Skip to content
Execlave

§ COMPLIANCE

AI agent compliance across 7 frameworks

Execlave maps runtime enforcement, audit trails, and governance controls to the compliance frameworks your organization already cares about.

§ COVERAGE

Control-by-control coverage

Each framework maps directly to platform controls, so audit evidence is generated from real runtime behavior.

01 / Framework

SOC 2 Type II

Service Organization Control framework for trust service criteria: security, availability, processing integrity, confidentiality, and privacy.

Access control and authentication

Met

RBAC with 4 role levels, API key scoping, Logto SSO integration

Change management

Met

Prompt version control with approval workflows and rollback capability

Monitoring and logging

Met

Immutable, cryptographically signed audit trails for all agent actions

Incident response

Met

Automated incident creation, kill switches, and Slack/webhook notifications

02 / Framework

EU AI Act

European regulation establishing rules for AI systems, requiring transparency, human oversight, and risk management.

Human oversight (Article 14)

Met

Human-in-the-loop approval workflows, kill switches, and agent pause controls

Transparency and traceability (Article 13)

Met

Full execution trace logging with cryptographic verification

Risk management (Article 9)

Met

Policy engine with semantic classification, anomaly detection, and cost governance

Data governance (Article 10)

Met

PII detection and scrubbing, row-level data isolation

03 / Framework

ISO 27001

International standard for information security management systems (ISMS).

A.9 Access Control

Met

Role-based access control, API key management, organization-scoped resources

A.12 Operations Security

Met

Runtime enforcement, rate limiting, cost budgets, and automated policy evaluation

A.12.4 Logging and Monitoring

Met

Append-only audit logs, hash-chain verification, real-time WebSocket monitoring

A.16 Incident Management

Met

Automated incident creation, severity classification, kill-switch response

04 / Framework

HIPAA

Health Insurance Portability and Accountability Act — protecting sensitive patient health information.

Access controls (§ 164.312(a))

Met

RBAC, API key scoping, and organization-level resource isolation

Audit controls (§ 164.312(b))

Met

Immutable audit logs for all agent actions and data access events

PHI de-identification

Met

Automated PII/PHI detection and scrubbing in trace payloads

Integrity controls (§ 164.312(c))

Met

Cryptographic hash-chain verification of audit data

05 / Framework

GDPR

General Data Protection Regulation — EU data privacy and protection framework.

Data minimization (Article 5)

Met

PII detection, auto-redaction, and configurable data retention policies

Right to access (Article 15)

Met

Exportable audit trails and compliance reports per organization

Data protection by design (Article 25)

Met

Row-level isolation, encryption at rest and in transit, self-hosted option

Records of processing (Article 30)

Met

Comprehensive trace records with metadata, classification, and policy outcomes

06 / Framework

PCI DSS

Payment Card Industry Data Security Standard for handling cardholder data.

Req. 7: Restrict access

Met

Role-based access, policy-driven tool gating, and least-privilege enforcement

Req. 10: Track and monitor

Met

Immutable, timestamped audit logs for all agent actions

Req. 3: Protect stored data

Met

Auto-detection and masking of credit card numbers and financial PII

07 / Framework

NIST AI RMF

NIST Artificial Intelligence Risk Management Framework for trustworthy AI.

Govern: Establish AI governance

Met

Centralized policy engine with organization-wide enforcement

Map: Identify AI risks

Met

Semantic classification of agent actions, anomaly detection, risk scoring

Measure: Assess AI performance

Met

Execution analytics, latency tracking, success/failure metrics

Manage: Manage AI risks

Met

Kill switches, approval workflows, incident response, and cost governance

§ FAQ

Frequently asked questions

Common questions about Execlave's compliance coverage for AI agent workloads.

Does Execlave generate SOC 2 compliance evidence automatically?

Yes. Execlave generates SOC 2 Type II compliance reports from your actual runtime data — active policies, execution traces, audit logs, and team configurations. Reports map directly to Trust Services Criteria including access control, change management, monitoring, and incident response. No manual questionnaires required.

How does Execlave support EU AI Act Article 14 human oversight requirements?

Execlave provides human-in-the-loop approval workflows, kill switches that halt agents in under 15ms, and agent pause controls. These map directly to Article 14 human oversight requirements. All oversight actions are logged in the immutable audit trail for compliance evidence.

What HIPAA controls does Execlave cover for AI agent workloads?

Execlave covers four HIPAA Technical Safeguard requirements: access controls via RBAC and API key scoping (§164.312(a)), audit controls via immutable logs for all agent actions (§164.312(b)), PHI de-identification via automated PII/PHI detection and scrubbing in trace payloads, and integrity controls via cryptographic hash-chain verification (§164.312(c)).

Does Execlave support GDPR data protection by design requirements?

Yes. Execlave supports GDPR Article 25 (Data Protection by Design) through row-level data isolation, encryption at rest and in transit, and a self-hosted deployment option. Article 5 (Data Minimization) is covered by PII detection, auto-redaction, and configurable data retention policies. Article 30 (Records of Processing) is met by comprehensive trace records.

How does Execlave map to ISO 27001 information security controls?

Execlave maps to four ISO 27001 Annex A control groups: A.9 Access Control (RBAC, API key management, org-scoped resources), A.12 Operations Security (runtime enforcement, rate limiting, cost budgets), A.12.4 Logging and Monitoring (append-only audit logs, hash-chain verification), and A.16 Incident Management (automated incident creation, kill-switch response).

What is the NIST AI RMF and how does Execlave align with it?

The NIST AI Risk Management Framework provides guidelines for trustworthy AI across four functions: Govern, Map, Measure, and Manage. Execlave aligns with all four: centralized policy engine (Govern), semantic classification and risk scoring (Map), execution analytics and metrics (Measure), and kill switches, approval workflows, and cost governance (Manage).

Generate your first compliance report

Execlave generates framework-specific compliance reports with per-control gap analysis. Available on all plans.

Start free