Our compliance posture

We operate as a data processor under GDPR. Lawful basis: art. 6(1)(b) (contract) and art. 6(1)(f) (legitimate interest for security). DPIA readiness: template prepared for customers; we provide data flows and categories on request.

Atlas supports Annex III risk classification and Article 6/9 compliance pack export. We track Article 13 (transparency) and Article 14 (human oversight) in the AI registry. Full coverage rolling out alongside the AI Act phased timeline (2026-2027).

Evidence collection is scaffolded and controls are being implemented. Audit window planned 2027 H1. We are not currently certified.

Not planned at this stage. We will revisit when customer requirements and business scale make it the right investment.