OneCompliant s.r.o. is registered in the Slovak Republic and built EU-first: AI governance, security, and compliance for regulated European enterprises — designed and delivered from inside the regulatory environment it serves. The OneCompliant platform — OASAT, OASF, OASAP, and Aegis — is deployed in production at a tier-1 European telecommunications operator.
OneCompliant is deliberately founder-led. Clients work directly with the former Global CISO who built the platform — senior expertise on every engagement, scaling through specialist partners when a programme requires it.
Founder & Managing Director — OneCompliant s.r.o.
Kevin Wade Stout is an internationally recognised cybersecurity and AI security executive with more than two decades of experience leading security programmes across global enterprises, critical infrastructure, telecommunications, healthcare, aviation, defence, and government environments. He is the Founder and Managing Director of OneCompliant s.r.o., where he has developed the OASF, OASAT, OASAP, and Aegis governance platform.
Kevin's career spans global enterprise security leadership, defence and government, and AI security at operational scale. Every product and service OneCompliant delivers is grounded in this lived experience — not theory.
Founded OneCompliant s.r.o. to help organisations adopt artificial intelligence securely, responsibly, and at scale. Developed proprietary methodologies including the OneCompliant AI Security Framework (OASF), AI Security Assessment Toolkit (OASAT), AI Security Awareness Programme (OASAP), and Aegis — an emerging AI governance and control platform providing policy enforcement, risk management, auditability, and runtime governance for enterprise AI environments.
Embedded daily as AI Security Executive at one of Europe's leading telecom operators. Production gate authority — no AI capability proceeds to cloud or production without Kevin's security recommendation. Delivered the Agentic AI and Digital Twins security briefing directly to the CISO, which was adopted as the operational standard. OASAP awareness programme adopted across the organisation in multiple languages and published on the operator's official learning management platform.
Served as Head of Global Information Security at Merck KGaA, leading a global cybersecurity organisation of more than 60 professionals responsible for Security Operations, Incident Response, Vulnerability Management, Application Security, Security Engineering, Governance, Risk & Compliance, and security services supporting business operations across Europe, Asia-Pacific, the Americas, and the Middle East.
Supported U.S. government and defence missions including assignments supporting the Department of Defense and Department of Homeland Security in the United States, Afghanistan, and Africa. These experiences provided a foundation in operational security, cyber defence, incident response, and risk management under high-pressure conditions. Top Secret/SCI clearance held.
Military service in the United States Air Force — providing the operational discipline, security mindset, and mission-critical standards that underpin Kevin's approach to enterprise security and AI governance. The Air Force foundation shaped the conviction that security controls must be operational, not theoretical.
OneCompliant's frameworks and products are built from real enterprise deployments — not academic models. Every control in OASF has been tested against real regulatory scrutiny in real regulated environments.
Kevin has sat in the CISO chair at global enterprise scale. OneCompliant speaks the language of the CISO because it was built by one — for a problem that every CISO in a regulated industry is facing right now.
Registered and operating in the Slovak Republic as an EU company. Working daily in EU regulated industries. The EU AI Act is not a distant regulation — it is the operating environment OneCompliant was built for.
Runtime AI governance, policy enforcement, AI risk assessments, prompt injection defence, and AI governance programme development across regulated industries.
EU AI Act, NIST AI RMF, ISO 42001, NIS2, GDPR, DORA, ISO 27001 — practical implementation across the frameworks regulated enterprises are accountable to.
Security of operational technology, national critical infrastructure, telecommunications security, and NIS2 compliance where system failure has safety consequences.
CISO advisory, enterprise security strategy, board and executive stakeholder engagement, security transformation, and global security programme management.
Security operations centres (SOC), incident response, threat detection, vulnerability management, and cyber defence under high-pressure operational conditions.
Cloud security architecture, Zero Trust implementation, DevSecOps, identity security, and application security across multinational enterprise environments.
Board-level security governance, executive stakeholder engagement, security transformation leadership, and organisational maturity improvement at global scale.
U.S. DoD and DHS assignments in the United States, Afghanistan, and Africa — operational security, cyber defence, and risk management under mission-critical conditions.
Enable organisations to adopt AI securely, responsibly, and at scale — with governance, control, and trust built in from the start.
Through OneCompliant, Kevin continues to help enterprises, regulators, and technology leaders establish trust, control, and resilience as artificial intelligence becomes integrated into critical business operations. AI adoption will not slow down. Regulatory pressure will not ease. The answer is governance that is operational — not just documented.
OneCompliant works directly with CISOs, CIOs, and enterprise security leaders. No sales team. No intermediary. Direct access to 20+ years of regulated enterprise AI security experience.