Compliance
Compliant by Design
Axon AI operates under rigorous regulatory frameworks because our customers — hospitals, banks, and logistics enterprises — have no room for compliance failures.
Certifications
Our Regulatory Posture
| Certification | Scope | Auditor / Basis | Status | Review Cycle |
|---|---|---|---|---|
| SOC 2 Type II | Security, Availability, Confidentiality | Independent accredited auditor | Current | Annual |
| ISO 27001 | Information Security Management System | Certification body accredited by UKAS | Current | 3-year surveillance |
| HIPAA | Protected Health Information (USA) | Internal controls + BAA available | Ready | Continuous |
| GDPR / UK GDPR | EU & UK personal data subjects | DPO oversight + SCCs in place | Current | Continuous |
| PCI-DSS Level 1 | Payment card data (Aetheris Voice integrations) | Qualified Security Assessor (QSA) | Attestation on request | Annual |
| NHS DSPT | NHS Data Security & Protection Toolkit (UK) | NHS Digital self-assessed, evidence reviewed | Standards Met | Annual |
Frameworks
Standards We Align To
NIST AI RMF
AI risk management applied at design, deployment, and monitoring stages.
OWASP LLM Top 10
Active controls against all 10 LLM application security risks.
EU AI Act (High-Risk)
Pre-emptive compliance posture for high-risk AI categories.
FHIR R4
Clinical data interoperability standard for all CareFlow integrations.
MiFID II
Financial instrument communications compliance for Aetheris Voice deployments.
To request a copy of our compliance documentation or vendor questionnaire, email [email protected].