KSA PDPL
Full data residency within the Kingdom. Processing stays in-country, cross-border transfers follow SDAIA guidelines, and audit trails meet NDMO requirements.
Open deep-diveSovereign track · regulated buyers
If your AI purchase involves your auditor, your regulator, or a sectoral supervisor, start here. EU AI Act, DORA, NIS2, sectoral rules — answered with a documented, audited, third-party-attestable platform.
Per-regulation deep dives
Full data residency within the Kingdom. Processing stays in-country, cross-border transfers follow SDAIA guidelines, and audit trails meet NDMO requirements.
Open deep-diveNational Data Management Office and National Cybersecurity Authority controls — data classification, sovereignty enforcement, and incident reporting aligned with KSA frameworks.
Open deep-diveAnnex III risk classification, conformity assessment, evidence pack — every requirement mapped to a platform feature.
Open deep-diveCIR-2 incident tracking, TLPT scenarios, ICT third-party register — primitives ship with the appliance.
Open deep-diveLogging defaults, retention windows, incident-response runbooks — all ENISA-aligned out of the box.
Open deep-diveBanking (EBA, ECB), Healthcare (MDR, IVDR), Public sector (eIDAS, ENISA SecaaS) — overlay packs available per industry.
Open deep-diveSovereign hosting options
Trust centre + Sovereign engagement
The Trust Centre publishes pen-test summaries, SBOM, signed bundle verification instructions, and the current set of attestations. The Sovereign SE has run procurement at a bank; they speak procurement.