Document Agents
Understand documents through real language comprehension. Recognition of type, content, and context – not template matching. Every extraction verified through the Decision Layer.
Document Agents in detailOn your infrastructure. Under your control.
Brazil is not “one Latin American market among many”. With over 215 million inhabitants, the ninth-largest economy in the world, and a regulatory frame (LGPD, BACEN Resolucao 4893, PL 2338/2023) that stands on its own next to EU law, Brazil is its own compliance universe. Gosign therefore runs an office in Sao Paulo that operationally covers not just the SP metropolitan area but the entire Brazilian market - from Petrobras in Rio to Caixa in Brasilia to Vale in Minas Gerais to Volvo in Curitiba. That is the precondition for making international Enterprise AI standards (Audit Trail, Cert-Ready by Design, Decision Layer with Human-in-the-Loop) work in a market that is related to the EU AI Act but not identical to it.
LGPD (Lei Geral de Protecao de Dados) is Brazil’s answer to GDPR, not its translation: it has its own legal bases, its own DPO requirements, its own sanctions, and its own supervisory authority in the ANPD (Autoridade Nacional de Protecao de Dados), headquartered in Brasilia. Anyone expanding from Europe into Brazil cannot treat LGPD as a “GDPR variant” - the interpretation of Article 7 (legal bases) and Article 11 (sensitive data) diverges materially in practice. AI architectures must be able to meet LGPD and GDPR in parallel, not in the alternative.
BACEN Resolucao 4893 is Brazil’s answer in the DORA space: cyber resilience requirements for regulated financial institutions (Itau, Bradesco, Santander Brasil, Banco do Brasil, Caixa, Nubank, Stone, XP) are developed independently of EU law. Any algorithmic component in credit decisioning, fraud scoring, AML/KYC or capital-markets operations must be BACEN-audit-ready - with reporting duties that differ from European DORA implementations.
PL 2338/2023 is the Brazilian AI bill in preparation: it is inspired by the EU AI Act but not identical - not yet in force in 2026 but expected within the next 18-24 months. Risk classes, human oversight obligations and explainability standards are similar but carry their own Brazilian accents (particularly in the relationship with Sindicatos and CREs on work-related systems). The EU AI Act does not apply directly in Brazil. Cert-Ready by Design in Brazil means: architect the system so that LGPD today, PL 2338 from 2027 and the EU AI Act for DACH operations can be served at the same time.
Banking and fintech: KYC/AML at Itau, Bradesco, Santander Brasil and Banco do Brasil - Document Agents parse CPF/CNPJ records, cross-check them with Coaf sanctions lists, and the Decision Layer escalates high-risk hits with a complete Audit Trail. The same pattern at Nubank, Stone, PagSeguro and XP Inc., with fraud detection and BACEN reporting in real time.
Mining and energy: Vale dam safety in Minas Gerais and Petrobras asset documentation in Rio - Workflow Agents watch sensor data, inspection reports and external risk indicators. The Decision Layer escalates critical risk patterns with Human-in-the-Loop, and the Audit Trail is defensible before ANM, MPF, ANP and ANEEL.
Industry and automotive: Volvo, Renault, VW and Klabin in Curitiba - Document Agents for supply chain, Mercosul compliance and ESG reporting; Workflow Agents for quality control and maintenance planning. Cert-Ready for GDPR audits in European parent groups.
Public sector: Caixa credit review and ANPD policy analysis in Brasilia - Document Agents for social-benefit applications, Workflow Agents for regulatory monitoring. Audit Trail to TCU standards, with a rationale file for every algorithmic recommendation. Public-sector projects in Brazil run under dedicated procurement frameworks and dedicated data-protection standards for citizen data - meeting those frames is a condition for every contract renewal.
Our Sao Paulo office is the operational hub for Brazil - with local project managers who run discovery workshops on site, attend compliance reviews with the DPO and legal team, and accompany Sindicato consultations. From SP, Rio (1 h flight), Belo Horizonte (1 h), Curitiba (1 h), Brasilia (1.5 h) and Porto Alegre (1.5 h) are all reachable within the same day - on-site meetings within 24 hours. The technical build phase is distributed across Hamburg and Sao Paulo, with joint stand-ups in the SP morning. After go-live, the SP office is your operational contact with a Portuguese-language escalation hotline. For Brazilian clients with European operations (for example Natura into the EU, JBS into the EU), this is the only constellation that covers LGPD and GDPR compliance under one roof.
