Compliance Frameworks

Meet regulatory requirements with Sekuire's compliance features.

Supported Frameworks

Framework	Industry	Key Requirements
SOC 2	SaaS/Cloud	Security, availability, integrity
HIPAA	Healthcare	PHI protection, access controls
GDPR	EU Data	Data privacy, consent, erasure
PCI-DSS	Payments	Cardholder data protection

Policy Configuration

Enable compliance checks in your workspace policy:

policy.jsonjson

{
  "compliance": {
    "frameworks": ["soc2", "hipaa"],
    "require_audit_logging": true,
    "require_encryption": true,
    "data_residency": "us",
    "retention_days": 90
  }
}

SOC 2

SOC 2 compliance for AI agents requires:

Audit logging — All agent actions logged
Access control — API key authentication
Encryption — TLS for data in transit
Availability — Heartbeat monitoring

Verification

bash

sekuire verify-agent --compliance soc2

HIPAA

For agents handling Protected Health Information (PHI):

BAA — Use HIPAA-compliant LLM providers
Minimum necessary — Restrict tool access
Audit trail — Log all PHI access
Encryption — At rest and in transit

HIPAA-Compliant Models

json

"models": {
  "allowed_providers": ["openai", "anthropic"],
  "allowed_models": [
    "gpt-4",  // OpenAI with BAA
    "claude-3-opus-20240229"  // Anthropic with BAA
  ]
}

⚠️Ensure you have a Business Associate Agreement (BAA) with your LLM provider before processing PHI.

For agents handling EU personal data:

Consent — User consent for data processing
Data minimization — Collect only necessary data
Right to erasure — Clear conversation history
Data residency — EU data centers

json

"compliance": {
  "frameworks": ["gdpr"],
  "data_residency": "eu",
  "retention_days": 30,
  "allow_data_export": true
}

Compliance Verification

Use the CLI to verify compliance before deployment:

Terminalbash

$ sekuire verify-agent --compliance hipaa

🔒 Running compliance verification...

   ✅ Identity verification passed
   ✅ Registry entry valid
   ⚠️  HIPAA compliance: 2 warnings
      - Audit logging not configured
      - Data encryption setting missing

Overall: PASSED with warnings

Compliance Badges

Verified agents can earn compliance badges that are displayed in the registry and dashboard:

SOC2 Verified - Agent meets SOC2 Type II requirements
HIPAA Compliant - Agent configured for PHI handling
GDPR Ready - Agent supports EU data protection requirements
PCI-DSS Certified - Agent meets payment card industry standards

Badges are issued after successful verification and are tied to a specific agent version. When the agent code changes, re-verification is required.

Request badge verificationbash

sekuire verify-agent --compliance soc2 --request-badge

ℹ️Badge issuance may require additional documentation and manual review for certain compliance frameworks.

Next Steps

Policies — Workspace policy system
Verify Agent — Full security audit