Frequently Asked Questions

Why can't I activate a workspace or generate a report yet?

Govula enforces governance correctness through deterministic pre-flight validation. Before a workspace can be activated or an authoritative report generated, the platform verifies that minimum governance conditions are satisfied — including framework applicability, control mapping, and ownership assignment. These checks exist to prevent the creation or publication of incomplete, misleading, or non-defensible compliance artefacts. They do not introduce interpretation, scoring, or automated judgement. If a pre-flight validation fails, no existing artefacts are altered. The system provides explicit remediation guidance, and governance authority remains unchanged until requirements are met.

Can governance guardrails block urgent work or overwrite data?

Governance guardrails are protective integrity mechanisms. If a pre-flight validation fails, no existing artefacts are altered. The system provides explicit remediation guidance, and governance authority remains unchanged until requirements are met. Guardrails never alter, overwrite, or delete existing data. They do not remove permissions or change roles. Once all prerequisites are satisfied, the blocked action becomes available immediately. These checks exist to prevent the creation or publication of incomplete, misleading, or non-defensible compliance artefacts — they do not introduce interpretation, scoring, or automated judgement.

Does the platform make compliance decisions on my behalf?

No. All compliance decisions require explicit human authority. The platform enforces structural prerequisites (framework binding, control mapping, ownership) before governance operations can proceed, but these are deterministic correctness checks — not interpretive judgements. AI capabilities operate in an advisory capacity only and cannot approve, sign, or publish any artefact.

What happens if my organisation's entitlement expires?

When an entitlement expires, the organisation enters read-only mode. All existing data, reports, and governance artefacts remain accessible and unmodified. No data is deleted. New governance operations (workspace activation, report generation, decision creation) are paused until the entitlement is renewed.

Can reports be retroactively modified after generation?

No. Reports are locked to the decision versions that existed at generation time. Each report includes a SHA-256 content hash for integrity verification. Cryptographic signing provides tamper evidence. If governance context changes after a report is generated, a new report must be created — the original remains unchanged.

Why can't I see certain workspaces or reports?

Workspace visibility is governed by audience bindings. Each audience type is bound to exactly one authoritative workspace, and users can only see content associated with their assigned audience. This ensures controlled disclosure and prevents cross-workspace data leakage.

Who can modify workspace bindings?

Only users with the admin role. Binding modifications are logged with full provenance (actor identity, timestamp, IP address, user agent). Locked bindings cannot be modified without explicit unlock by an administrator.