Compliance
Built for the EU AI Act from day one — not bolted on.
Risk register, technical documentation, transparency banners and one-click regulator export — all populated from your live Thyreus configuration.
EU AI Act
Article 13 transparency banners and Annex IV technical file, populated live from your configuration.
NIST AI RMF
Govern, Map, Measure, Manage — mapped to your policies and evidenced continuously.
GDPR & CCPA
Data residency, subject requests, minimization by default. DPA and Sub-processor list on request.
HIPAA-aligned
BAAs available with all in-scope model providers. PII / PHI detection and redaction on ingress.
SOC 2 Type II
Audited controls across security, availability, confidentiality and processing integrity.
ISO 27001
Certified information security management system. Statement of Applicability on request.
Security posture
The controls procurement won't have to ask about.
Zero-trust data handling
Tenant-isolated encryption, customer-managed keys, and no training on your data — ever.
Data residency
US, EU, UK and APAC deployment regions. Choose per workspace or per connector.
Immutable audit trail
Append-only event log with cryptographic sealing. Export to SIEM in real time.
Regulator-ready export
One-click bundle of prompts, retrievals, approvals and outputs scoped by time or user.
Self-hosted option
Air-gapped deployment on your own Kubernetes for defense, intelligence and sovereign workloads.
Human accountability
Every model output is attributable to a person, an approval and a chain of evidence.