In your infrastructure. Under your control.
Autonomous AI Agents for business-critical processes -- with the goal of measurably reducing decision risks in HR and Finance. Model-agnostic, auditable, EU AI Act compliant by design. Governance by Design -- not as an add-on.
Gosign is an Enterprise AI Infrastructure & Agent Engineering Company. We develop and operate the infrastructure that makes AI Agents production-ready in enterprises: orchestration, governance, Decision Layer, and audit.
25 years of software engineering. 108 employees. Over 5,000 projects for e.g. Airbus, Volkswagen, Shell. Since 2023 focused on Enterprise AI Agent Engineering.
Most enterprises are already using AI. Very few achieve measurable results. Not because the technology doesn't work - but because nobody has defined which decisions AI may make and which must stay with humans.
Industry experience shows: For every euro invested in technology, you need four to five euros in processes, governance, and change management. Investing only in technology means investing past the problem.
The Decision Layer is the layer that makes the difference: It decomposes every business process into individual decision steps and defines for each - human, rule set, or AI. That's how an AI experiment becomes a production system.
Decision automation for document processing, posting and audit preparation. Versioned rulesets, complete audit trail, Cert-Ready by Design. The Decision Layer makes every posting decision traceable.
Finance AI Agents
Auditable AI Agents for HR decisions. Compliant with employee representation requirements. Decision Layer with Human-in-the-Loop. Payroll, Onboarding, Document Processing, Compensation & Merit, Policy & Knowledge.
HR AI Agents
LLM hosting, RAG, orchestration. Self-hosted, cloud, or hybrid. Model-agnostic, Governance by Design, Cert-Ready by Design. The platform your agents run on in production.
InfrastructureThe specialist: understands documents. A medical leave certificate arrives. The agent identifies the document type, extracts name, period, and diagnosis code, checks whether all required fields are present, and assigns the document to the correct employee. Not template matching - real language comprehension: it distinguishes a sick note from a disability certificate, even when both come from the same physician. The Decision Layer evaluates every extraction: deterministic? Rule set. Confident enough? Agent decides independently. Discretion needed? Human reviews.
Document Agents in Detail
The coordinator: steers the entire process. The medical leave certificate is understood - now what? The Workflow Agent takes over: checks the HR system whether this is the third notification in six months, verifies against the collective agreement whether the return-to-work threshold has been reached, creates a task for the HR manager in SAP SuccessFactors, notifies employee representatives, and schedules a follow-up. Five systems, three decision points, one agent coordinating the entire process - including independent routing decisions where confidence is sufficient. Every step in the audit trail.
Workflow Agents in Detail
The knowledge carrier: answers questions from enterprise knowledge. An HR manager asks: 'When does a return-to-work process need to be initiated after extended leave?' The agent doesn't just search - it interprets company policies, collective agreements, and regulatory requirements in the context of the question, delivering a specific answer with source reference, rule version, and validity date. When uncertain, it flags uncertainty explicitly. Without a verified source, the agent does not answer - no hallucination.
Knowledge Agents in Detail
Three approaches to enterprise AI -- different architectures, different consequences.
| Dimension | Gosign Agent Architecture | Microsoft Copilot | SaaS AI Agent |
|---|---|---|---|
| Decision Depth | Domain decisions with Decision Layer | Assistance and suggestions | Preconfigured workflows |
| Auditability | Complete audit trail down to SQL level | Basic logging | Platform logging |
| Source Code Access | Full source code access · Configurations remain with client · No vendor lock-in | Microsoft owns code | Platform owns code |
| Model Choice | Model-agnostic (GPT, Claude, Gemini, Llama, Mistral) | GPT (Microsoft-bound) | Platform-bound |
| Governance | Own Governance Layer, Cert-Ready Controls, Auditor Portal | Azure governance | Platform governance |
| Human-in-the-Loop | Architecturally enforced for risk decisions | Optional | Configurable |
| EU AI Act | Compliant by design -- transparency, explainability, oversight built in | Microsoft roadmap | Provider-dependent |
| Employee Oversight | Templates, logging, role concepts for employee representation bodies | No specific support | No specific support |
| Infrastructure | Client infrastructure (Azure, GCP, AWS, self-hosted, hybrid) | Microsoft Cloud | Provider cloud |
| Exit Strategy | Independent operation after 12--18 months | Platform migration | Platform migration |
This table shows architectural differences, not quality judgments. Copilot and SaaS agents have different strengths -- speed, ecosystem, simplicity. Gosign's strength is governance, ownership, and auditability in regulated environments.
Agents only scale with infrastructure. Without governance, AI stays a pilot -- with infrastructure, it becomes scalable.
