Compliance Cockpit
Enterprise Feature -- The Compliance Cockpit is available exclusively on the Enterprise tier.
The Compliance Cockpit is MeetLoyd's integrated compliance command center, built specifically for enterprises deploying AI agents in regulated industries. It transforms regulatory burden into competitive advantage with automated evidence collection, real-time compliance monitoring, and audit-ready reporting.
Overview
Access the Compliance Cockpit from the layout navigation pill in the top bar -- click Compliance in the Admin | Openspace | Compliance switcher (Enterprise tier, admin/owner role only).
The Cockpit provides:
- Real-time compliance scores across all enabled governance packs
- Unified regulation management for GDPR, HIPAA, EU AI Act, SOX, DORA, ISO 27001, ISO 42001, NIS2
- Automated evidence collection from governance events
- Risk registry for AI risk management
- Impact assessments (AIIA, DPIA, FRIA)
- Policy lifecycle management with version control
- External auditor portal with token-based access
- Scheduled reporting in PDF, CSV, and Excel formats
Navigation
| Section | Description |
|---|---|
| Overview | Compliance dashboard with scores, trends, and alerts |
| Regulations | Browse enabled governance packs and their controls |
| Assessments | AI Impact, Data Protection, and Fundamental Rights assessments |
| Risk Registry | Track, assess, and treat AI-related risks |
| Controls | Control matrix with effectiveness tracking |
| Evidence Vault | Cryptographically verified audit evidence |
| Violations | Track violations with SLA management |
| Reports | Generate and schedule compliance reports |
| Policies | Policy documents with acknowledgment workflow |
| Auditor Sessions | Manage external auditor access |
Regulations & Frameworks
When you enable a governance pack, its controls automatically appear in the Cockpit.
| Framework | Governance Pack | Key Focus |
|---|---|---|
| GDPR | gdpr | Data protection, privacy rights |
| HIPAA | hipaa | Healthcare data protection |
| EU AI Act | eu_ai_act | AI system requirements, human oversight |
| SOX | sox | Financial controls, segregation of duties |
| DORA | dora | Digital operational resilience |
| ISO 27001 | iso_27001 | Information security management |
| ISO 42001 | iso_42001 | AI management system |
| NIS2 | nis2 | Network and information security |
| SOC 2 | soc2 | Trust service criteria |
| PCI-DSS | pci_dss | Payment card security |
Evidence Vault
The Evidence Vault stores audit evidence with cryptographic verification to ensure integrity.
Evidence Types
| Type | Description |
|---|---|
| Auto-collected | Automatically captured from governance events (violations, remediations, configuration changes) |
| Manual upload | Uploaded documents (PDF, images, DOCX, XLSX, etc.) -- max 50 MB |
| Generated report | System-generated compliance reports |
Hash Verification
All evidence files are hashed with SHA-256 on upload. Verify integrity at any time to confirm files haven't been tampered with.
| Status | Meaning |
|---|---|
| Pending | Not yet verified |
| Verified | Hash matches stored value |
| Tampered | Hash mismatch detected |
| Error | Verification failed (file unreadable) |
Risk Registry
Track and manage AI-related risks.
| Field | Description |
|---|---|
| Title | Risk name |
| Description | Detailed risk description |
| Category | Operational, technical, compliance, security, reputational, or financial |
| Likelihood | Rare, unlikely, possible, likely, or almost certain |
| Impact | Minimal, minor, moderate, major, or severe |
| Inherent Score | Calculated from likelihood times impact |
| Treatment Status | Identified, analyzing, treating, monitoring, or closed |
| Treatment Plan | Mitigation strategy |
| Owner | Assigned user |
| Review Date | Next review deadline |
Impact Assessments
Conduct structured assessments for AI systems.
| Type | Full Name | When Required |
|---|---|---|
| AIIA | AI Impact Assessment | EU AI Act high-risk systems |
| DPIA | Data Protection Impact Assessment | GDPR high-risk processing |
| FRIA | Fundamental Rights Impact Assessment | EU AI Act public sector |
Assessment workflow: Draft → In Review → Approved (or Rejected for revisions).
Policies
Manage compliance policies with version control and acknowledgment tracking.
Policy lifecycle: Draft → Published (requires acknowledgment) → Archived (superseded by newer version).
Each edit creates a new version. Track who has acknowledged each published policy.
Reports
Report Formats
| Format | Use Case |
|---|---|
| Board presentations, external sharing | |
| CSV | Data analysis, spreadsheet import |
| XLSX | Excel with multiple sheets |
Reports can be generated on-demand or on a schedule (weekly, monthly, quarterly, annually) with email delivery to compliance teams.
Auditor Portal
Provide external auditors with secure, read-only access.
How It Works
- Create an auditor session with auditor details, audit type, scope, and expiration date
- Optionally scope access to specific evidence items
- Share the one-time access token securely with the auditor
- Auditors use the token to access a dedicated portal where they can view evidence, compliance status, and submit findings
- Track finding workflow: Open → Responded → Closed (or Disputed)
The auditor access token is only shown once at creation time. Share it securely.
Violations
Track governance violations with SLA management.
Violation Sources
Violations flow from the Governance Packs system: DLP policy violations, kill switch triggers, four-eyes principle bypasses, prompt injection attempts, and budget overruns.
SLA Tracking
| Severity | Default SLA |
|---|---|
| Critical | 4 hours |
| High | 24 hours |
| Medium | 72 hours |
| Low | 7 days |
Remediation Workflow
Open → Acknowledged → Remediated → Closed
Next: Learn about Governance Packs for the underlying control modules.