🛡 Strategic Product · Compliance Control

From point-in-time audits
to continuous control
automated.

Compliance is managed as a one-off event. AEGIS turns it into a continuous control system — based on real evidence, integrated into operations and designed to scale with the organisation. Operational NIS2 compliance, not declarative.

Request pilot validation See how it works
AEGIS — High-level architecture (HLD)
HLD · High-Level Functional Model
The problem

Regulatory compliance is broken

Organisations invest enormous resources in compliance and still don't know with certainty whether they actually comply. The current model is manual, point-in-time and dependent on experts.

📋

Annual audits with an outdated snapshot

Compliance status is evaluated once or twice a year. In between, the organisation evolves and the report becomes obsolete from the very next day.

🧑‍💼

Permanent dependence on experts

Interpreting the regulation, gathering evidence, cross-referencing with third parties. Without dedicated experts, the process stalls. SMEs cannot afford this.

📁

Scattered and untraceable evidence

Documents in folders, emails, different systems. Without traceability between evidence and regulatory requirement, an audit becomes a manual search exercise.

🔗

Invisible supply chain

NIS2 requires control over suppliers. Current models use static questionnaires. No real visibility into how a supplier's non-compliance affects you.

The solution

Regulatory abstraction, not another checklist

AEGIS breaks regulations down into processable digital entities — requirements, conditions, evidence, controls — and evaluates them automatically and continuously against your organisation's reality.

Operational application flow
AEGIS — Functional flow of the operational application
Operational Application · Functional Flow

From regulation to evidence, in real time

AEGIS connects each regulatory requirement with the evidence that demonstrates it. The system evaluates the quality of each piece of evidence, detects gaps and generates a compliance status that updates continuously — without waiting for the next audit.

The evaluation engine considers relative evidence weights, sufficiency conditions and penalties for inconsistencies, producing an empirical and reproducible compliance score.

Functional architecture

Four modules, one coherent system

AEGIS is organised in functional layers that isolate regulation, analysis, evaluation and reporting. Each layer is independently scalable.

Module 01

Regulatory Back-Office

The core that transforms regulatory text into a structured graph of evaluable requirements. Uses specialised ETL pipelines, NLP and language models to decompose regulations into atomic processable entities.

  • Extraction and classification of regulatory provisions
  • Construction of the requirements graph with node relationships
  • Version control and validity tracking of regulations
  • Incorporation of case law and interpretive criteria
Module 02

Evaluation Engine

Continuously evaluates compliance status through an empirical scoring system that combines evidence quality, requirements coverage and penalties for inconsistencies.

  • Scoring by evidence, PCE, requirement and full regulation
  • Status classification: compliant, partial, absent, inconsistent
  • Trust model over evidence quality
  • Audit-ready reports generated automatically
Module 03

Evidence Management with LLM

Collects, organises and traces documentary and technical evidence. Language models assist in extracting relevant information from unstructured documentation and in mapping evidence to controls.

  • Semantic analysis of documents, contracts, internal policies
  • Automatic suggestion of evidence-to-control mappings
  • Complete traceability between evidence and regulatory requirement
  • Controlled use of AI: supervised, explainable and governed
Module 04

Supplier Federation

Models the supply chain as a network of compliance dependencies, not as a list of third parties. Enables visualisation of how a supplier's status impacts the principal entity's requirements.

  • Dynamic representation of supplier-entity relationships
  • Propagation of non-compliance effects across the chain
  • Compliance control of suppliers in critical chains
  • Aligned with NIS2 supply chain requirements
Regulatory pipeline

From legal text to a graph of evaluable requirements

The regulatory ETL pipeline extracts provisions from the directive text, classifies them semantically, identifies relationships between requirements and builds the graph that underpins all subsequent evaluation.

Each node in the graph — regulation, provision, requirement, condition, evidence, control point — has a typed structure that allows it to be treated as a processable entity by the evaluation system.

AEGIS — Regulatory decomposition pipeline
Regulatory Decomposition Pipeline
AEGIS — Evaluation Engine
Evaluation Engine · Continuous scoring
Evaluation engine

Empirical scoring, not binary

Most compliance tools give a binary result: compliant or non-compliant. AEGIS produces a continuous scoring model that represents degrees of compliance, detects inconsistencies and weights evidence quality.

The result is not a green traffic light. It is an audited, reproducible state with full traceability from the evidence to the article of the directive.

Regulatory coverage

Starts at NIS2. Scales to everything else.

AEGIS's architecture is regulation-agnostic. The same engine that evaluates NIS2 can be extended to GDPR, DORA, ENS or any ISO standard without redesigning the system.

NIS2 · In force GDPR DORA ENS ISO 27001 ISO 22301 Roadmap →

Is your organisation within the scope of NIS2?

From the initial assessment to continuous compliance monitoring. We validate the fit with your environment, no strings attached.

Request pilot validation Talk to an expert