Loading...
Loading...
Manage compliance across multiple regulatory frameworks, schedule and run audits, track compliance scores, and automate remediation workflows. DRD provides continuous compliance monitoring with audit-ready reporting.
Enable and configure the compliance frameworks relevant to your organization. Each framework defines specific requirements that are continuously monitored.
European Union AI regulation covering risk classification, transparency, and accountability.
General Data Protection Regulation for personal data handling and privacy rights.
Service Organization Control audit for security, availability, and confidentiality.
National Institute of Standards AI Risk Management Framework.
International standard for AI management systems and responsible AI practices.
{
"frameworks": ["eu_ai_act", "gdpr", "soc2_type2"],
"config": {
"eu_ai_act": {
"riskLevel": "high",
"transparencyRequirements": true,
"humanOversight": true
},
"gdpr": {
"dataResidency": "eu",
"dpo": "privacy@acme.com",
"retentionPolicy": "36m"
},
"soc2_type2": {
"trustServiceCriteria": ["security", "availability", "confidentiality"]
}
}
}
// Response
{
"enabledFrameworks": ["eu_ai_act", "gdpr", "soc2_type2"],
"totalRequirements": 247,
"initialScore": 68,
"gaps": 23,
"nextAuditAt": "2026-03-01T00:00:00Z"
}DRD supports multiple audit types to ensure continuous compliance coverage.
Automated
Continuous automated checks against framework requirements
Scheduled
Periodic comprehensive audits with detailed reporting
On-Demand
Manual audit triggered by operators or external events
Third-Party
External auditor integration for independent verification
import { DRD } from '@drd/sdk';
const drd = new DRD({ apiKey: process.env.DRD_API_KEY });
// Schedule a comprehensive audit
const audit = await drd.compliance.scheduleAudit({
type: 'scheduled',
frameworks: ['eu_ai_act', 'gdpr'],
scope: {
agents: ['agent_abc123', 'agent_def456'],
dateRange: { start: '2026-01-01', end: '2026-02-28' },
},
schedule: {
frequency: 'quarterly',
startDate: '2026-03-01',
notifyBefore: '7d',
},
});
// Run an on-demand audit
const onDemand = await drd.compliance.runAudit({
type: 'on_demand',
frameworks: ['soc2_type2'],
reason: 'Pre-certification preparation',
});
// Check audit progress
const status = await drd.compliance.getAuditStatus(onDemand.auditId);
console.log(status.progress); // 78 (percent complete)
console.log(status.findings); // 5 (issues found so far)Each framework generates a compliance score (0-100) based on requirement fulfillment. The overall compliance score is a weighted average across all enabled frameworks.
// Response
{
"overallScore": 82,
"frameworks": {
"eu_ai_act": {
"score": 85,
"totalRequirements": 89,
"met": 76,
"gaps": 13,
"criticalGaps": 2
},
"gdpr": {
"score": 91,
"totalRequirements": 72,
"met": 66,
"gaps": 6,
"criticalGaps": 0
},
"soc2_type2": {
"score": 70,
"totalRequirements": 86,
"met": 60,
"gaps": 26,
"criticalGaps": 4
}
},
"trend": "improving",
"lastAudit": "2026-02-01T00:00:00Z",
"nextAudit": "2026-03-01T00:00:00Z"
}// Get compliance score with breakdown
const score = await drd.compliance.getScore();
console.log(score.overallScore); // 82
console.log(score.frameworks.eu_ai_act.score); // 85
console.log(score.frameworks.eu_ai_act.gaps); // 13
// Get score history
const history = await drd.compliance.getScoreHistory({
period: '90d',
interval: 'weekly',
});
// Get framework-specific gap analysis
const gaps = await drd.compliance.getGaps('eu_ai_act');
for (const gap of gaps.items) {
console.log(gap.requirement); // 'Article 14 - Human Oversight'
console.log(gap.severity); // 'critical'
console.log(gap.remediation); // Suggested fix
}When audit findings or compliance gaps are identified, DRD creates remediation tasks that can be tracked through resolution.
identified
Issue discovered during audit
planned
Remediation plan created and assigned
in_progress
Fix being implemented
verification
Fix applied, awaiting verification
resolved
Issue resolved and verified
// List remediation tasks
const tasks = await drd.compliance.getRemediations({
status: 'in_progress',
framework: 'eu_ai_act',
severity: 'critical',
});
// Update remediation status
await drd.compliance.updateRemediation('rem_abc123', {
status: 'verification',
notes: 'Human oversight mechanism implemented for all high-risk agents',
evidence: {
type: 'documentation',
url: 'https://docs.acme.com/ai-oversight-policy',
},
});
// Get remediation timeline
const timeline = await drd.compliance.getRemediationTimeline('rem_abc123');
for (const entry of timeline) {
console.log(entry.timestamp); // '2026-02-10T14:00:00Z'
console.log(entry.action); // 'status_changed'
console.log(entry.details); // 'Moved to in_progress by Jane Smith'
}The risk classification engine evaluates each agent against multiple regulatory frameworks simultaneously. Classifications are continuously re-evaluated as agent behavior evolves.
