Compliance Built for
Regulated Enterprise AI

ISO/IEC 42001:2023 is the first international standard for AI Management Systems. KXN is certified against this standard, demonstrating a systematic approach to responsible AI development, deployment, and monitoring.

• AI risk assessment and treatment process
• Documented AI ethics and accountability framework
• Regular third-party conformity assessments
• Continuous improvement processes for AI systems
• Governance structure with defined AI officer roles

Required by: financial services regulators, EU AI Act high-risk system operators, public sector AI procurement

Our SOC 2 Type II report covers the Trust Service Criteria for Security, Availability, and Confidentiality. The Type II audit tests controls over a 12-month observation period — not just a point-in-time assessment.

• Annual independent audit by a licensed CPA firm
• Controls tested over 12-month observation period
• Covers security, availability, and confidentiality TSCs
• Available under NDA to enterprise customers and prospects
• Continuous control monitoring between audits

Required by: enterprise security teams, vendor risk management programs, Fortune 500 procurement

KXN supports HIPAA-compliant deployments for healthcare customers. We sign Business Associate Agreements (BAAs) and our sovereign deployment model ensures PHI never leaves the customer's data perimeter.

• Business Associate Agreements (BAAs) available
• PHI never processed on shared infrastructure without BAA
• Sovereign deployment option: agents run in your HIPAA environment
• Audit logging of all PHI access events
• Workforce training and breach notification procedures

Required by: hospitals, health systems, health insurance companies, pharma, medical device companies

KXN processes EU personal data in compliance with GDPR. We act as a Data Processor for customer data and maintain a Data Processing Agreement (DPA) with all European customers.

• Data Processing Agreements (DPAs) for all EU customers
• Data residency options: EU-only infrastructure available
• Article 32 technical and organizational measures documented
• Data subject request handling process (access, deletion, portability)
• Privacy by design embedded in AI system architecture

Required by: any enterprise processing EU personal data, companies with EU customers or employees

KXN's AI governance program is aligned with NIST AI RMF 1.0. Our GOVERN, MAP, MEASURE, and MANAGE functions are documented and available to customers in our AI Risk Management documentation package.

• GOVERN: AI risk governance structure and policies
• MAP: AI use case risk categorization methodology
• MEASURE: AI model performance and risk metrics
• MANAGE: Incident response and model lifecycle management
• AI RMF Playbook available to enterprise customers

Required by: US federal agencies, DoD contractors, NIST-aligned enterprise AI programs

KXN's agentic AI platform is designed for EU AI Act compliance for high-risk AI system deployments. We provide technical documentation, conformity assessment support, and human oversight configuration required by the Act.

• Technical documentation package (Annex IV compliant)
• Human oversight mechanisms configurable per deployment
• Incident and near-miss logging for regulators
• Fundamental rights impact assessment support
• Registration support for EU AI Act database (where required)

Required by: enterprises deploying AI in EU-regulated domains (HR, credit, healthcare, critical infrastructure)