Compliant by architecture
Most platforms bolt compliance on at the end. Scrydon builds it in. Guardrails, policy-as-code authorisation, immutable audit logs, key control and document classification are part of the runtime — so the controls these frameworks demand are enforced as your AI and data actually run.
And because every control is observable, framework evidence packs map them back to the regulations, giving your risk, security and compliance teams something concrete to show.
Frameworks we support
Each page explains the framework in plain language and maps Scrydon's controls to its obligations. We align with and produce evidence for these frameworks; formal conformity for your own deployment remains your responsibility.
EU AI Act
European Union
Providers, deployers, importers and distributors placing AI systems on the EU market or whose AI output is used in the EU.
General Data Protection Regulation
European Union / EEA
Any organisation that processes the personal data of people in the EU/EEA, whether established in the Union or offering goods, services or monitoring from outside it.
Digital Operational Resilience Act
European Union
Financial entities across the EU — banks, insurers, investment firms, payment and crypto-asset providers and others — and the critical ICT third-party providers that serve them.
NIS2 Directive
European Union
Essential and important entities across critical sectors — energy, transport, water, health, digital infrastructure, public administration, manufacturing and more — and their supply chains.
SecNumCloud
France (ANSSI)
Cloud service providers seeking French ANSSI qualification, and the public-sector and sensitive-data organisations that require qualified, sovereign cloud services.