Vortalis for Media and publishing

Autonomous SEO and generative engine optimisation

The trust layer for AI agents publishing content, optimising search visibility, and managing outreach.

Autonomous content operations move faster than an editorial team can review them. The media-publishing sector pack codifies the actions an agent may take on a live site, gates the high-impact ones behind human approval, and signs every decision into an audit chain an external auditor can verify offline. The first external client engagement on the /v1/governance/* contract surface was a media-publishing tenant; the template below is the generalisation of that engagement.

Regulators covered

Which frameworks the media and publishing pack maps to today.

Framework

Jurisdiction

Coverage

Notes

EU AI Act

vortalis_proxy/compliance/frameworks.py (build_eu_ai_act_sections)
tests/conformance/regulators/eu_ai_act/

Full

Transparency obligations for AI-generated content, plus the general high-risk system controls (logging, human oversight, technical documentation).

UK AI Bill

vortalis_proxy/compliance/uk_ai_bill.py
tests/conformance/regulators/uk_ai_bill/

Partial

Tracks the principles-based regime as currently published. Sector-specific guidance from Ofcom, the CMA, and the ICO is mapped where issued; we will not claim coverage of guidance that has not yet been written.

ASA Code (CAP and BCAP)

Planned

Advertising standards apply to outreach and sponsored-content workflows. Binding is on the Phase 1 backlog; the policy template names the actions today and the regulator binding lands with the first advertising-led engagement.

FTC Endorsement Guides

US (Federal)

Planned

Disclosure obligations on sponsored outreach. Same shape as the ASA binding; planned for Phase 1.

GDPR

vortalis_proxy/compliance/frameworks.py (build_gdpr_sections)

EU and UK

Full

First-party data in the outreach workflow (recipient lists, engagement logs) is tokenised and audited on the same chain as the agent's content actions.

Adapter coverage

Upstream services Vortalis adapts for this vertical.

No Vortalis-side adapters ship for media and publishing. The calling system holds the CMS credentials, the IndexNow keys, and the email-provider tokens directly. Vortalis governs the action at the agent boundary; the operator's existing integrations carry the action through to the live site.

Action vocabulary

The policy template for this vertical.

Actions allowed

Each action gated by policy at the hot path.

Anticipated require_human actions

content.published
content.unpublished

Rate-limit posture

Three publishes per rolling 60-minute window on content.published. Defensible for a single-site engagement; raise for a multi-site one after agreeing the volume with the tenant's editorial lead.

Template path: policies/sectors/media-publishing/autonomous-seo-template.yaml

Integration brief

The implementation guide your engineers read first.

Available

docs/governance/integration-briefs/media-publishing-seo.md

Honest limits

What this sector pack does not do.

Vortalis does not generate the content; AI agents do.

The policy template gates fifteen actions including content.draft_generated, content.published, and seo.metadata_changed. It does not write the article, choose the headline, or decide the editorial line. Editorial quality, factual accuracy, and brand voice remain the operator's responsibility. Vortalis records what the agent did and when; it does not grade what the agent wrote.

Counterparty certification with IndexNow, email providers, and CMS platforms is the operator's responsibility.

Per the public limitations page, Vortalis ships adapters as code, not as counterparty-certified production integrations. The media-publishing pack relies on the operator's existing IndexNow, email-provider, and CMS credentials; the conformance and rate-limit conventions of those upstream services are governed by the operator's contract with each one, not by Vortalis.

The audit trail captures decision and execution; it does not capture content quality.

Every published article is recorded as a signed audit-chain entry. The entry names the agent, the policy decision, the timestamp, and the upstream response. It does not score the article for SEO quality, factual accuracy, or compliance with the operator's editorial guidelines. Quality assurance and content review remain in the operator's editorial workflow; the audit chain is the record of what happened, not the judgement of whether it should have happened.

agent.action_blocked records client-side rejections; it does not enforce them.

The client-side rejection vocabulary lets the calling system tell Vortalis it refused an action the agent proposed. The audit chain logs that rejection so an auditor sees the complete decision history including the actions that never reached the upstream API. The enforcement itself sits in the calling system; Vortalis records the client-side decision, it does not duplicate it.

The general-purpose honest limits sit at /security/limitations; this list is specific to the media and publishing pack.

Bring Vortalis to your media and publishing agents.

Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.

Read the integration brief Talk to an engineer