Lend on AI you can prove, not just trust.
LoanOS is the governed AI lending operating system for MENA non-bank financial institutions: five modules — Recover, Decide, Verify, Comply, Operate — on one auditable spine, Arabic-first, deployed inside your perimeter, with a human gate on every regulated action.
نظام تشغيل الإقراض المحوكم بالذكاء الاصطناعي — عربيّ أولاً، قابل للتدقيق بالكامل
Verify — applicant identity cleared. Document integrity pass. Card 1234********5678 · +20 1XX XXX XXXX
Decide — explainable score computed on the fraud-cleared exposure. Top factors logged for review.
Human gate — a credit officer reviews the score and rationale. Approved by a named owner.
Comply — offer letter assembled; e-signing routed through an ITIDA-accredited provider.
Operate — hash-chained audit entry written. Every step above is reviewable, end to end.
42001
Digisoul's AI Management System is independently certified — Reg. No. IAC9519986925 · IACUS · issued 8 Nov 2025. LoanOS's own governance is designed informed by ISO/IEC 42001 and NIST AI RMF principles.
Credit is growing. Governed control of it is not keeping pace.
Outstanding balances across FRA-regulated activities, end-2025.
A 96.3 billion EGP portfolio · 48 licensed companies · 10.8m+ cumulative clients.
Held low — for now. Growth this fast is where ungoverned controls start to leak.
Source: Financial Regulatory Authority (FRA) statistics release, 14 May 2026; FRA Q4-2025 quarterly report. Retrieved 3 July 2026.
Point tools fix one island, and break the seam between them.
Fragmented risk decisions
Scoring, onboarding and collections do not share one governed record — so no one can show a regulator the whole decision.
Fraud leakage
Document and identity fraud enters at onboarding and dispute, then contaminates every downstream decision made on it.
Ungoverned collections
Unprioritised, inconsistently consented outreach — precisely the conduct that FRA Decision 278/2025 now puts under formal rules.
Compliance exposure
PDPL residency, audit trails, and conduct obligations handled in spreadsheets and inboxes, invisible until an inspection.
Regulatory references are provided for orientation only — validate with counsel at contract time.
One governed operating system across the lending lifecycle.
Five co-equal modules on one governance spine. Every regulated action is consented, human-approved, explainable, and written to one immutable audit.
Recover
Chase the right account, in the right order, within consent and frequency caps — routed to a named human owner.
Decide
Explainable underwriting and early-warning scores that inform a human decision — never an autonomous adverse one.
Verify
KYC, document integrity and anomaly screening at onboarding — so every later decision runs on a fraud-cleared exposure.
Comply
Notices, filings and e-signing through ITIDA-accredited providers; PDPL-aligned residency and retention by design.
Operate
Sequences the other four, enforces the invariants, writes the hash-chained audit, and routes every action to its owner.
Architecture is co-equal; commercially, design partners typically land with Recover first — the fastest, most measurable wedge — then expand across the spine.
One account, four modules, one auditable trace.
Follow a single application through the spine. Every handoff is sequenced by Operate; the regulated step waits for a human; the audit records it all.
Identity, documents and device signals screened. Masked: 1234********5678.
Integrity checks pass; anomalies flagged for review, not auto-declined.
Score computed with top factors logged — readable by a credit officer, and by an auditor.
No autonomous adverse decisions. A named owner reviews and decides.
Offer and notices assembled; e-signed via an ITIDA-accredited provider.
A hash-chained, append-only entry ties all five steps to one account record.
Eight invariants, human authority on every regulated action.
A person approves every regulated action.
No autonomous adverse decisions about individuals.
Every action routes to a named human owner.
An immutable, hash-chained audit records everything.
Consent and frequency caps gate all outreach.
Data residency aligned to PDPL — on Egyptian soil.
No model deploys without documented approval.
Legal e-signing only through ITIDA-accredited providers.
LoanOS governance is designed informed by ISO/IEC 42001 and NIST AI RMF. Digisoul, the company behind it, is independently certified to ISO/IEC 42001:2023. Validate regulatory interpretations with counsel at contract time.
Your data never leaves. That is the point.
Each client runs a private instance on infrastructure they control — a subscription relationship without shared-tenant data exposure.
Personal data stays on Egyptian soil, with retention and access designed around Law 151/2020 and its executive regulations.
RTL-native operations console designed for MENA teams — Arabic first, English alongside, not a translation afterthought.
