Skip to main content
DS

Built because compliance needed it.
Not because the market wanted it.

A practicing attorney built the governance infrastructure that AI agents actually need — not by reading regulations, but by deploying agents, hitting the wall, and building the solution.

Request Governance AssessmentRead the Docs
The Story

From law practice to AI governance

I founded Hucke & Sanker in 2014 with one conviction: a law firm should be technology-enabled from day one. Most legal practices still run on manual processes despite handling the most consequential information in business — contracts, IP, financial instruments, evidence. That gap always seemed worth closing.

In 2016, I founded CR Legal Tech GmbH — a D2C legal platform providing access to justice at scale, building apps that automated consumer law, criminal law, and tort law workflows. That taught me what legal work actually looks like when stripped to its essential logic: rules applied to facts, with documented decisions. CR Legal Tech was sold in 2022.

After the exit, I deepened into AI — specifically building custom solutions for financial companies and law firms through Lawkraft. The work ranged from automated due diligence and portfolio tracking to NLP for legal analysis and agentic systems for IP enforcement (Morpheus Mark).

What I kept finding: every organisation deploying AI agents in regulated environments faces the same wall. The agents work. Then compliance asks — what exactly did the agent do, under whose authority, with what constraints, and where is the evidence? — and everything stops.

UAPK is the answer to that question. Not a theoretical framework — the specific infrastructure that every serious AI deployment in a regulated environment needs, built by someone who has needed it and couldn't find it.

The Founder

David Sanker

Rechtsanwalt · NY Foreign Counsel

Partner, Hucke & Sanker · 12 years PQE

Practice areas
Capital MarketsInternational IPTransnational Criminal LawWhite-Collar DefenceAI Regulatory Strategy
Licensed Practice
  • Rechtsanwalt — Federal Bar Association Germany, since 2014
  • Foreign Legal Counsel — New York State, Appellate Division at the Supreme Court, since 2024
Certified
  • BAFin Certified: Digital Transformation and AI Expert — since 2019
  • Specialist Solicitor: Corporate Law & M&A (CLE Institute von Fürstenberg) — 2018/19
  • Specialist Solicitor: Criminal Law (CLE Institute von Fürstenberg) — 2012
Education
  • Juris Doctor equivalent (First State Exam) — University of Cologne, Faculty of Law
  • Certificate: Law of the United States (CUSL) — University of Cologne
  • Second State Exam (Clerkship) — District Court Cologne, North-Rhine-Westphalia
  • Blockchain Law & Applications — MIT Sloan School of Management
  • Transnational Law and Justice — UNICRI (United Nations), Turin
David speaks German (native) and English (fluent). He is based between Cologne, Brighton, and New York.
The Ecosystem

Three entities. One governance posture.

Open source engages the engine alone. Professional engagement stacks all three.

Law Firm

Hucke & Sanker

Boutique transnational law firm with offices in Cologne, Brighton, and New York. Practice: cross-border IP enforcement, AI regulatory strategy (EU AI Act, GDPR for AI/ML systems), global M&A, and white-collar defence. Partner-led representation at the intersection of technology, finance, and public policy.

huckesanker.com →
AI Consulting

Lawkraft

AI consulting practice delivering custom AI systems for regulated industries — strategy, implementation, and compliance documentation under one roof. Sectors: legal services, insurance, banking and finance. The only consultant who codes the pilot and writes the compliance docs. No hand-offs, no juniors.

lawkraft.com →
Governance Infrastructure

UAPK Gateway

Apache 2.0 policy enforcement and audit middleware for AI agents. Patent pending. The enforcement engine that both Lawkraft-delivered deployments and self-hosted implementations run on. All core features free and open-source — professional engagements provide legal review and expert implementation.

Read the docs →
The Distinction

What professional governance means

The open-source version of UAPK is complete, fully functional, and the right choice for technical teams with in-house legal and compliance capability. Nothing is held back. Professional engagement is a different category of thing.

Self-hosted
  • ·You configure the manifests
  • ·You interpret what each regulation requires for your system
  • ·UAPK enforces whatever you wrote
  • ·Compliance posture is your decision
  • ·Full transparency — you own every choice
Professional engagement
  • Manifests designed by a Rechtsanwalt with 12 years PQE
  • Framework mappings reflect active legal interpretation — not spec reading
  • Your governance report is a document designed by counsel
  • BAFin-certified AI expertise covering the jurisdictions you operate in
  • Lawkraft implements; Hucke & Sanker reviews the compliance posture
"The open-source tool enforces your policy. Professional engagement means your policy was written by a lawyer."

Talk about your use case

Whether you are self-hosting or evaluating a professional engagement — a 45-minute governance assessment is free, no purchase required.