Digisoul · Governed AI for regulated lending
LoanOS

Lend on AI you can prove, not just trust.

LoanOS is the governed AI lending operating system for MENA non-bank financial institutions: five modules — Recover, Decide, Verify, Comply, Operate — on one auditable spine, Arabic-first, deployed inside your perimeter, with a human gate on every regulated action.

نظام تشغيل الإقراض المحوكم بالذكاء الاصطناعي — عربيّ أولاً، قابل للتدقيق بالكامل

Planned · In development
loanos://governed-runIllustrative · masked data
09:41:02

Verify — applicant identity cleared. Document integrity pass. Card 1234********5678 · +20 1XX XXX XXXX

09:41:07

Decide — explainable score computed on the fraud-cleared exposure. Top factors logged for review.

09:41:11

Human gate — a credit officer reviews the score and rationale. Approved by a named owner.

09:41:18

Comply — offer letter assembled; e-signing routed through an ITIDA-accredited provider.

09:41:19

Operate — hash-chained audit entry written. Every step above is reviewable, end to end.

No client data is processed.One spine. One audit.
ISO
42001
Built by an ISO/IEC 42001:2023-certified company

Digisoul's AI Management System is independently certified — Reg. No. IAC9519986925 · IACUS · issued 8 Nov 2025. LoanOS's own governance is designed informed by ISO/IEC 42001 and NIST AI RMF principles.

Why now · the market moment

Credit is growing. Governed control of it is not keeping pace.

417 billion EGP
Non-bank financing portfolio

Outstanding balances across FRA-regulated activities, end-2025.

+57.0%
Consumer finance growth, YoY

A 96.3 billion EGP portfolio · 48 licensed companies · 10.8m+ cumulative clients.

<3.0%
Sector delinquency, end-2025

Held low — for now. Growth this fast is where ungoverned controls start to leak.

Across 2,532 regulated entities and 64 million clients, leasing grew +50.8% and factoring +77.3% in one year. The constraint is not AI capability. It is governed execution.

Source: Financial Regulatory Authority (FRA) statistics release, 14 May 2026; FRA Q4-2025 quarterly report. Retrieved 3 July 2026.

Four control gaps, one root cause

Point tools fix one island, and break the seam between them.

01

Fragmented risk decisions

Scoring, onboarding and collections do not share one governed record — so no one can show a regulator the whole decision.

02

Fraud leakage

Document and identity fraud enters at onboarding and dispute, then contaminates every downstream decision made on it.

03

Ungoverned collections

Unprioritised, inconsistently consented outreach — precisely the conduct that FRA Decision 278/2025 now puts under formal rules.

04

Compliance exposure

PDPL residency, audit trails, and conduct obligations handled in spreadsheets and inboxes, invisible until an inspection.

Regulatory references are provided for orientation only — validate with counsel at contract time.

The suite · five modules, one spine

One governed operating system across the lending lifecycle.

Five co-equal modules on one governance spine. Every regulated action is consented, human-approved, explainable, and written to one immutable audit.

Recover

Collections intelligence

Chase the right account, in the right order, within consent and frequency caps — routed to a named human owner.

Governed action: consented, prioritised outreach

Decide

Credit decisioning

Explainable underwriting and early-warning scores that inform a human decision — never an autonomous adverse one.

Governed action: score + rationale to a human

Verify

Identity & fraud

KYC, document integrity and anomaly screening at onboarding — so every later decision runs on a fraud-cleared exposure.

Governed action: identity cleared & logged
§

Comply

Regulatory automation

Notices, filings and e-signing through ITIDA-accredited providers; PDPL-aligned residency and retention by design.

Governed action: compliant, audit-stamped output

Operate

The spine

Sequences the other four, enforces the invariants, writes the hash-chained audit, and routes every action to its owner.

The reason there are no ungoverned islands

Architecture is co-equal; commercially, design partners typically land with Recover first — the fastest, most measurable wedge — then expand across the spine.

