What is the MVF Protocol?

The MVF (MFOUR Vibe Framework) Protocol is a deterministic architecture for orchestrating and governing non-deterministic generative AI systems. It is a peer-reviewed, DOI-registered standard (10.5281/zenodo.17924469) that provides a 5-layer kernel architecture for enterprise AI governance.

IronGrade is the implementation platform for deploying Sovereign Processing Units (SPUs) based on the MVF Protocol. It offers both IronGrade (open-source, local deployment) and IronGrade Cloud (enterprise-grade, 6-layer governance architecture).

What is M4 Governance?

M4 Governance provides active architectural enforcement through adversarial stress-testing and EU AI Act Article 15 compliance validation. It ensures governed control over AI systems in high-stakes environments.

How is MFOURLABS different from traditional AI governance solutions?

MFOURLABS implements governed, kernel-level governance rather than probabilistic prompt engineering. Our approach provides cryptographically verifiable compliance, immutable audit trails, and mathematically provable behavioral constraints for AI systems.

How does IronGrade prevent AI hallucinations?

IronGrade prevents hallucinations through governed kernel-level interception. When the AI attempts to generate content outside predefined governance rules, the SPU (Sovereign Processing Unit) blocks the output in real-time before it reaches the user. This is fundamentally different from prompt engineering which relies on probabilistic guidance.

What sectors can use IronGrade?

IronGrade is designed for high-stakes sectors including: Finance (AML, fraud detection), Healthcare (PHI protection, clinical decision support), Government (classified intelligence, FOIA compliance), Legal (attorney-client privilege, contract analysis), Energy (SCADA security, grid control), and Manufacturing (trade secret protection, quality control). Each sector has specialized kernels calibrated for domain-specific compliance requirements.

Is IronGrade compliant with EU AI Act?

Yes. IronGrade implements Article 15 requirements for robustness, accuracy, and cybersecurity. The platform provides immutable audit trails, governed behavior verification, and adversarial stress-testing capabilities required for high-risk AI systems under the EU AI Act.

Can I try IronGrade before purchasing?

Yes. Visit mfourlabs.dev/reference-architecture to explore proven frameworks for regulated industries. The architectures showcase high-fidelity AI governance across Government, Legal, Finance, Healthcare, Energy, and Manufacturing sectors. For enterprise pilots, request access at mfourlabs.dev/request-access.

Official Trust Center

TRUST CENTER

MFOUR LABS (PVT) LTD.

Effective Date

January 13, 2026

Jurisdiction

Sri Lanka

Registration

PV 00352471

1. SOVEREIGNTY & JURISDICTION STATEMENT

Neutral jurisdiction with data sovereignty guarantees

1.1 Neutral Jurisdiction & Legal Data Sovereignty

MFour Labs (Pvt) Ltd. is a legal entity incorporated and governed exclusively by the laws of the Democratic Socialist Republic of Sri Lanka.

Non-Aligned Intelligence Status: Sri Lanka is not a member of the "Five Eyes," "Nine Eyes," or "Fourteen Eyes" intelligence-sharing alliances. This ensures your Administrative Data is not subject to automated, multilateral signals intelligence (SIGINT) harvesting or bulk data sharing between Western intelligence agencies.
Jurisdictional Independence: As a Sri Lankan entity with no US-based parent company, MFour Labs is not subject to the US CLOUD Act, the Patriot Act, or FISA Section 702. We are under no legal obligation to comply with warrantless data requests from foreign intelligence agencies.

1.2 The "Backdoor-Free" Architectural Covenant

We convert our jurisdictional neutrality into a technical certainty through a Zero-Telemetry Architecture that physically prevents state overreach:

Data Plane Isolation (No Exfiltration): The IronGrade Runtime executes 100% locally within the Licensee's infrastructure. MFour Labs lacks the technical means to intercept, view, or exfiltrate your Runtime Content.
Air-Gap Compatibility: Following initial cryptographic identity verification, the software is engineered for Offline Validation. It requires no persistent internet connection to execute logic kernels, ensuring the "Logic Gate" remains closed to external interference.
Zero Model Training: We do not log, persist, or utilize client inputs or outputs for model training. Your Intellectual Property remains mathematically air-gapped from our foundation models.

1.3 Warrant Canary (Integrity Transparency)

In accordance with our commitment to transparency and Section 13 of the PDPA, MFour Labs (Pvt) Ltd. warrants that as of January 23, 2026, it has NOT received any:

National Security Letters (NSL) or equivalent secret administrative subpoenas.
Foreign Intelligence Surveillance Court (FISC) orders or "gag orders" originating from any jurisdiction.
Forced Decryption Requests: Mandatory requests to build "backdoors" or provide decryption keys for the IronGrade SPU Kernels.