Human-in-the-Loop: Every process is decomposed into decision steps. For each step: Does a human decide, does a rule set apply, or does the AI decide autonomously? Where the agent is confident enough and has permission, it decides independently -- this is not if-then-else, this is judgment within defined guardrails. Bias risk, discrimination potential, or employee oversight requirements: the architecture enforces human review. The Decision Layer enforces this routing -- technically, not organizationally.
Auditable: Every agent decision produces a complete record: input, model, assessment, confidence score, reasoning, decision path, outcome. Immutable, exportable, audit-ready.
Employee Oversight: Governance frameworks -- collective agreements, works agreements, or company policies -- as explicit constraints in the Decision Layer. Employee representation bodies can trace: what the agent does, why, and when a human intervenes. Role concepts and templates included.
Cert-Ready by Design: Controls are first-class data objects in the system. Every control has a technical implementation, an automatic evidence generator, and an evidence history. Auditors see live status in the Auditor Portal.
EU AI Act compliant by design: Transparency, explainability, and human oversight are architecturally built in -- not retrofitted.
We work alongside your internal IT, security, and compliance teams. Agents become part of your existing IT governance -- not a parallel universe.
The Decision Layer decomposes every business process into individual decision steps and defines upfront for each: Does a human decide, does a rule set apply, or does the AI decide autonomously?
Where discretion, discrimination risk, or employee representation requirements are involved, the architecture enforces human review. Where a decision is deterministic -- collective agreement terms, deadline checks, booking logic -- the agent applies the rule set consistently. And where the agent is confident enough and has permission: it decides independently. It interprets documents, classifies situations, evaluates context -- demonstrably more consistent and legally sound than manual processing. Confidence Routing controls when the agent acts autonomously and when it escalates.
Every decision is documented -- who decided what, when, on what basis, with what outcome. Auditable for external auditors, employee representation bodies, and internal compliance.
1 week
Process analysis, rule mapping, system landscape assessment, use case prioritization. Outcome: a concrete plan for your first agent.
3-4 weeks
Production PoC. One agent, one process, live in your infrastructure. Decision Layer, governance, audit trail -- from day one, not retrofitted.
Ongoing
More agents, more departments, more locations. The architecture grows with your requirements. Same governance, same infrastructure.
After 12-18 months, you operate your agents independently. Full access to source code, prompts, and configurations. No vendor lock-in - even without a maintenance contract.
“Even as a global market leader, you want to keep moving forward. It is reassuring to have the technological expertise and infrastructure experience of Gosign on our side.”
Head of Innovation, Sony Music Entertainment
“Gosign is not just about speed. It's about how much essential work happens in this time.”
Head of Customer Service & Technical Support, Libri GmbH
Practical knowledge on AI agents, AI infrastructure and enterprise integration.
Most AI projects don't fail because of technology. They fail because nobody defined the rules. Why the operating model matters more than the language model.
The EU AI Act directly affects HR processes. Risk classification, bias monitoring, human oversight – what is now mandatory and how to prepare.
Agent governance is not an IT topic. It's an HR leadership topic. What CHROs need to know before AI agents enter core HR processes.
The architecture addresses the core requirements of the EU AI Act as a design principle: transparency (Art. 13) via the Decision Layer, human oversight (Art. 14) via architecturally enforced Human-in-the-Loop routing, recording obligations (Art. 12) via the audit trail, and risk management (Art. 9) via bias monitoring and Cert-Ready Controls.
All agents run in the client's infrastructure -- cloud, self-hosted, or hybrid. For cloud deployments in EU data centers (Azure EU, GCP EU, AWS EU), DPAs and Standard Contractual Clauses apply. For complete Cloud Act independence: self-hosted in an EU data center or on your own servers. No US provider has access to business data.
The architecture is Cert-Ready by Design. Controls are implemented as technical data objects with automatic evidence generation. Framework mapping to ISO 27001, SOC 2, ISA, PS 951, IDW, GoB/GoBD. The architecture is structurally certifiable -- the actual certification is carried out by the client.
Yes. Governance frameworks -- collective agreements, works agreements, or company policies -- are mapped as explicit constraints in the Decision Layer. Human-in-the-Loop is architecturally enforced for bias risk, discrimination potential, and employee oversight matters. Complete logging, role concept, audit trail. Templates for employee representatives are part of the architecture. Built for the most demanding regulatory environment globally -- German co-determination law, EU AI Act, and GDPR -- meeting or exceeding compliance requirements in virtually any jurisdiction.
4--6 weeks to a production PoC. Discover (1 week): process analysis, understanding rule sets. Build (3--4 weeks): one agent, one process, live in your infrastructure with Decision Layer and audit trail.
Talk to us about a specific use case in your organization.
Book a Meeting