White-label app for day one; SDK and API surfaces inside your environment for integration — nothing crosses the perimeter.
Built for the lenders the FRA regulates.
licensed companies
licensed companies
licensed companies
licensed companies
22 companies + 495 NGOs
Source: FRA licence counts — May 2026 statistics release and Q4-2025 quarterly report.
Designed around the instruments your board already discusses.
Registration and conduct controls for collecting non-bank dues — the regime Recover's consent and frequency gates are designed to support.
The FRA outsourcing register (as amended by BD 68/2025) that governs technology providers serving non-bank financial activities.
Egypt's data-protection law and its 2025 executive regulations — residency, consent and retention designed in, not bolted on.
Legal e-signature exclusively through ITIDA-licensed certificate service providers, embedded in Comply.
Annual ESG disclosure for NBFIs above 100 million EGP (TCFD climate reporting above 500 million EGP) — duties LoanOS is designed to help evidence.
The governance standard Digisoul is certified to as a company — and the discipline LoanOS's spine is designed around.
LoanOS is designed to support compliance with the instruments above; this is not legal advice. Validate every regulatory interpretation with counsel at contract time.
Fair lending you can evidence, not just claim.
Women's financial inclusion
Sex-disaggregated portfolio views, fairness monitoring on scoring, and reporting designed for gender-lens frameworks such as the 2X Criteria and the WE Finance Code — so inclusion becomes something a lender can measure, not assert.
ESG reporting, built in
FRA-regulated NBFIs above the 100-million-EGP threshold now carry annual ESG disclosure duties, with TCFD climate reporting at larger sizes. LoanOS's Comply module is designed to help lenders evidence these obligations from the same governed record that runs the portfolio.
The first cohort shapes the product. The pilot proves it.
LoanOS is in development, and we are briefing selected lenders, partners and investors. The path to first production is a paid, Recover-first pilot on a ring-fenced portfolio segment — measured against a matched control group, with success criteria agreed before it starts.
Planned · in development. No performance figures are claimed; pilot outcomes are measured per client against a matched control.
AI-Governance Readiness Checklist for MENA NBFIs
Ten questions a board should be able to answer before putting AI anywhere near a regulated lending decision — mapped to ISO/IEC 42001 discipline and Egypt's own instruments.
- Human authority: who approves, and where is it recorded?
- Explainability: can every score be read by an auditor?
- Residency & PDPL: where does personal data actually live?
- Conduct: how are consent and contact frequency enforced?
- ESG duties: can you evidence FRA 107/2021 disclosures?
Checklist for MENA NBFIs
Prefer a walkthrough? Book a briefing
The questions a risk committee asks first.
What does "Planned · in development" mean?
Exactly what it says. LoanOS is a proposed Digisoul venture line currently in development — we do not present it as shipping software, and we publish no performance metrics because none would be traceable yet. The route to first production is a paid, Recover-first design-partner pilot measured against a matched control group.
Where does our data live, and who can see it?
Inside your perimeter. LoanOS is designed single-tenant and in-perimeter: your data stays on infrastructure you control, on Egyptian soil, aligned with PDPL Law 151/2020 and its executive regulations. Access is role-based, and every access and action is written to an append-only audit.
Does the AI make lending decisions on its own?
No. LoanOS is designed so that no autonomous adverse decision about an individual is ever made. Scores and recommendations are explainable inputs to a named human owner, who approves every regulated action through a recorded gate.
Is LoanOS Arabic-native or translated?
Arabic-first and RTL-native by design, with English alongside. MENA operations teams are the primary user, not an afterthought — the same bilingual discipline Digisoul applies across its training and product lines.
How does LoanOS relate to Digisoul and JafarOS?
Digisoul is the parent company — an ISO/IEC 42001:2023-certified MENA AI enablement ecosystem spanning training (AI4X), digital products (Brain, the Prompt Library), advisory (Khabeer AI), the JafarOS agentic workforce, and the Diwan AI community. LoanOS applies the same governed-AI discipline to one regulated vertical: non-bank lending. LoanOS's own governance is designed informed by ISO/IEC 42001; the company certification belongs to Digisoul.
Can our auditors and the regulator see the trail?
That is the design goal: a hash-chained, append-only audit in which every model output, human approval, consent check and outbound document is tied to one account record — exportable for internal audit, external audit, and supervisory review. Validate specific supervisory expectations with counsel at contract time.