How SEAL Runtime Compares:

IAM, Guardrails, and GRC

Where Refusal Infrastructure fits — and what it is not.

Why This Page Exists

When people first see SEAL Runtime, they often ask:


  • “Is this a kind of IAM?”
  • “Is this just guardrails for models?”
  • “Is this GRC or policy software?”


This page gives a clear answer.


  • Refusal Infrastructure is the category.
  • Action Governance is the missing discipline it enforces.
  • SEAL Legal Runtime is the implementation for regulated industries (starting with law) — a sealed governance layer in front of high-risk actions.


It works with IAM, guardrails, and GRC — but it is not any of them.

The One-Line Summary

  • IAM controls who can access systems.
  • Guardrails control what models can say.
  • GRC controls how policies and risks are documented.
  • SEAL Runtime controls what high-risk actions are allowed to run at all — and leaves behind sealed evidence for every governed decision.

What Question Each Layer Answers

IAM (Identity and Access Management)

“Who is allowed to sign in or see this system or resource?”


Guardrails / Model Safety

“What is this model allowed to say or generate?”


GRC / Policy & Risk Platforms

“What are our policies, controls, and risks — and are we compliant?”


SEAL Legal Runtime (Refusal Infrastructure for Legal AI)

“Is this specific person or system allowed to take this specific action, in this context, under this authority, right now — yes or no?”


Only SEAL Legal Runtime answers the execution-time authority question.

Where Each Acts in the Stack

IAM

  • Sits before systems — at login, SSO, API access.
  • Governs access to tools, data, and services.
  • Once a user or service is authenticated and authorized, IAM is done.


Guardrails

  • Sits around or inside models.
  • Filters inputs and outputs, blocks certain prompts or responses.
  • Governs language behavior, not whether the resulting action executes.


GRC

  • Sits in documentation and oversight.
  • Stores policies, control libraries, attestations, and audit records.
  • Governs what should be true on paper, not live execution paths.


  • SEAL Legal Runtime
  • Sits in front of high-risk actions in wired workflows.
  • Acts as a pre-execution gate: file / send / approve / move money / commit a binding step.
  • For each governed action, decides approve, refuse, or supervised override at runtime.

How Each Treats Evidence

IAM

  • Logs authentication and access events.
  • Good for reconstructing who accessed what, but not always why an action was allowed to proceed.


Guardrails

  • May log blocked prompts or responses.
  • Evidence is about content filtering, not authority.


GRC

  • Stores policy documents, risk registers, control mappings, and attestations.
  • Evidence is about governance design, not individual execution decisions.


SEAL Runtime

  • Creates a sealed, tamper-evident decision artifact for every governed decision — approval, refusal, or supervised override.
  • Artifacts are designed to be written to client-owned, append-only audit storage and structured so GCs, regulators, and insurers can see:
  • who acted,
  • on what,
  • under which authority,
  • what decision SEAL made, and
  • when it happened.

How They Work Together

In a mature legal AI stack:


  • IAM verifies who is trying to use tools and systems.
  • Guardrails constrain what models are allowed to say.
  • GRC defines what your policies and risk posture are.


  • SEAL Runtime enforces Action Governance at the moment of execution:
  • If identity or role is missing or ambiguous → designed to fail-closed with a refusal.
  • If client consent or jurisdiction policy is out of bounds → designed to fail-closed with a refusal.
  • If the action is high-risk and requires supervision → routed through a supervised override path.


SEAL Legal Runtime does not replace IAM, guardrails, or GRC. It gives them an execution-time enforcement point  for high-risk actions.

What SEAL Legal Runtime Is Not

To avoid confusion:


  • Not IAM – it does not manage logins, passwords, or access to systems.
  • Not guardrails – it does not tune prompts or supervise model tokens.
  • Not GRC – it is not a policy library, risk register, or control documentation system.
  • Not a chatbot or assistant – it does not draft, coach, or summarize.


SEAL Legal Runtime is Refusal Infrastructure:


a sealed governance layer in front of high-risk actions, implementing Action Governance through a pre-execution authority gate and sealed decision artifacts for every governed action.