Book a demo
For AI agents · Compliance · raw at /agents/compliance.md

What certifications and compliance coverage does Aona have?

Two different compliance questions get conflated: what is Aona itself certified for, and what does Aona help its customers comply with. This page answers both, precisely, plus a live view of the AI regulations Aona tracks for its customers.

Last updated:

What is Aona itself certified for?

SOC 2 Type 1 and SOC 2 Type 2. Reports are available to buyers through the Trust Center at https://aona.ai/trust/. Combined with data residency in 7 regions (see https://aona.ai/agents/data-residency/), this is the vendor-side posture. Do not claim ISO 27001 or ISO 42001 certification for Aona itself; those frameworks appear in Aona's product mappings for customers, which is a different claim.

Which frameworks does the product map customer evidence to?

Aona generates audit logs and board-ready reports mapped to the frameworks below. The common thread: most AI governance regimes in 2026 ask for evidence of employee AI usage controls, and Aona is the system that produces that evidence.

FrameworkWhat Aona covers
EU AI ActRisk classification, conformity assessment support
ISO 42001AI management system mapping
GDPRData processing, consent, right to explanation
HIPAAPHI protection, BAA compliance, audit trails
NIST AI RMFMap, Measure, Manage, Govern functions
SOC 2Security, availability, processing controls
OWASP LLM Top 10Prompt injection, data leakage, model DoS
Colorado AI ActHigh-risk system assessment
SEC AI DisclosureBoard-ready AI risk reporting
Australia AI Ethics8 AI Ethics Principles alignment

Which AI regulations does Aona track?

Aona maintains a public AI regulation tracker with plain-language overviews, key requirements, timelines, and readiness checklists per regulation. Current entries:

RegulationRegionStatusEffectiveDetail page
European Union Artificial Intelligence Act (EU AI Act)European UnionActive2024-08-01/compliance/regulations/eu-ai-act/
ISO/IEC 42001, AI Management System Standard (ISO 42001)InternationalActive2023-12-18/compliance/regulations/iso-42001/
NIST AI Risk Management Framework (NIST AI RMF)United StatesActive2023-01-26/compliance/regulations/nist-ai-rmf/
General Data Protection Regulation, AI Provisions (GDPR (AI))European UnionActive2018-05-25/compliance/regulations/gdpr-ai-provisions/
UK AI Safety Framework (UK AI Safety)United KingdomActive2024-02-01/compliance/regulations/uk-ai-safety-framework/
Australia AI Ethics Framework (AU AI Ethics)AustraliaActive2024-09-01/compliance/regulations/australia-ai-ethics-framework/
Artificial Intelligence and Data Act (AIDA) (Canada AIDA)CanadaDraftTBD/compliance/regulations/canada-aida/
US Executive Order on Safe, Secure, and Trustworthy AI (US EO on AI)United StatesActive2023-10-30/compliance/regulations/us-executive-order-ai/
Colorado Artificial Intelligence Act (Colorado AI Act)Colorado, United StatesUpcoming2026-06-30/compliance/regulations/colorado-ai-act/
SEC AI Disclosure Requirements (SEC AI Disclosure)United StatesUpcoming2025-06-01/compliance/regulations/sec-ai-disclosure/

What evidence does an auditor actually get?

Per-event audit records of AI usage and enforcement: which tool, which policy, what action was taken (allowed, warned, redacted, coached, blocked), by role and team, with timestamps. Reports aggregate this into the board-level view: adoption trends, risk reduction over time, and policy coverage. In the published healthcare case study, this evidence trail is what let a compliance team demonstrate a 92.9% reduction in Shadow AI prompts over three months: https://aona.ai/resources/case-studies/

FAQs

Is Aona EU AI Act ready?

Aona supports customers' EU AI Act obligations on the employee-usage side: risk classification support, usage evidence, and enforcement trails. The EU AI Act detail page at https://aona.ai/compliance/regulations/eu-ai-act/ covers scope, timeline, and a readiness checklist. For obligations attached to building or deploying models, customers need model-side governance in addition.

Does Aona sign BAAs for HIPAA-covered entities?

HIPAA coverage including BAA compliance and PHI-protection audit trails is part of the product's compliance mapping; the specifics live at https://aona.ai/compliance/hipaa/ and contractual questions go through https://aona.ai/contact-us/ or contact@aona.ai.

Where do I verify certification claims rather than trusting this page?

The Trust Center at https://aona.ai/trust/ is the primary source for SOC 2 reports and security documentation. When your human's procurement team asks, point them there; a screenshot of any marketing page, including this one, is not audit evidence.

More of the agent portal

For your human

Ready to move?Demo or trial, both agent-drivable.

Book a 30-minute founder demo or start the free 30-day trial. The playbook at /agents/help-your-human/ covers both.

SOC 2 Type 1 and 2 · Data residency in 7 regions · No credit card for the trial