Compliance

Built for the EU AI Act from day one — not bolted on.

Risk register, technical documentation, transparency banners and one-click regulator export — all populated from your live Thyreus configuration.

EU AI Act

Article 13 transparency banners and Annex IV technical file, populated live from your configuration.

NIST AI RMF

Govern, Map, Measure, Manage — mapped to your policies and evidenced continuously.

GDPR & CCPA

Data residency, subject requests, minimization by default. DPA and Sub-processor list on request.

HIPAA-aligned

BAAs available with all in-scope model providers. PII / PHI detection and redaction on ingress.

SOC 2 Type II

Audited controls across security, availability, confidentiality and processing integrity.

ISO 27001

Certified information security management system. Statement of Applicability on request.

Security posture

The controls procurement won't have to ask about.

Zero-trust data handling

Tenant-isolated encryption, customer-managed keys, and no training on your data — ever.

Data residency

US, EU, UK and APAC deployment regions. Choose per workspace or per connector.

Immutable audit trail

Append-only event log with cryptographic sealing. Export to SIEM in real time.

Regulator-ready export

One-click bundle of prompts, retrievals, approvals and outputs scoped by time or user.

Self-hosted option

Air-gapped deployment on your own Kubernetes for defense, intelligence and sovereign workloads.

Human accountability

Every model output is attributable to a person, an approval and a chain of evidence.