.Net: Proposal: Compliance-as-Code plugin for regulated enterprise agent governance

[vystartasv]

Problem

Semantic Kernel is Microsoft's enterprise AI orchestration framework. Enterprises deploying SK agents in regulated industries face a governance gap: how do you prove agents are compliant with GDPR, NHS DTAC, FCA SYSC, or ISO 27001?

Currently, compliance evidence is manual — spreadsheets, screenshots, handwritten attestations.

Proposed Solution

Compliance-as-Code (L7) from Works With Agents (CC BY 4.0): a Semantic Kernel plugin.

using Microsoft.SemanticKernel;
using WorksWithAgents.Compliance;

var kernel = Kernel.Builder.Build();
var compliance = kernel.ImportPlugin(
    new CompliancePlugin("gdpr-art32")
);
var result = await kernel.InvokeAsync(
    compliance["ValidateCompliance"],
    new() { ["standard"] = "gdpr-art32" }
);
// Returns signed, immutable evidence

The plugin: runs health checks, validates version consistency, generates signed audit evidence, maps results to regulatory controls.

Why Semantic Kernel: plugin architecture = trivial integration. Microsoft's regulated customers (Azure Gov, NHS) are the exact buyer. Zero core changes.

Spec: https://workswithagents.dev/specs/compliance-as-code.md
Live demo: https://workswithagents.com/tools/api-auditor.html

Would a Semantic Kernel plugin for Compliance-as-Code be welcome?