Workloft
← All products

civiclaw · open source + hosted from £5,000/year

The audit-native agent runtime UK councils can actually procure.

EU AI Act Annex III hits 2 August 2026. G-Cloud 15 awards 17 September 2026. UK councils need an agent runtime that logs every decision, routes to a human on every gated action, runs on their own infrastructure, and doesn't send data to a US lab. No US SaaS vendor will ship this at council budgets. civiclaw does.

What ships today

  • DSAR skill — UK GDPR Article 15 requests. Intake, system search, third-party redaction with pre/post hash proof, response letter draft.
  • FOI skill — FOIA 2000 requests. Qualification, s.12 £450 cost-limit check, department search plan, compliant response with exemption rationale and appeal rights.
  • Cryptographic audit log — append-only, SHA-256 hash-chained JSONL. Tamper-evident by design. EU AI Act Article 12 ready.
  • Human-in-the-loop gate — every draft response blocks on a logged sign-off. Article 14 enforced structurally, not optionally.
  • Model router — Claude / GPT / Gemini / Ollama. Zero US-lab dependency if you run Ollama locally.
  • Next.js admin UI — pending sign-offs, live audit feed, chain-verified badge.

Tiers

£0
Open source

Apache 2.0, run on your own kit. Councils with internal IT capacity start here.

£5k/yr
Hosted small

Cyber Essentials Plus hosting, SLA, email support, version upgrades. For one council team.

from £15k/yr
Hosted enterprise

NHS Trusts and combined authorities. Adds role-based sign-off, custom integrations (M-Files, SharePoint, Civica, Capita One), and quarterly conformity packs.

Why it wins procurement

  • UK-incorporated vendor, UK-hosted infrastructure, ICO-registered
  • Cyber Essentials Plus posture from line one of code
  • Auditable, tamper-evident log — the regulator's favourite artefact
  • Open source, so your DPO can verify what the agent actually does
  • Model-agnostic — you're not locked to one US lab's pricing power

Who it's for

  • UK local authorities preparing for G-Cloud 15 (awards 17 September 2026)
  • Council DPOs looking at DSAR backlogs and wondering if AI can help without creating a new headache
  • Combined authorities and NHS Trusts that need on-prem or UK-region only
  • Anyone inside gov / public-sector procurement who's been burnt by US SaaS vendors

Pilot cohort limited to 3 councils.

Email for a diagnostic call. We'll look at your DSAR / FOI volume, your infrastructure posture, and whether civiclaw is the right fit before anything's signed.

Book a pilot call

Repo on GitLab today, mirroring to GitHub. Pilot cohort limited to 3 councils for the first quarter post-launch.