AI Compliance Framework
Last updated: 1 February 2025
Our Compliance Philosophy
EngineVult AI treats regulatory compliance not as a constraint but as a competitive advantage. Every AI system we build is designed to be auditable, explainable, and compliant with applicable regulations from day one. This protects our clients, their customers, and the broader integrity of AI deployment.
UK GDPR & Data Protection Act 2018
All EngineVult AI systems comply with UK GDPR and the Data Protection Act 2018. This includes lawful basis documentation, privacy-by-design architecture, data minimisation, subject rights support, Data Processing Agreements, and Data Protection Impact Assessments for high-risk processing. See our GDPR page for full details.
FCA AI Guidance (Financial Services)
For financial services clients, EngineVult AI AI systems are designed in alignment with FCA guidance on AI — including explainability requirements for automated decisions, conduct risk management, Consumer Duty obligations, and model risk governance frameworks. We maintain full audit trails of all AI-driven decisions.
HIPAA (Healthcare — US)
For US-facing healthcare deployments, EngineVult AI offers HIPAA-compliant configurations including Business Associate Agreements (BAA), PHI-minimised data flows, HIPAA-compliant infrastructure, access controls and audit logging, and breach notification procedures.
EU AI Act Readiness
The EU AI Act introduces risk-based obligations for AI systems operating in the EU. EngineVult AI is monitoring implementation closely and building EU AI Act readiness into our product roadmap. High-risk AI systems (including certain HR screening and credit decision applications) will comply with transparency, human oversight, and documentation requirements.
Sector-Specific Compliance
Beyond the above, EngineVult AI provides compliance guidance for: NHS DSP Toolkit (healthcare data security), SRA Code of Conduct (legal sector AI use), ICO AI Auditing Framework, and NCSC Cyber Essentials. Contact us to discuss requirements specific to your sector.
Contact
compliance@enginevult.ai — for compliance enquiries, audit requests, and regulatory documentation.