Firms are wiring their institutional knowledge, the compounded judgment of everyone who works there, into AI systems. That memory layer is becoming the real asset, and the foundation under it decides whether the loop can be trusted, audited, and taken back. This brief maps the problem, the vendor and do-it-yourself landscape, the regulation now landing in the EU, India, and Australia, and where remember and SLF fit.
The core primitive is one function: render(substrate, lens, frame) → receipt. Ask the memory a question through a lens, and it returns the disclosed view together with a signed receipt of exactly what was shown, to whom, and under which rules. The receipt is the first-class output.
Institutional memory - the learning loop a firm builds on top of AI - is becoming the durable asset, and the industry's largest names said so in a single month. What none of them answered: whether the company gets to keep it. The one question for any vendor, Lexenne included: what can I take with me if I leave?
Most of what ships answers "what is similar?" A brain you can run a business on answers "what is true, right now, that I am allowed to see, and where did it come from?"
remember + SLF are governed memory built to that bar: a signed receipt for every disclosure, access rules that travel with each fact, portable by construction - running today, honest edges labeled, arriving regulation covered as a byproduct. Section 08 is a field kit: five questions to run with your existing customers this week. andrew@lexenne.com
For a year the field has raced on one axis: how accurately can a system recall the right fact at the right time. That race leaves out the part that decides whether a company brain can be trusted with anything that matters: who is allowed to see a fact, where it came from, and whether it is still true.
A company brain compounds. Every decision and correction that lands in it makes the next answer better, and the more of the firm's judgment lives there, the more that layer decides what the business can prove and how easily it could walk out the door inside someone else's platform. Most of what ships today is strong on recall and thin on exactly that: whether a fact is current, whether the asker was allowed to see it, and where it came from. Tolerable in a demo. A liability the moment the memory drives real work under a regulator's gaze.
In the space of a month, the largest names in the industry converged on one point. The model is becoming a commodity. The durable asset is the learning loop a company builds on top of it: its institutional memory, its private evals, the accumulated judgment that gets a little better every time it is used. Agreeing that the loop matters is a different thing from letting a company keep it.
None of them answers the question that decides who benefits: can a company walk out with the loop it built and stand it up somewhere else? Across Microsoft's post, announcement, and product page, the word "leave" never appears. Palantir's fifteen steps are more thorough and no more forthcoming: every one executes on its own control layer, including the step arguing institutional knowhow must sit outside the model. It never asks that same question of the layer underneath it. Declining to train on your data is a promise about the vendor's behavior, one you are asked to trust. Walking out with your loop is a property of your architecture, one you can check. Model choice is the easy half. The substrate the loop lives in, the memory and evals and judgment, is where the lock now sits. Microsoft opened the model layer and left the memory layer proprietary. The lock moved down the stack, and it works the same way one level lower, for the individual whose judgment feeds the firm's loop.
The $2.5B settles that the loop is the asset worth owning. What it leaves open is who owns it. The question to put to any AI or data vendor, Microsoft included and Lexenne included: what can I take with me if I leave? A loop you cannot carry out is one you rent, and the rent compounds with the value.
Enterprises already negotiate data rights: retention, confidentiality, access controls, training opt-outs. Those contracts say nothing about the derived judgment underneath, the evals, corrections, overrides, and decision patterns a vendor learns from watching your experts work. Once a vendor understands the job logic, it can reconstruct it without ever touching your data again. Protecting data while surrendering learning is the default outcome of a standard enterprise AI contract today.
Your data rights are in the contract. Who holds your learning rights?
Framing credit: Jaya Gupta, “AI’s Value Capture problem,” X, 8 Jul 2026.
The gap between a weekend chatbot over your documents and a company brain you can run a business on is wider than a demo shows. The demo hides the parts that only fail in production.
The common build is retrieval-augmented generation (RAG): embed documents, fetch the passages most similar to a question, let the model answer. It breaks in predictable ways. The store keeps serving facts that are no longer true. A vector database does not inherit the permissions of the systems it ingested, so a well-phrased question surfaces a document the asker was never meant to see. And similarity is not correctness, so when no good match exists it returns the nearest thing and the model answers anyway. The hand-rolled version, a fleet of agents over Markdown files, hits the same wall from the other side: concurrent writers corrupt the file, an unbounded file blows the context window, and there is no permission model or provenance at all.
