Security, compliance, governance
An enterprise AI platform that starts from Italian and EU law as the default, not as a translation. Every control is documented, every region is declared, every Garante provvedimento is mapped to the SCUDO governance pack.
The six pillars
GDPR + Italian Garante
DPA signed with every customer, public sub-processor list, Schrems II compliant, alignment with the binding Provvedimenti issued by the Garante per la Protezione dei Dati Personali.
Statuto dei Lavoratori
Tenant-toggleable telemetry suppression mode, RSU/RSA agreement template shipped, onboarding gate that protects Italian IT admins from inadvertent compliance breaches.
Milano residency by default
eu-south-1 (Milano) primary, eu-central-1 (Frankfurt) failover. Alternatives include Azure italynorth, GCP europe-west8 (Milan), GCP europe-west12 (Turin) for Mode B/BYOC.
Per-tenant isolation
Postgres Row-Level Security, per-tenant storage prefixes, customer-rotatable CMEK keys in Mode B/C. No shared-bucket patterns anywhere in the platform.
SHA-256 provenance Hub
Every output, decision and governance event signed with SHA-256 over canonical JSON. Reconstruct 'what did the AI do for whom on what date' for up to 7 years.
EU AI Act + NIS2
Article 50 transparency + Article 53 GPAI conformance program in flight (target Q3 2026). NIS2 vendor due-diligence pack available (target Q2 2026).
Certifications and regulatory regimes
Current status and target dates.
Public artifacts
Everything your security review team needs is online and current.