Skip to main content

Compliance

MeetLoyd is built for regulated industries, and we're straight about what that means. There are two different things people call "compliance", and we keep them separate so you always know what you're getting:

  1. Frameworks we align to — security and agentic-AI standards our architecture is designed and self-assessed against.
  2. Certifications — independent, third-party attestations, which take time and are explicitly tracked as in progress.
You can just ask Loyd

"What can you share for my vendor security review?" — Loyd can point you to the right compliance materials and, where access permits, help your team start a governance pack. Meet Loyd →


Frameworks we align to

These are agentic-AI and security frameworks our platform is designed against and self-assesses to. They reflect how the product is built — not a third-party audit:

FrameworkAlignment
Agent Trust Framework (ATF)Designed to meet the core requirements at senior maturity
OWASP Agentic Top 10Controls implemented across all ten risk categories
SAFE-MCPLarge majority of techniques mitigated (a few are not applicable to our architecture)

You can put these to work directly: turn on the matching governance packs and the relevant controls are enforced for your own agents.


Certifications

Independent attestations are tracked honestly, with status:

StandardStatus
GDPR / UK GDPRSupported via governance packs and data-sovereignty controls
HIPAABusiness Associate Agreement available
SOC 2 Type IIIn progress
ISO 27001On the roadmap
ISO 42001 (AI management)On the roadmap

We don't claim certifications we don't hold. If a control or attestation isn't done yet, this page says so.


Compliance you can operate

Alignment on paper is worth little if you can't run it. MeetLoyd turns these frameworks into working controls:

  • Governance packs spanning 32 regulations across the EU/UK, the Americas, APAC, and the Middle East — switch on what applies to you. See packs →
  • A tamper-evident audit trail with SIEM export — the evidence your auditors ask for. See audit →
  • Data sovereignty with customer-managed keys and bring-your-own-storage. See data sovereignty →
  • Human oversight at every sensitive step. See human-in-the-loop →

For your vendor security review

If you're evaluating MeetLoyd, your account team can provide current security documentation and answer questionnaires. Because we keep frameworks and certifications clearly separated, what you receive reflects the platform's real state at the time you ask — no over-claiming.


Next steps