KSA PDPL
Full data residency within the Kingdom. Processing stays in-country, cross-border transfers follow SDAIA guidelines, and audit trails meet NDMO requirements.
Open deep-diveSovereign track · regulated buyers
Operayde for regulated buyers — sovereign-grade out of the box.
If your AI buy involves your auditor, your regulator, or a sectoral supervisor, this is the right starting point. EU AI Act, DORA, NIS2, sectoral overlays — answered with a documented, audited, third-party-attestable platform.
Per-regulation deep dives
Each obligation, one platform feature.
KSA NDMO & NCA
National Data Management Office and National Cybersecurity Authority controls — data classification, sovereignty enforcement, and incident reporting aligned with KSA frameworks.
EU AI Act
Annex III risk classification, conformity assessment, evidence pack — every requirement mapped to a platform feature.
Open deep-diveDORA
CIR-2 incident tracking, TLPT scenarios, ICT third-party register — primitives ship with the appliance.
NIS2
Logging defaults, retention windows, incident-response runbooks — all ENISA-aligned out of the box.
Sectoral overlays
Banking (EBA, ECB), Healthcare (MDR, IVDR), Public sector (eIDAS, ENISA SecaaS) — overlay packs available per industry.
Sovereign hosting options
Pick where the compute lives.
- KSA primary — In-Kingdom data centres with full SDAIA and NDMO compliance. Processing and storage never leave Saudi Arabia.
- EU sovereign — FR / DE / IT regions, mTLS-pinned, full data-residency guarantee.
- UAE sovereign — UAE data centres for buyers under regional digital-sovereignty mandates.
- On-prem in your data centre — Deployed on your own infrastructure, pre-configured, named-engineer install.
Trust centre + Sovereign engagement
Third-party attestations, signed bundles, and a named human.
The Trust Centre publishes pen-test summaries, SBOM, signed bundle verification instructions, and the current set of attestations. The Sovereign SE has run procurement at a bank; they speak procurement.