Unacceptable
Prohibited AI practices (social scoring, real-time biometric ID in public). Automatically blocked.
High Risk
Requires conformity assessment, CE marking, registration in EU database. Full documentation.
Limited Risk
Transparency obligations. Users must be informed they are interacting with AI.
Minimal Risk
No specific obligations. Voluntary codes of conduct recommended.
{
"agentId": "agent_abc123",
"useCase": "content-moderation",
"sector": "media",
"interactsWithNaturalPersons": true,
"makesDecisions": true,
"affectsLegalRights": false
}
// Response
{
"riskLevel": "high",
"category": "AI systems used for content moderation",
"article": "Article 6(2)",
"obligations": [
"Risk management system (Art. 9)",
"Data governance (Art. 10)",
"Technical documentation (Art. 11)",
"Record-keeping (Art. 12)",
"Transparency (Art. 13)",
"Human oversight (Art. 14)",
"Accuracy and robustness (Art. 15)"
],
"complianceStatus": {
"met": 5,
"partial": 1,
"unmet": 1,
"score": 0.78
},
"deadline": "2027-08-02"
}The NIS2 Directive (2022/2555) imposes cybersecurity obligations on essential and important entities. DRD maps agent security controls to NIS2 requirements and tracks compliance status.
Risk analysis (Art. 21(2)(a))
Trust scoring + anomaly detection
Incident handling (Art. 21(2)(b))
Real-time event stream + enforcement
Business continuity (Art. 21(2)(c))
Circuit breakers + event replay
Supply chain security (Art. 21(2)(d))
Third-party risk management
Encryption (Art. 21(2)(h))
Ed25519 signatures + TLS 1.3
Access control (Art. 21(2)(i))
Scoped API keys + RBAC
DRD provides built-in controls for personal data handling. The platform enforces data minimization, supports subject access requests, and tracks data processing activities.
Data Minimization
Agents are restricted from collecting data beyond their declared purpose.
Right to Erasure
Automated data deletion workflows triggered by subject requests.
Consent Management
Track and enforce consent status for every data processing activity.
DPIA Automation
Data Protection Impact Assessment generated from agent behavior logs.
Processing Records
Article 30 records of processing activities maintained automatically.
Cross-Border Transfers
SCCs and adequacy decision tracking for international data flows.
DRD enforces data residency rules and jurisdiction-specific regulations. Configure per-workspace data residency policies that control where agent data is stored and processed.
{
"workspaceId": "ws_abc123",
"rules": [
{
"dataCategory": "personal_data",
"allowedRegions": ["eu-west-1", "eu-central-1"],
"blockedRegions": ["*"],
"regulation": "GDPR"
},
{
"dataCategory": "financial_data",
"allowedRegions": ["us-east-1"],
"blockedRegions": ["*"],
"regulation": "SOX"
}
],
"enforcement": "strict"
}
// Response
{
"applied": true,
"rulesActive": 2,
"affectedAgents": 12,
"effectiveAt": "2026-02-13T12:00:00Z"
}Generate audit-ready evidence packs for external auditors. Evidence packs include control mapping, test results, event logs, and compliance scores in formats accepted by major audit firms.
{
"framework": "soc2_type2",
"period": {
"from": "2025-01-01",
"to": "2025-12-31"
},
"includeRawLogs": false,
"format": "pdf"
}
// Response
{
"packId": "pack_abc123",
"framework": "soc2_type2",
"status": "generating",
"sections": [
"control_mapping",
"test_results",
"exception_log",
"management_assertions"
],
"estimatedSizeBytes": 2400000,
"downloadUrl": null,
"estimatedCompletionAt": "2026-02-13T12:05:00Z"
}The compliance calendar tracks regulatory deadlines, audit schedules, and certification renewal dates. Automatic reminders are sent 90, 60, 30, and 7 days before deadlines.
Track and manage compliance risk from third-party AI providers, sub-processors, and downstream consumers. DRD maintains a risk register that is automatically updated as vendor compliance status changes.
Vendor Security
ContinuousSOC 2 reports, pen test results, breach history
Data Processing
On changeDPA status, sub-processor list, transfer mechanisms
Model Risk
QuarterlyModel card updates, bias audits, safety evaluations
Operational Risk
ContinuousSLA compliance, incident history, uptime
Complete list of compliance API endpoints.
/api/compliance/frameworksList enabled frameworks
/api/compliance/frameworksEnable/configure frameworks
/api/compliance/scoreGet compliance scores
/api/compliance/score/historyGet score history
/api/compliance/gapsGet compliance gaps
/api/compliance/auditsSchedule or run an audit
/api/compliance/audits/{id}Get audit status/results
/api/compliance/remediationsList remediation tasks
/api/compliance/remediations/{id}Update remediation status
/api/compliance/eu-ai-act/classifyClassify agent risk level
/api/compliance/residencyConfigure data residency rules
/api/compliance/evidence-packGenerate audit evidence pack