Trust, security and EU compliance
Built for European data sovereignty.
Every certification, every standard, every compliance position โ in one place. For DPOs, compliance officers, security architects and procurement teams who need to evaluate the trust posture before the technical conversation.
Certifications
iSHARE v3 certified
Certified Participant Credential Issuer and Authorization Registry.
EUDI Wallet ARF v1.5+ ready
Compatible with the European Digital Identity Wallet roadmap.
MCP-compatible
Authorization layer for the Model Context Protocol ecosystem.
EU Data Act mapping
The EU Data Act has been in force since September 2025. Our stack is built around the primitives the Act requires: verifiable identity, defined data access rights, consent management and a full audit trail. The full article-by-article mapping is in our security & compliance whitepaper.
Download the full mapping โGDPR position
We operate as data processor by default. Controller arrangements, sub-processor disclosures and specific data flow agreements are confirmed per deployment in the architecture review and contract phase.
ISO 27001
We operate to ISO 27001-aligned practices. Current certification status and audit roadmap are shared under NDA in the compliance review.
Data residency
EU-only deployment. The Netherlands is the primary deployment region. Specific region and residency requirements are confirmed per deployment.
Audit and observability
Every credential issuance, every authorization decision, every administrative action is logged. Logs are available to customers and to auditors under contract. Tenant-level telemetry is available to wholesale operators.
Standards we use
OID4VCI
OpenID for Verifiable Credential Issuance.
SD-JWT
Privacy-preserving, selectively disclosable credentials.
EUDI Wallet ARF v1.5+
European Digital Identity Wallet reference architecture.
iSHARE v3
Certified trust framework for data spaces.
MCP-compatible
Authorization layer for the Model Context Protocol ecosystem.
EU Data Act
In force since September 2025.
Security operations
Penetration testing is performed on a regular cadence by an independent specialist. Vendor and findings are shared under NDA in the compliance review. Security operations follow documented incident response and change management processes.