The funded tier is racing to fix this: Sentra and Glean, and a memory-infrastructure layer beneath them (Mem0, Zep, Cognee, Letta). What separates a real brain from a toy is five capabilities, and the field is still weak on the hardest one.
| The capability | What the toy or DIY does | What a real brain does |
|---|---|---|
| Permission inheritance | Vector store ignores source-system access control; a good question leaks across tenants. | Memory enforces the source system's permissions at read time. |
| Provenance | Returns a similar passage with no citable chain back to evidence. | Every fact links to its source and the moment it entered. |
| Conflict resolution | Serves whichever contradictory fact scored higher on similarity. | Decides which of two contradictory facts holds, and can reason across the disagreement. |
| Temporal validity | Serves stale facts confidently; deletes history. | Records when a fact was true and when it stopped; invalidates rather than deletes. |
| Multi-consumer | Single reader; Markdown corrupts under concurrent writers. | Write once, read by many: people in natural language, agents via API, on the same graph. |
Conflict resolution is the tell. On a public benchmark of agent memory (MemoryAgentBench, arXiv:2507.05257), the best systems reach at most 6% accuracy on multi-hop fact consolidation, the case where the right answer depends on correctly superseding an old one. Similarity search cannot do it, which is the clearest sign this market is still early.
Those five make a brain safe to use. There is a sixth the landscape barely mentions, and it decides whether adopting one deepens the lock-in or breaks it: portability by construction - the memory, its gates, and its receipts export in an open format, so the company can audit it line by line and, if it chooses, leave. Regulation is pushing on all six at once.
The three regions where many of these customers operate are moving the same way at different speeds. The hard AI-specific mandates are being paced, but the substance is arriving anyway: transparency rules, event logging, human oversight, and data-subject rights, with a data-sovereignty current under all three.
The AI Act is in force and phasing in: the mid-2026 "Digital Omnibus" moved the high-risk duties (Article 12 automatic event logging, Article 26 human oversight) to 2 December 2027, while GDPR Article 22 already constrains solely-automated decisions and the EUDI Wallet arrives 6 December 2026.
The DPDP Act's Rules are operative and its substantive duties bind from around 14 May 2027: itemised consent, data-principal rights, 72-hour breach reports, and, for significant data fiduciaries, annual impact assessment and "algorithmic due diligence" on the software that touches personal data.
Mandatory AI guardrails were set aside in favour of existing law, but from 10 December 2026 an organisation must disclose in its privacy policy where a computer program makes decisions that significantly affect a person.
Read across the three regimes, the same obligations recur, on a runway that runs to the end of 2027.
| When | Region | What lands | What it asks of AI over your data |
|---|---|---|---|
| In force | Australia | Statutory tort for serious invasions of privacy (Jun 2025) | Direct liability for serious privacy invasions |
| In force | EU | GPAI model obligations (Aug 2025); GDPR Article 22 | Technical documentation and a training-data summary; a human path around solely-automated decisions |
| Now | India | DPDP Rules published (Nov 2025); Board forming | Stand up consent, rights-handling, and breach processes before 2027 |
| ~Nov 2026 | India | Consent-manager registration opens | Route consent through registered, interoperable managers |
| 6 Dec 2026 | EU | EUDI Wallet offered by member states | An individual-held identity and credential rail to interoperate with |
| 10 Dec 2026 | Australia | Automated-decision transparency (Privacy Act) | Disclose in the privacy policy where AI drives significant decisions |
| 14 May 2027 | India | DPDP substantive duties bind | Itemised consent, data-principal rights, 72-hour breach reports, impact assessment and audit for significant fiduciaries, cross-border limits |
| 2 Dec 2027 | EU | AI Act high-risk duties (Articles 12 and 26) | Automatic event logs, human oversight, and log retention of at least six months |
The direction is common to all three: logging and auditability as a baseline, human oversight, data-subject rights, transparency about automated decisions, and a steady data-sovereignty pressure underneath (the EU Data Boundary and CLOUD Act debate, India's localisation, Australia's hosting certification).
SLF (Substrate, Lens, Frame) is an open protocol for governed memory, and remember is the product on top of it. It starts from a harder bar than the enterprise one: a person should be able to hold a lifetime of their own data and grant access on their own terms. Meet that and the enterprise bar comes free, because the properties are the same. It answers directly what the announcements leave open: a loop you can lift whole, in an open format, with receipts that prove where each answer came from.
render(substrate, lens, frame) → receipt
The same engine serves a support agent, a clinician opening a chart, or a deal review: different frames and consumers over one governed substrate. Auditability comes out of normal operation, one receipt at a time.