What makes this constellation attractive for German and European mid-market and large corporates: an organisation expanding from DACH into Brazil has a counterpart that covers both worlds operationally - the German corporate parent keeps speaking to the Hamburg team, the Brazilian subsidiary to the Sao Paulo team. Discovery and compliance workshops happen in both languages. An architecture built in Sao Paulo can be taken productive in Lisbon, Madrid or Berlin with minimal adjustment, because the Audit, Decision Layer and Cert-Ready by Design components already serve both regulatory worlds.
Brazil is the only Latin American market where banking compliance, industrial operations, public sector and consumer-goods supply chains converge within a single regulatory frame. Building productive agents here for KYC, ESG reporting or dam safety yields a blueprint for Mexico, Argentina, Chile, Colombia and Peru. The SP office positions Gosign as a European provider with real LATAM presence - a combination few competitors in the DACH arena can offer. Gosign’s Governance by Design architecture ensures that an agent built in Brazil passes European GDPR and EU AI Act audits as cleanly as it passes BACEN, ANPD or TCU. More in our contact section or in the city overviews for Sao Paulo, Rio and Brasilia.
Not because of technology – but because of missing governance. Without clear rules defining who makes which decision, every AI agent stays a pilot project.
That is why we build every agent exclusively with a Decision Layer. It breaks down every business process into individual decision steps and defines for each step: human, rule engine, or AI. No agent goes into production without this layer.
Understand documents through real language comprehension. Recognition of type, content, and context – not template matching. Every extraction verified through the Decision Layer.
Document Agents in detailSteer business processes across multiple systems and decision points. One agent, complete orchestration. Every step in the audit trail.
HR AI AgentsAnswer questions from enterprise knowledge – with source reference, rule version, and validity date. No verified source, no answer.
Knowledge Agents in detailAuditable. Compliant. Enterprise-grade.
Human-in-the-Loop architecturally enforced – not optional
Complete audit trail for every agent decision
GDPR compliant by design – all data on your infrastructure
Works council compatible – agreements as constraints in the Decision Layer
EU AI Act compliant by design – transparency, explainability, human oversight
Model-agnostic – no vendor lock-in, you own the source code
1 week
Process analysis, understand rule sets, prioritise use cases.
3–4 weeks
Productive PoC. One agent, one process, live on your infrastructure.
Continuous
More agents, more processes. Same governance, same auditability.
After 12–18 months, you operate your agents independently. Source code, prompts, and rule sets are yours.
Analysis and insights on enterprise AI, governance, and agent architecture.
Most AI projects fail not because of technology but because nobody defined the rules. Why the operating model matters more than the language model.
The EU AI Act directly affects HR processes. Risk classification, bias monitoring, human oversight - what is now mandatory and how to prepare.
Agent governance is not an IT topic. It's an HR leadership topic. What CHROs need to know before AI agents enter core HR processes.
“Even as a global market leader, you want to keep moving forward. It is reassuring to have the technological expertise and infrastructure experience of Gosign on our side.”
Head of Innovation, Sony Music Entertainment
“Gosign is not just about speed. It's about how much essential work happens in this time.”
Head of Customer Service & Technical Support, Libri GmbH
Office in Sao Paulo (gosign.pt). We manage projects across Brazil - Rio de Janeiro, Brasilia, Belo Horizonte, Curitiba, and other cities.
LGPD-compliant by design. All data remains on your infrastructure. No data transfer to third parties.
Yes. Configurable for CLT, collective bargaining agreements (CCT/ACT). Interaction with worker representatives (unions) is integrated into the Decision Layer.
4-6 weeks. Discovery: 1 week. Build: 3-4 weeks. On your infrastructure.
Talk to us about a specific use case in your organisation.
Schedule a consultation