audit because it maps onto a control the audit team already tests every year. No translation needed, no new framework to learn. The AI system slots into a control vocabulary the enterprise was using before software existed.
A trace an auditor can query
Every action in the system ships with a signed Decision Trace, and the trace is queryable: what happened, where, why, what the reasoning was, and what input any human gave. The glossary entry holds the full definition. What matters here is the function those fields serve.
An audit is a list of questions. What did the model weigh for this candidate? Did a human review the recommendation? What changed between the draft and the approval? The fields of a trace answer an auditor's questions in the order an auditor asks them. The answer arrives with its evidence attached.
The same artifact holds a second job. Why AI co-pilots fail without decision traces covers traces as training signal, the labeled judgment that teaches a system how an enterprise's best people decide. Governance runs the same record in the other direction. Training reads traces forward to improve the next decision. An audit reads them backward to defend the last one. One artifact, two directions, and neither works if the trace is reconstructed after the fact instead of signed at decision time.
The approval log
Human input gets the same permanence as the model's reasoning. When a reviewer approves a workflow as drafted, the approval is logged. When she edits the workflow before signing, the edit is logged with the change she made. When she declines, the decline is logged with her reason. A year later, an auditor can pull the record and see what the system proposed and what people did with the proposal, on any decision, at any depth.
The declines are the part worth pausing on. A system that logged only approvals would be producing a highlight reel. A record that includes edits and declines proves the human gate is load-bearing: people are reading the proposals, disagreeing with some of them, and the system is preserving the disagreement. An approval log where nobody ever declines anything would itself be a finding.
Run the year-later scenario the way an auditor would. Pick any hire from last spring. The record shows the workflow the system drafted, the ROI it attached, the reviewer who approved it, the edit she made before signing, the second signature, and the timestamps on all of it. Nobody has to remember the meeting. Nobody has to find the thread. The institution's answer to "why did we do this" stops depending on who still works there.
Speed was never the black box
The black-box fear gets attached to speed, and the attachment is backwards. A slow deployment can end in a black box all the same, if the system it installs produces scores with no queryable reasoning behind them. A deployment measured in weeks, with a signed trace on every action, is the most inspectable system in the building. Visibility was never a function of pace.
Once a buyer has watched one trace get pulled and walked through, the speed question changes shape, from whether the controls exist to how the deployment got fast. That second question has its own answer, covered in Why a 34-day deployment reads as a red flag. It is the integration half of this one.
There is a quieter reason the record matters, and it concerns who has to defend the purchase. A leader who signs for a system they cannot personally evaluate is exposed in front of the business, and that exposure rarely gets said out loud. A control model built from records changes their position, because a leader who cannot audit model weights can absolutely audit a log. These are mechanisms a non-engineer can walk a board through.
What we hold
Compliance posture, stated plainly: Nodes holds SOC 2 Type I and SOC 2 Type II. That is the complete list. Buyers ask about other frameworks in most regulated conversations, and each one gets a direct answer about where it stands rather than a wall of badges. The straight answer costs a little in the meeting and earns it back in diligence, where every claim gets re-checked anyway.
The reason to state it that way is that certifications and control models do different work, and buyers who run governance reviews for a living know the difference. A SOC 2 report attests that the company's controls operated correctly over an audit window. It is periodic, and it covers the vendor. The trace is continuous, and it covers each decision. A serious review wants both. The one that answers the question in the room, what happened with this candidate, this workflow, is the record.
The posture also matches how these purchases now get reviewed. Large enterprises route AI adoption through standing review bodies, councils that meet on a cadence and judge every AI purchase against the same rubric. We have written for that path from the beginning, because the rubric asks the questions this control model answers: who approves an action and what record it leaves, with a second signer on the high-stakes ones. A vendor that arrives with those answers in writing shortens its own review.
The production record
None of this is a design document waiting for its first deployment. At a Fortune 500 insurance carrier, the system runs in production against four years of data covering 10,765 agents, and it has scored 850,000+ applicants, each score carrying a signed Decision Trace. The methodology behind that record, including the adversarial review protocol and the decision-trace logging, is published on arXiv: Decision Traces. The paper documents how the records get made. The carrier's environment is where they get queried.
Whatever words the question arrives in, it is a request to be shown. Reassurance does not survive a governance review. A record does. Speed is what gets noticed in the first meeting. The control model is what gets the second one.
Saad Bin Shafiq is the founder of Nodes. Anchor pilot: Fortune 500 insurance carrier, four years of production data, 10,765 agents. Methodology: Decision Traces.