Compliance

AI agent compliance across 7 frameworks

Execlave maps runtime enforcement, audit trails, and governance controls to the compliance frameworks your organization already cares about.

SOC 2 Type II

Service Organization Control framework for trust service criteria: security, availability, processing integrity, confidentiality, and privacy.

Requirement	Execlave coverage	Status
Access control and authentication	RBAC with 4 role levels, API key scoping, Clerk SSO integration
Change management	Prompt version control with approval workflows and rollback capability
Monitoring and logging	Immutable, cryptographically signed audit trails for all agent actions
Incident response	Automated incident creation, kill switches, and Slack/webhook notifications

European regulation establishing rules for AI systems, requiring transparency, human oversight, and risk management.

Requirement	Execlave coverage	Status
Human oversight (Article 14)	Human-in-the-loop approval workflows, kill switches, and agent pause controls
Transparency and traceability (Article 13)	Full execution trace logging with cryptographic verification
Risk management (Article 9)	Policy engine with semantic classification, anomaly detection, and cost governance
Data governance (Article 10)	PII detection and scrubbing, row-level data isolation

International standard for information security management systems (ISMS).

Requirement	Execlave coverage	Status
A.9 Access Control	Role-based access control, API key management, organization-scoped resources
A.12 Operations Security	Runtime enforcement, rate limiting, cost budgets, and automated policy evaluation
A.12.4 Logging and Monitoring	Append-only audit logs, hash-chain verification, real-time WebSocket monitoring
A.16 Incident Management	Automated incident creation, severity classification, kill-switch response

Health Insurance Portability and Accountability Act — protecting sensitive patient health information.

Requirement	Execlave coverage	Status
Access controls (§ 164.312(a))	RBAC, API key scoping, and organization-level resource isolation
Audit controls (§ 164.312(b))	Immutable audit logs for all agent actions and data access events
PHI de-identification	Automated PII/PHI detection and scrubbing in trace payloads
Integrity controls (§ 164.312(c))	Cryptographic hash-chain verification of audit data

General Data Protection Regulation — EU data privacy and protection framework.

Requirement	Execlave coverage	Status
Data minimization (Article 5)	PII detection, auto-redaction, and configurable data retention policies
Right to access (Article 15)	Exportable audit trails and compliance reports per organization
Data protection by design (Article 25)	Row-level isolation, encryption at rest and in transit, self-hosted option
Records of processing (Article 30)	Comprehensive trace records with metadata, classification, and policy outcomes

Payment Card Industry Data Security Standard for handling cardholder data.

Requirement	Execlave coverage	Status
Req. 7: Restrict access	Role-based access, policy-driven tool gating, and least-privilege enforcement
Req. 10: Track and monitor	Immutable, timestamped audit logs for all agent actions
Req. 3: Protect stored data	Auto-detection and masking of credit card numbers and financial PII

NIST Artificial Intelligence Risk Management Framework for trustworthy AI.

Requirement	Execlave coverage	Status
Govern: Establish AI governance	Centralized policy engine with organization-wide enforcement
Map: Identify AI risks	Semantic classification of agent actions, anomaly detection, risk scoring
Measure: Assess AI performance	Execution analytics, latency tracking, success/failure metrics
Manage: Manage AI risks	Kill switches, approval workflows, incident response, and cost governance

Execlave generates framework-specific compliance reports with per-control gap analysis. Available on all plans.