Skip to main content
Solas Academy/Compliance
Compliance Vault

The Frameworks Behind Every Door

Solas Academy is designed to help regulated organisations meet their compliance obligations. Open the vault to see where each framework lands today.

Open vault
Framework Coverage

Ten Lighthouses. Three Bearings.

Click a lighthouse on the chart to read what coverage means in practice for that framework.

Solas · Maritime Compliance Chart
05°10°15°20°25°30°35°05°10°15°20°25°01020304050607080910NESWSCALE 1:50 N.M.
32°14′N · 04°12′E
MappedIn ReviewHelps customers meet
· keys to navigate
Beacon 01 / 10·Mapped·Articles 9, 10, 13, 14, 15, 43, 47, 72

EU AI Act

Solas Academy is designed for high-risk AI system obligations under Regulation (EU) 2024/1689. Risk-management documentation under Article 9, data-governance and quality controls under Article 10, transparency to deployers under Article 13, and human-oversight workflows under Article 14 — including the Article 14(4)(b) human-override pathway for AI-graded learner submissions. Accuracy, robustness, and cyber-security controls under Article 15. Annex IV technical-file artefacts are maintained for conformity assessment under Article 43. Post-market monitoring per Article 72 lands as structured telemetry in the audit trail. The Article 47 Declaration of Conformity is held in draft until a first EU prospect requires signature.

Click a lighthouse or use the stepper
Differentiating Controls

Three Blocks on One Chain

Capabilities most awareness platforms do not ship by default. The ones an auditor will ask about.

Block #001 · Block · integrity

Hash-chained audit log

Every administrative action, grading event, and policy change is appended to a tamper-evident chain. Each row links to the previous via SHA-256, and the head can be signed with the vendor Ed25519 key. Auditors verify after the fact that no row was inserted, deleted, or edited.

Auditor: “Prove no admin deleted a learner’s failure record before the audit.”

Maps to
  • GDPR Art 5(2) — Accountability
  • EU AI Act Art 12 — Record-keeping
  • ISO 27001 A.8.15 — Logging
  • SOC 2 CC7.2 — System monitoring
Receipts
  • SHA-256 chain · prev_hash + payload
  • Ed25519 signature on chain head
  • Append-only enforced at DB layer
  • Independent verification CLI
EU AI Act — Transparency Detail

How the AI Grader Stays Auditable

Forensic Bench · AI grader audit lane
Stage 01 · Parser
submission:
answer text ::INJECT[role=system]::
rationale = SYSTEM_FIXED_MSG · prompt-injection flagged

Post-parse rationale guardrail

Every grading response is parsed before any reasoning text reaches an admin or learner. Prompt-injection or role-marker patterns on the untrusted input boundary swap the model’s rationale for a fixed system message. The model never speaks for itself on a flagged submission.

Stage 02 · Verdict Floor
FAILREVIEWPASS
adversarial detected → force-fail

Verdict-floor sanitiser

Adversarial input force-fails the verdict regardless of model output. Ambiguous parses fail closed. An eight-second timeout prevents an unresponsive provider hanging a learner; on fallback the deterministic exact-match path takes over.

Stage 03 · Art. 14(4)(b)
AI verdictFAIL
HUMAN OVERRIDE
signed verdictPASS · reviewer:r0413

Article 14(4)(b) human override

Learners request a re-grade; the request enters a queue where a human reviewer applies the rubric directly, overrides the AI verdict, and signs the decision into the audit trail. AI verdict, rationale, override, and reviewer identity all remain visible to auditors.

audit-trail telemetry → ingest
Security Posture

Six Rotors. All Tuned.

Platform controls Solas Academy ships out of the box. Spin a rotor to read what it ciphers.

Cipher stack · 6 rotors mounted
ACEGIKMOQSUWYCHAIN01 · AROTORBDFHJLNPRTVXZAES-25602 · BROTORCEGIKMOQSUWYAMFA03 · CROTORDFHJLNPRTVXZBRBAC04 · DROTOREGIKMOQSUWYACTENANT05 · EROTORFHJLNPRTVXZBDTLS06 · FROTOR
ACEGIKMOQSUWYCHAINA
Rotor 01 · SEALED

Hash-chained audit logs

Append-only, cryptographically integrity-verifiable. Ed25519 signing available against the same key that signs licences and updates.

Evidence Under NDA

Open the Dossier

EU AI Act
Annex IV technical file
Authorised
SS
EU AI Act
Article 9 risk management
Authorised
SS
EU AI Act
Article 10 data governance
Authorised
SS
EU AI Act
Article 72 post-market monitoring
Authorised
SS
EU AI Act
Article 47 Declaration (draft)
Authorised
SS
Compliance Dossier
Under NDA

The full dossier on request

Annex IV technical files, Article 9 risk-management documentation, Article 10 data-governance records, post-market monitoring artefacts under Article 72, and the draft Article 47 Declaration of Conformity. Procurement, audit, and legal teams can request the package directly.

Request the dossier
In-Flight Programme

Stamps in the Ledger

Status changes when the evidence is signed — not when work begins.

Ledger · in-flight programme
Solas · RoadmapinternalSCHEDULED

Independent penetration testing

Engagement scheduled with an independent assessor. Findings and remediation will feed the security-evidence bundle.

Solas · RoadmapinternalIN REVIEW

ISO/IEC 42001 alignment

Ongoing internal review against the AI Management System standard. Gap analysis available to evaluating customers under NDA.

Solas · RoadmapinternalPENDING

EU authorised representative (Article 25)

Formal engagement of an EU authorised representative will be completed when the first EU prospect surfaces. Required before Article 47 signature.

Solas · RoadmapinternalDRAFT

Article 47 Declaration of Conformity

Held in draft, not signed. Will be executed alongside the EU authorised-representative engagement on the first EU deployment.

capability-tense — status changes when evidence is signed

Two ways to open a conversation

Compliance, procurement, and audit teams — reach the team directly. We answer control-by-control where it helps your assessment.

Request Compliance PackEmail Us Directly

Pack request opens the contact form pre-tagged with topic = compliance. Email opens your mail client.