Compliance
MeetLoyd is built for regulated industries, and we're straight about what that means. There are two different things people call "compliance", and we keep them separate so you always know what you're getting:
- Frameworks we align to — security and agentic-AI standards our architecture is designed and self-assessed against.
- Certifications — independent, third-party attestations, which take time and are explicitly tracked as in progress.
"What can you share for my vendor security review?" — Loyd can point you to the right compliance materials and, where access permits, help your team start a governance pack. Meet Loyd →
Frameworks we align to
These are agentic-AI and security frameworks our platform is designed against and self-assesses to. They reflect how the product is built — not a third-party audit:
| Framework | Alignment |
|---|---|
| Agent Trust Framework (ATF) | Designed to meet the core requirements at senior maturity |
| OWASP Agentic Top 10 | Controls implemented across all ten risk categories |
| SAFE-MCP | Large majority of techniques mitigated (a few are not applicable to our architecture) |
You can put these to work directly: turn on the matching governance packs and the relevant controls are enforced for your own agents.
Certifications
Independent attestations are tracked honestly, with status:
| Standard | Status |
|---|---|
| GDPR / UK GDPR | Supported via governance packs and data-sovereignty controls |
| HIPAA | Business Associate Agreement available |
| SOC 2 Type II | In progress |
| ISO 27001 | On the roadmap |
| ISO 42001 (AI management) | On the roadmap |
We don't claim certifications we don't hold. If a control or attestation isn't done yet, this page says so.
Compliance you can operate
Alignment on paper is worth little if you can't run it. MeetLoyd turns these frameworks into working controls:
- Governance packs spanning 32 regulations across the EU/UK, the Americas, APAC, and the Middle East — switch on what applies to you. See packs →
- A tamper-evident audit trail with SIEM export — the evidence your auditors ask for. See audit →
- Data sovereignty with customer-managed keys and bring-your-own-storage. See data sovereignty →
- Human oversight at every sensitive step. See human-in-the-loop →
For your vendor security review
If you're evaluating MeetLoyd, your account team can provide current security documentation and answer questionnaires. Because we keep frameworks and certifications clearly separated, what you receive reflects the platform's real state at the time you ask — no over-claiming.