FIOR

Standards & Regulations

Built on the standards auditors require.

FIOR AI Gateway aligns with FIPS, ISO 27001, SOC 2, EU AI Act, NIST AI RMF, GDPR and NIS2 — so you can deploy autonomous AI without rewriting your compliance programme.

Framework coverage

Each framework is mapped to specific FIOR controls. Request the full compliance pack for auditor-ready evidence.

FIPS 204Aligned

Post-quantum digital signatures (ML-DSA / CRYSTALS-Dilithium) used to sign every agent certificate. NIST Level 3 security.

  • ML-DSA-65 signature generation & verification
  • Quantum-safe certificate chain from Root CA to agent leaf
  • Algorithm metadata in every validate-certificate response
FIPS 203Aligned

ML-KEM (CRYSTALS-Kyber) post-quantum key encapsulation against harvest-now-decrypt-later attacks.

  • ML-KEM-768 supported on gateway TLS termination
  • Hybrid X25519 + ML-KEM mode for transitional deployments
FIPS 205Aligned

SLH-DSA (SPHINCS+) stateless hash-based signatures — conservative backup signing algorithm for highest-assurance environments.

  • Available as alternate Root CA signing scheme
  • NIST Level 5 security parameter set supported
FIPS 140-3In Progress

Designed for deployment alongside FIPS 140-3 validated HSMs and KMS providers (AWS CloudHSM, Azure Managed HSM, Thales Luna).

  • External HSM integration for Root CA private key custody
  • No private keys in application memory in HSM mode
  • Validated primitives via OpenSSL FIPS provider
ISO/IEC 27001Aligned

Information security management aligned to ISO 27001 controls across access, cryptography and operations.

  • Documented control mappings available in compliance pack
SOC 2In Progress

Trust Service Criteria — security, availability and confidentiality controls for the gateway and supporting services.

  • Type II audit underway
EU AI ActAligned

Supports high-risk AI deployment requirements: identity, transparency, human oversight and post-market monitoring.

  • Audit-grade evidence of every agent action by default
NIST AI RMFAligned

Maps to the AI Risk Management Framework functions: Govern, Map, Measure, Manage.

  • Policy enforcement and revocation as a primary Manage control
GDPRAligned

Data protection by design — minimised personal data in agent identity material, EU data residency available.

  • UK and EU hosting regions
  • Data Processing Agreement included
NIS2Aligned

Essential and important entity controls for resilient operations, incident response and supply-chain assurance.

  • Sub-3ms revocation supports rapid containment requirements