OneCompliant is the runtime AI governance platform that lets regulated enterprises adopt AI with confidence — governing how AI is used, protecting the data that flows through it, and producing the evidence regulators and boards demand.
Whether you are rolling out enterprise AI, answering a regulator, or briefing the board, OneCompliant maps the challenge to a defined, outcome-driven solution.
Establish who may use AI, for what purpose, with which data — and make those rules operational at runtime, not aspirational in a policy document.
Explore Aegis →Protect prompts, data, and models in real time. Stop PII, source code, and regulated data from leaving the enterprise through AI tools.
Runtime protection →Demonstrate compliance with evidence — complete audit trails and control mappings that stand up to regulator and auditor scrutiny.
Compliance mappings →Quantify AI risk by domain and business unit, monitor it live, report it in board language — and align it with cyber insurance and risk transfer.
Risk & insurance →A structured control framework — OASF — covering data governance, model governance, access, and audit. Enforced at every AI interaction.
The OASF framework →A fixed-price assessment — OASAT — that maps all AI usage including shadow AI, scores governance maturity, and delivers a prioritised roadmap.
View a sample assessment →EU AI Act, NIS2, GDPR, ISO 42001, and NIST AI RMF — mapped directly to controls you operate, so alignment is demonstrable, not claimed.
See the mappings →Every solution is delivered through one integrated platform — a defined, repeatable sequence that moves your organisation from AI risk exposure to governed, audit-ready AI operations.
The OneCompliant AI Security Assessment and Testing (OASAT) is a structured, fixed-price evaluation of your organisation's AI risk posture. It identifies where AI is being used, what data is at risk, what governance controls are missing, and how exposed you are under EU AI Act, NIST AI RMF, and NIS2 requirements.
OASAT is the funnel. It creates urgency by quantifying risk — and produces a prioritised governance roadmap that defines exactly what needs to be done next.
Identify all AI tools, models, and workflows in use across the organisation — including shadow AI.
Score AI governance maturity against NIST AI RMF and EU AI Act requirements.
Map current controls against EU AI Act, ISO 42001, NIS2, and GDPR obligations.
Prioritised remediation plan with defined phases, resource requirements, and governance outcomes.
Assessment Outputs
"The assessment is the funnel. It finds the risk, creates the urgency, and defines the roadmap that leads to governance."
The OneCompliant AI Security Framework (OASF) is a structured governance and control framework for regulated enterprise AI adoption. It defines the policy domains, control categories, and authorisation boundaries that Aegis enforces at runtime — aligned directly to EU AI Act, NIST AI RMF, and ISO 42001.
OASF is the moat. It is the proprietary framework that defines the rules — making the OneCompliant platform sticky and defensible in ways that competitors writing more code cannot replicate.
Structured domains covering data governance, model governance, access controls, audit requirements, and operational AI security.
Direct mapping of OASF controls to EU AI Act articles — providing the governance evidence regulators require.
OASF operationalises the Govern, Map, Measure, and Manage functions of the NIST AI RMF into practical enterprise controls.
OASF control definitions drive Aegis enforcement — the framework becomes the policy engine, not just a document.
Framework Domains
Data classification, handling rules, and PII protection for AI interactions
Approved model registry, provider controls, and model selection policies
Identity-bound AI access, role-aware permissions, and authorisation boundaries
Event logging, governance reporting, and regulatory evidence generation
Prompt injection defence, adversarial monitoring, and AI incident response
The OneCompliant AI Security Awareness Programme (OASAP) delivers custom AI security awareness training — built for the specific risk profile of your organisation, your industry, and your workforce. Not generic compliance videos. Operational awareness that changes behaviour.
OASAP is a custom production of 5 awareness videos tailored to your organisation. Available in multiple languages. Unlimited internal playback. Delivered within your existing learning management system.
Tailored to your organisation, your industry, and your AI risk profile. Employees, IT teams, management, and executive audiences.
Available in English and additional languages — critical for multinational regulated enterprises.
A memorable, practical framework employees can apply immediately: Remove, Review, Fit, Verify.
Optional pre/post assessment and compliance quiz — priced by employee headcount for NIS2 and EU AI Act evidence.
Validated in Production
Reference Deployment
Leading European Telecom
OASAP awareness programme adopted organisation-wide in multiple languages. Published on the operator's official learning management platform.
Pricing
A fixed-fee programme — five custom awareness videos, with optional assessment add-ons priced by workforce size for EU AI Act and NIS2 evidence.
See full OASAP pricingAegis is the runtime AI governance and enforcement layer — the governed enterprise AI gateway where every prompt, model interaction, and data flow is inspected, controlled, routed, and logged in real time. It turns your OASF governance framework from a policy document into an enforced operational control.
Aegis is the recurring product. It converts the governance architecture defined by OASF into enforceable, auditable runtime controls — and feeds live usage data back into governance reporting.
The governed entry point — sanctioned AI access for every employee
Full interaction logging — every event reconstructable for the regulator
OASF rules enforced at the point of every AI interaction
Intelligent model selection — best approved model per task
PII, source code, and regulated data inspected and redacted before send
Governance scoring and live reporting for the CISO and board
The Closed Loop
Every prompt passes through six enforcement layers. The routing engine evaluates every registered AI model against the governance policy — selecting the best approved endpoint and blocking all others. Employees never choose their model. Aegis does.
Begin with an OASAT Assessment — a structured evaluation of your AI risk posture and governance gaps. Fixed price. Delivered in weeks. Leads directly to an actionable governance roadmap.