Governance that works  ·  Evidence-first  ·  No tracking

Technology risk. Evidence. Resilience.

A practitioner's journal at the intersection of audit defensibility, control automation, and AI governance, for regulated environments that demand evidence, not promises.

// Personal writing and small builds, published in my own time. Views are my own.

▶ Start here: Field Notes The Seven Dhārās Collaborate
// navigate

The Seven Dhārās

Seven streams of practice. Each one a discipline.

Dhārā I स्वामी GRC Intelligence Policy-as-code, control automation, evidence engineering. Dhārā II अमात्य AI-Augmented Governance Minimum sufficient control, maturity radar, direction scoring. Dhārā III जनपद Economic Statecraft Geopolitical economics as a governance signal engine. Dhārā IV दुर्ग Resilience Engineering Systems that hold under adversarial pressure, recover by architecture. Dhārā V कोश Signal Sovereignty Weak signal convergence. Niti-driven capital discipline. Dhārā VI दण्ड Regulatory Cartography Cross-jurisdictional signal engine: what shifts, where, when. Dhārā VII मित्र Sovereign Judgment Permission architecture. Vendor maturity. Programme design.
// field notes

Latest Field Notes

Recent dispatches. Each one lives inside its Dhārā.

All field notes →
AI-Augmented Governance
Sovereign by default, hybrid at edges
Why self-hosted open-weights inference is the boardroom-defensible default for regulated firms, and where hybrid still makes sense.
May 2026 · 11 min
Regulatory Cartography
FREE-AI vs the EU AI Act: A Comparative Read
What India's FREE-AI bet means for global AI governance, read alongside the EU AI Act and what each architecture was actually designed to protect.
Apr 2026 · 12 min
AI-Augmented Governance
AI in IT Audits: What Has Changed, What Has Not
What the AI-in-audit conversation gets right, where it gets seductive, and which audit fundamentals do not change regardless of which model produced the evidence.
Mar 2026 · 7 min
GRC Intelligence
Continuous Auditing: What It Actually Takes
What continuous auditing actually takes to operate, where the data pipeline breaks first, and the supervisory expectations that make it real.
Mar 2026 · 7 min
Regulatory Cartography
Open Banking: The Regulatory Map in 2026
The 2026 open-banking regulatory map across UK, EU, India, Singapore, and the third-party-risk obligations that scale faster than the architecture under them.
Mar 2026 · 8 min
Resilience Engineering
Post-Quantum Cryptography: The Migration Has Started
Why the post-quantum migration timeline is shorter than most boards realise, and what the practical first six months look like for regulated firms.
Mar 2026 · 8 min

What ऋतPulse means

rtapulse.com (ऋतPulse) combines ऋत (ṛta / ṛtá), meaning order, rule, truth, rightness, with Pulse, a living signal of health. It reflects how I think GRC should work: not a quarterly scramble, but a steady rhythm. Detect drift early, keep evidence ready, and translate risk into decisions leaders can act on.