Compliance

Last updated:

1. Our Compliance Commitment

Scudo AI is designed from the ground up to help organizations meet their regulatory requirements. Our Private AI architecture inherently supports compliance by keeping data local and under your control.

2. GDPR Compliance

Our solutions support GDPR (General Data Protection Regulation) compliance:

  • Data Minimization: Process only necessary data
  • Purpose Limitation: Data used only for specified purposes
  • Storage Limitation: Configurable data retention
  • Data Sovereignty: Data stays within your jurisdiction
  • Data Subject Rights: Support for access, rectification, erasure
  • Privacy by Design: Built into our architecture

Local deployment significantly reduces data-transfer concerns.

3. EU AI Act Compliance

Our systems are designed to align with the EU AI Act (Regulation 2024/1689) as it phases in:

  • Risk Classification: Subject to Article 50 transparency obligations; not classified as high-risk in standard deployments. High-Risk classification under Annex III may apply per deployment - see AI Transparency.
  • Transparency: Clear disclosure of AI usage and capabilities
  • Human Oversight: All AI recommendations require human approval
  • Documentation: Comprehensive system documentation provided
  • AI Literacy: Training available for users

See our AI Transparency page for detailed information.

4. Healthcare Compatibility (HIPAA Technical Safeguards)

For US healthcare deployments where HIPAA applies, our architecture is compatible with HIPAA Security Rule technical safeguards:

  • PHI Protection by Design: In standard on-premises deployments, Protected Health Information is processed on customer-controlled hardware
  • Access Controls: Role-based access to patient data
  • Audit Trails: Logging of data access
  • Encryption: Support for data encryption at rest and in transit
  • Business Associate Agreement: Evaluated case-by-case for in-scope US deployments

Note: HIPAA applies to US covered entities and their business associates. For EU customers, the primary framework is GDPR and (where applicable) sectoral regulations such as the EU Health Data Space.

5. Industry-Specific Compliance

Legal Services

  • Architecture compatible with attorney-client privilege requirements (tajemnica zawodowa)
  • Document confidentiality
  • No external data transmission in standard configuration

Government / Public Sector

  • Architecture supports data-sovereignty requirements
  • Air-gapped deployment available
  • EU-deployable architecture; foreign-origin hardware/software dependencies disclosed in deployment documentation

Financial Services

  • Audit trail capabilities
  • Data retention compliance
  • Access control and monitoring

6. Compliance Support

We provide the following to support your compliance efforts:

  • Technical documentation for auditors
  • Data Processing Agreements (DPA)
  • Security questionnaire responses
  • Compliance consultation

Contact us for compliance-related inquiries: office@scudoai.com