Per-fact gates, provenance, and conflict-as-signal are part of the primitive itself, enforced in the same engine that does the retrieval.
What was shown, to whom, under which rule, signed. This is what logging and traceability obligations ask for, produced by default.
SLF is Apache-2.0 with a reference implementation and a conformance suite. It composes with OAuth, MCP, and the EU wallet stack instead of replacing them, so there is a documented way in and a documented way out.
The conformance profile and vocabulary are still being shaped. A partner adopting now helps set them, rather than adapting to a frozen vendor API.
remember is the reference implementation of the substrate. It runs embedded, as a shared server, or as a Bridge: an API over an existing data fabric with no data movement. The Bridge is the residency answer, governance and receipts applied in place, over data that never leaves the customer's jurisdiction or control.
Two clocks are running. The regulation is arriving on a schedule, and the standards it will lean on (digital-identity wallets, authorization grants, AI-Act conformity) are being written now. Systems adopted in this window shape what "compliant memory" comes to mean.
The closed path pours the firm's compounded judgment into a platform it cannot fully audit or cleanly leave. The open path treats memory as infrastructure: a protocol with a reference implementation you can read, run on your own fabric, and export from. Adopt it early, while the conformance profile and vocabulary are still forming, and you help decide them.
This fits a partner building software for customers whose data lives in the EU, India, or Australia, where residency and auditability are turning from preferences into procurement requirements. The differentiator, governance, provenance, and the ability to run in place, is what those buyers now ask for.
None of this depends on the parts still in build. The governed substrate, lens-scoped retrieval, and signed receipts run today, enough to prototype against real data and find the sharp edges early. The question for a first working session: which customer and use case would put the most instructive pressure on a governed memory layer first?
Demand for governed memory is easy to test: it surfaces as stalled projects and unanswerable audit questions. Run these five on any existing customer. Two or more uncomfortable answers is a qualified conversation.
Then bring us the most instructive yes: andrew@lexenne.com. Protocol and product detail: lexenne.com/slf · lexenne.com/remember.
Figures and dates below are point-in-time snapshots from mid-2026 and should be confirmed against the primary source before quoting externally. Critiques are attributed as critiques, not established fact.
Company brains Sentra.app / Dynamis Labs - sentra.app; funding via SiliconANGLE, Jan 2026.
Company brains Glean revenue - TechCrunch, May 2026 (part of the ~$300M figure is a consumption run-rate).
Memory infra Mem0 GitHub; Zep/Graphiti Graphiti and TKG paper; Letta Context Repositories.
Why RAG toys fail DigitalOcean, "Why RAG systems fail in production".
Conflict benchmark MemoryAgentBench, Hu, Wang & McAuley - arXiv:2507.05257 ("at most 6% accuracy" on multi-hop consolidation).
Microsoft Frontier Company Judson Althoff, announcement blog (2 Jul 2026); product page; Nadella's Frontier Co post.
The learning-loop framing Satya Nadella, "the future of the firm," 14 Jun 2026.
Palantir "Our thoughts on the importance of AI sovereignty," 30 Jun 2026 (cited as a market signal, not an endorsement).
Palantir "Institutional Sovereignty in the Age of AI," a 15-step playbook, 7 Jul 2026 (copy on file; cited as convergence evidence - its own control layer goes unexamined by its own test).
Google OKF Open Knowledge Format, an open spec for organizational knowledge at rest, GoogleCloudPlatform/knowledge-catalog (Jun 2026).
The leave-test Lexenne's published responses: the Nadella response and the Frontier Company response.
Data rights vs. learning rights Jaya Gupta, "AI's Value Capture problem," X, 8 Jul 2026 (cited for the framing; formulation credited, not a Lexenne original).
EU regulation AI Act, Regulation (EU) 2024/1689, EUR-Lex; Article 12 and 26 duties, artificialintelligenceact.eu; Digital Omnibus deferral to Dec 2027, Gibson Dunn.
EU regulation EUDI Wallet, Regulation (EU) 2024/1183, and the Data Act, European Commission.
India regulation DPDP Rules 2025 Gazette, dpdpa.com; India AI Governance Guidelines (Nov 2025), PIB.
Australia regulation Automated-decision transparency, commences 10 Dec 2026, OAIC; Voluntary AI Safety Standard, industry.gov.au.