2. PRIVACY & DATA PROTECTION (PDPA / GDPR)

Compliance with Personal Data Protection Act, No. 9 of 2022

We operate under a strict "Privacy by Design" framework, ensuring full alignment with the Personal Data Protection Act, No. 9 of 2022 (Sri Lanka) and GDPR adequacy standards for our global partners.

2.1 Our Role in the Data Ecosystem

As a Data Controller: We minimize the collection of account-level data (e.g., developer emails) strictly to what is necessary for license performance under Section 6 of the PDPA.
As a Zero-Knowledge Processor: For the IronGrade Runtime, MFour Labs acts as a Processor with no access to your underlying data. All processing is transient (RAM-only) within your sovereign environment.

2.2 Data Subject Rights

We honor all statutory rights under Part II of the PDPA, including the Right of Access (Sec 13), Right to Rectification (Sec 14), and Right to Withdrawal of Consent (Sec 19).

FULL LEGAL DISCLOSURE

Master Privacy Policy

READ POLICY

4. DIGITAL VALIDITY & EXPORT COMPLIANCE

Legal recognition and export compliance

4.1 Validity of Digital Contracts & Credentials

All digital signatures, identity keys, and cryptographic handshakes utilized by the IronGrade Software are legally recognized and admissible under the Electronic Transactions Act, No. 19 of 2006 (as amended by Act No. 25 of 2017).

Functional Equivalence [Sec 7]: In accordance with Section 7 of the ETA, an Ed25519-signed SPU Kernel or digital credential is deemed to satisfy any legal requirement for a "signature," carrying the same weight and enforceability as a traditional wet-ink signature.
Non-Repudiation & Attribution [Sec 12]: The Software utilizes Automated Information Systems as defined in Section 26. Under Section 12, any electronic record generated by the IronGrade Runtime is legally attributed to the Originator (the Licensee), providing the highest level of non-repudiation for audit trails.
Integrity Assurance [Sec 5]: Our use of SHA-256 and Ed25519 ensures a "reliable assurance as to the integrity of the information" from the time it was first generated, meeting the "Original Form" requirements of the Act.

4.2 Export Control & Sanctions Compliance

MFour Labs (Pvt) Ltd. operates in compliance with the Imports and Exports (Control) Act, No. 1 of 1969 and the relevant regulations of the Sri Lanka Customs Department.

Mass-Market Cryptography: IronGrade utilizes standard, non-proprietary cryptographic primitives (e.g., Ed25519, AES-256-GCM). Under global export standards (including the Wassenaar Arrangement principles), these are generally classified as "Mass-Market" encryption for commercial use, requiring no individual export licenses for most benign jurisdictions.
End-User Responsibility: While MFour Labs is a Sri Lankan entity, the Licensee is strictly responsible for ensuring that the deployment of the Software complies with all applicable local and international export control laws, including the U.S. Export Administration Regulations (EAR) and OFAC sanctions.
Prohibited Destinations & End-Uses: The Software may not be exported, re-exported, or transferred to any country or entity subject to international embargoes. Furthermore, use of the Software for the development of restricted weaponry (nuclear, chemical, or biological) is strictly prohibited under our EULA.

5. LIMITATION OF LIABILITY (INDEMNIFICATION)

Warranty disclaimer and liability limitations

5.3 Liability Cap (Proportionality & Reasonableness)

The General Cap: Subject to Section 5.4, MFour Labs' total aggregate liability for all claims arising out of or related to this Agreement (whether in contract, tort, or otherwise) shall not exceed the total amount paid by the Licensee in the twelve (12) months immediately preceding the event giving rise to the claim.

Charter License Adjustment: For "Royalty-Free" Charter Licenses, where no fees are paid, the Parties agree that MFour Labs' total liability is strictly limited to a nominal sum of LKR 10,000 (or its equivalent in USD). The Licensee acknowledges that this limited liability is a fundamental inducement for MFour Labs to grant access to the Sovereign 50 program without a commercial fee.

5.4 Exceptions to Limitations

Nothing in this Agreement shall exclude or limit liability for:

(a) Death or personal injury caused by Gross Negligence;
(b) Fraud or Willful Misconduct;
(c) Breach of Intellectual Property rights or Data Confidentiality obligations (as defined in the MSA).

MFOUR LABS (PVT) LTD

Registration No: PV 00352471

Colombo, Sri Lanka

Democratic Socialist Republic of Sri Lanka

Contact

Legal Inquiries: legal@mfourlabs.dev

Privacy Matters: privacy@mfourlabs.dev