Watch one decision, governed

One account, four modules, one auditable trace.

Follow a single application through the spine. Every handoff is sequenced by Operate; the regulated step waits for a human; the audit records it all.

Step 1 · VerifyApplication in

Identity, documents and device signals screened. Masked: 1234********5678.

Step 2 · VerifyFraud-cleared

Integrity checks pass; anomalies flagged for review, not auto-declined.

Step 3 · DecideExplainable score

Score computed with top factors logged — readable by a credit officer, and by an auditor.

Step 4 · Human gateA person approves

No autonomous adverse decisions. A named owner reviews and decides.

Step 5 · ComplyGoverned paperwork

Offer and notices assembled; e-signed via an ITIDA-accredited provider.

Step 6 · OperateAudit written

A hash-chained, append-only entry ties all five steps to one account record.

Illustrative, scripted walkthrough on masked sample data. No client data is processed.
The governance spine · the moat

Eight invariants, human authority on every regulated action.

1

A person approves every regulated action.

2

No autonomous adverse decisions about individuals.

3

Every action routes to a named human owner.

4

An immutable, hash-chained audit records everything.

5

Consent and frequency caps gate all outreach.

6

Data residency aligned to PDPL — on Egyptian soil.

7

No model deploys without documented approval.

8

Legal e-signing only through ITIDA-accredited providers.

LoanOS governance is designed informed by ISO/IEC 42001 and NIST AI RMF. Digisoul, the company behind it, is independently certified to ISO/IEC 42001:2023. Validate regulatory interpretations with counsel at contract time.

Deployment · inside your perimeter

Your data never leaves. That is the point.

Client perimeter · single tenant
White-label lending console — Arabic-first, RTL-nativeApp
Five governed modules on the Operate spineLoanOS
Model registry, explainability & approval workflowControl plane
Hash-chained audit · role-based access controlAudit
Your data, on your infrastructure, in EgyptResidency
Single-tenant, in-perimeter

Each client runs a private instance on infrastructure they control — a subscription relationship without shared-tenant data exposure.

PDPL-aligned residency

Personal data stays on Egyptian soil, with retention and access designed around Law 151/2020 and its executive regulations.

Arabic-first, bilingual

RTL-native operations console designed for MENA teams — Arabic first, English alongside, not a translation afterthought.

Three ways in

White-label app for day one; SDK and API surfaces inside your environment for integration — nothing crosses the perimeter.

Who it is for

Built for the lenders the FRA regulates.

48
Consumer finance

licensed companies

44
Financial leasing

licensed companies

41
Factoring

licensed companies

25
Mortgage finance

licensed companies

517
Microfinance

22 companies + 495 NGOs

Source: FRA licence counts — May 2026 statistics release and Q4-2025 quarterly report.

Regulatory fluency · named, not generic

Designed around the instruments your board already discusses.

FRA BD 278/2025
Debt-collection conduct rules

Registration and conduct controls for collecting non-bank dues — the regime Recover's consent and frequency gates are designed to support.

FRA BD 141/2023
Fintech outsourcing register

The FRA outsourcing register (as amended by BD 68/2025) that governs technology providers serving non-bank financial activities.

PDPL 151/2020
Personal data protection

Egypt's data-protection law and its 2025 executive regulations — residency, consent and retention designed in, not bolted on.

E-Sign 15/2004
ITIDA-accredited e-signing

Legal e-signature exclusively through ITIDA-licensed certificate service providers, embedded in Comply.

FRA 107/2021
NBFI ESG disclosure

Annual ESG disclosure for NBFIs above 100 million EGP (TCFD climate reporting above 500 million EGP) — duties LoanOS is designed to help evidence.

ISO/IEC 42001
AI management systems

The governance standard Digisoul is certified to as a company — and the discipline LoanOS's spine is designed around.

LoanOS is designed to support compliance with the instruments above; this is not legal advice. Validate every regulatory interpretation with counsel at contract time.

