Compliance
Two categories: what we actively monitor, and what is designed into the system.
Actively monitored
GDPR (EU 2016/679)
Data processing register maintained. DPIA on file. EU representative appointed.
EU AI Act
Veracium's use of Claude Vision is classified, monitored against the obligations for limited-risk AI systems, and reviewed quarterly.
NIS2
As a digital infrastructure provider, Veracium is preparing for NIS2 compliance ahead of the German transposition deadline.
Whistleblower protection
Internal channel and external reporting partner for the EU Whistleblower Directive.
Designed in
GDPR by design and by default (Art. 25)
Minimisation, pseudonymisation, and purpose limitation are built into the data model, not bolted on.
Article 85 (journalistic exemption)
The platform is designed to operate within the German implementation of the journalistic exemption while still meeting GDPR's substantive standards where they apply.
C2PA-compatible certificates
Each Veracium certificate is structured to map to C2PA assertions, allowing interoperability with the broader provenance ecosystem.
BSI C5 readiness
The architecture is designed against the BSI C5 catalogue with a view to certification once Veracium operates at the scale where C5 is required.
For specific compliance questions: jorg@veracium.io.