Inclusion & ESG · governed lending, measured

Fair lending you can evidence, not just claim.

Women's financial inclusion

Sex-disaggregated portfolio views, fairness monitoring on scoring, and reporting designed for gender-lens frameworks such as the 2X Criteria and the WE Finance Code — so inclusion becomes something a lender can measure, not assert.

Women are the majority of Egypt's microfinance borrowers by count, yet received 46.1% of financing value in Q4 2024. That gap is measurable — and governed lending can help narrow it. (FRA data, via World Bank and Daily News Egypt.)

ESG reporting, built in

FRA-regulated NBFIs above the 100-million-EGP threshold now carry annual ESG disclosure duties, with TCFD climate reporting at larger sizes. LoanOS's Comply module is designed to help lenders evidence these obligations from the same governed record that runs the portfolio.

Explainable decisions, human oversight and audit trails are themselves ESG: they answer the responsible-AI questions DFI-grade due diligence now asks. Read Digisoul's ESG commitments →
Founding design partners · why now

The first cohort shapes the product. The pilot proves it.

LoanOS is in development, and we are briefing selected lenders, partners and investors. The path to first production is a paid, Recover-first pilot on a ring-fenced portfolio segment — measured against a matched control group, with success criteria agreed before it starts.

Planned · in development. No performance figures are claimed; pilot outcomes are measured per client against a matched control.

The checklist · free download

AI-Governance Readiness Checklist for MENA NBFIs

Ten questions a board should be able to answer before putting AI anywhere near a regulated lending decision — mapped to ISO/IEC 42001 discipline and Egypt's own instruments.

  • Human authority: who approves, and where is it recorded?
  • Explainability: can every score be read by an auditor?
  • Residency & PDPL: where does personal data actually live?
  • Conduct: how are consent and contact frequency enforced?
  • ESG duties: can you evidence FRA 107/2021 disclosures?
AI-Governance Readiness
Checklist for MENA NBFIs
PDF · Free · No registration

Prefer a walkthrough? Book a briefing

Good to know

The questions a risk committee asks first.

What does "Planned · in development" mean?

Exactly what it says. LoanOS is a proposed Digisoul venture line currently in development — we do not present it as shipping software, and we publish no performance metrics because none would be traceable yet. The route to first production is a paid, Recover-first design-partner pilot measured against a matched control group.

Where does our data live, and who can see it?

Inside your perimeter. LoanOS is designed single-tenant and in-perimeter: your data stays on infrastructure you control, on Egyptian soil, aligned with PDPL Law 151/2020 and its executive regulations. Access is role-based, and every access and action is written to an append-only audit.

Does the AI make lending decisions on its own?

No. LoanOS is designed so that no autonomous adverse decision about an individual is ever made. Scores and recommendations are explainable inputs to a named human owner, who approves every regulated action through a recorded gate.

Is LoanOS Arabic-native or translated?

Arabic-first and RTL-native by design, with English alongside. MENA operations teams are the primary user, not an afterthought — the same bilingual discipline Digisoul applies across its training and product lines.

How does LoanOS relate to Digisoul and JafarOS?

Digisoul is the parent company — an ISO/IEC 42001:2023-certified MENA AI enablement ecosystem spanning training (AI4X), digital products (Brain, the Prompt Library), advisory (Khabeer AI), the JafarOS agentic workforce, and the Diwan AI community. LoanOS applies the same governed-AI discipline to one regulated vertical: non-bank lending. LoanOS's own governance is designed informed by ISO/IEC 42001; the company certification belongs to Digisoul.

Can our auditors and the regulator see the trail?

That is the design goal: a hash-chained, append-only audit in which every model output, human approval, consent check and outbound document is tied to one account record — exportable for internal audit, external audit, and supervisory review. Validate specific supervisory expectations with counsel at contract time.

LoanOS™ · a Digisoul venture line · Planned, in development Humanizing Digital, Digitizing Success! bd@digisoul.io · +20 100 020 9111