Enterprise Trust & Compliance Hub

Trust Hub

Comprehensive trust hub with security, compliance, policies, and document management. Built for institutional buyers operating in security-critical, regulated, and mission-dependent environments.

Six Pillars of Trust

Our trust framework spans security, compliance, privacy, and customer enablement across all four layers of our trust stack.

01

Security Certifications

Third-party audited assurance and compliance frameworks

02

Data Protection

Encryption, access controls, and privacy compliance

03

Operational Resilience

Business continuity, disaster recovery, and incident response

04

Compliance Automation

Real-time monitoring, evidence collection, and audit trails

05

Regulatory Alignment

MAS TRM, MiCA, DORA, GDPR, and global compliance frameworks

06

Customer Enablement

Audit trails, evidence packages, and compliance automation tools

PILLAR 01

Security

Multi-layered security architecture protecting mission-critical infrastructure with defense-in-depth strategies across infrastructure, applications, and cryptographic systems.

Infrastructure Security

  • Zero-trust network architecture with microsegmentation
  • Multi-region deployment with geographic redundancy
  • DDoS protection and traffic filtering
  • Secure network configuration with firewall rules
  • Intrusion detection and prevention systems (IDS/IPS)
  • Regular infrastructure security audits

Application Security

  • Secure software development lifecycle (SSDLC)
  • Static and dynamic application security testing (SAST/DAST)
  • Dependency scanning and vulnerability management
  • Code review and security-focused peer review
  • Container security and image scanning
  • API security with rate limiting and authentication

Cryptographic Security (QNSP)

  • Post-quantum cryptography (ML-KEM, ML-DSA, SLH-DSA)
  • Hybrid classical + PQC key exchange
  • Hardware security module (HSM) integration
  • Cryptographic key lifecycle management
  • FIPS 140-3 compliance track
  • CNSA 2.0 algorithm alignment

Incident Response

  • 24/7 security operations center (SOC) monitoring
  • Documented incident response plan (IRP)
  • Security incident classification and escalation
  • Forensic investigation capabilities
  • Breach notification procedures (GDPR, PDPA compliant)
  • Post-incident review and remediation

Security Contact

For security vulnerabilities, incident reports, or security inquiries, contact our security team at security@cuilabs.io. We maintain a responsible disclosure program and respond to security reports within 24 hours.

PILLAR 02

Compliance & Certifications

Third-party audited certifications and regulatory framework alignment demonstrating our commitment to security, quality, and operational excellence.

Current Certifications

CSA STAR Level 1 Certified

Registered in the Cloud Security Alliance STAR Registry, documenting security controls across the CSA Cloud Controls Matrix (CCM). This self-assessment certification demonstrates our commitment to transparency and industry-standard security practices.

View STAR Registry listingView detailed Security & Certifications →

ISO Certification Track

CUI Labs is preparing for the following ISO certifications, with formal processes scheduled to commence Q2 2026 subject to funding and customer acquisition milestones. These are not yet certified.

ISO 27001In Progress

Information Security Management

Systematic approach to managing sensitive information with risk-based controls

ISO 22301In Progress

Business Continuity Management

Framework for preventing, preparing for, responding to, and recovering from disruptions

ISO 9001In Progress

Quality Management System

Consistent delivery of products and services meeting customer requirements

ISO 14001In Progress

Environmental Management

Systematic approach to managing environmental responsibilities

ISO 45001In Progress

Occupational Health & Safety

Framework for improving employee safety and reducing workplace risks

ISO 42001Planned

AI Management System

Requirements for responsible AI development and governance (planned)

Regulatory Frameworks

MAS TRM

Singapore

Technology Risk Management Guidelines

MiCA

European Union

Markets in Crypto-Assets Regulation

DORA

European Union

Digital Operational Resilience Act

GDPR

European Union

General Data Protection Regulation

CCPA

United States

California Consumer Privacy Act

PDPA

Singapore

Personal Data Protection Act 2012

FATF

International

Financial Action Task Force Travel Rule

CNSA 2.0

United States

Commercial National Security Algorithm Suite

FIPS 140-3

United States

Cryptographic Module Validation Program

Certification Disclaimer: ISO certification processes are subject to independent third-party audit schedules, certification body availability, and successful completion of all audit stages. Timelines may be affected by external factors including regulatory changes, certification body capacity, and audit findings. No ISO standard is represented as certified until official certificates are issued by an accredited certification body.

PILLAR 03

Trust Stack Compliance

Layer-specific compliance across our four-layer trust stack: Cryptographic, Blockchain, AI, and Cloud. Each layer addresses unique regulatory requirements and industry standards.

Cryptographic Layer (QNSP)

Quantum-Native Security Platform

Standards & Algorithms

  • NIST PQC Standards (ML-KEM-768/1024, ML-DSA-65/87, SLH-DSA)
  • CNSA 2.0 algorithm suite alignment
  • Hybrid classical + post-quantum key exchange
  • FIPS 140-3 Level 3 compliance track
  • Common Criteria EAL4+ evaluation (planned)

Export Controls & Certifications

  • Singapore Strategic Goods Control Act (SGCA)
  • U.S. Export Administration Regulations (EAR)
  • International Traffic in Arms Regulations (ITAR)
  • Wassenaar Arrangement dual-use controls
  • CAVP cryptographic validation (planned)

Blockchain Layer (QSIG)

Quantum-Safe Interoperable Gateway

Financial Regulations

  • MAS TRM (Technology Risk Management) - Singapore
  • MiCA (Markets in Crypto-Assets) - EU
  • DORA (Digital Operational Resilience Act) - EU
  • FATF Travel Rule compliance
  • AML/CFT transaction monitoring

Blockchain Standards

  • Cross-chain interoperability standards
  • Smart contract security audits
  • Consensus mechanism validation
  • On-chain governance compliance
  • Tokenomics regulatory alignment

AI Layer (AIOS, DDIP)

Autonomous AI & Development Intelligence

AI Governance

  • EU AI Act compliance readiness (high-risk AI systems)
  • ISO 42001 AI Management System (planned)
  • Responsible AI framework and ethics guidelines
  • AI model transparency and explainability
  • Bias detection and mitigation protocols

AI Safety & Security

  • Adversarial robustness testing
  • Model security and anti-tampering
  • Data poisoning prevention
  • Privacy-preserving AI techniques
  • AI incident response procedures

Cloud Layer (IACC)

Industrial Autonomous Command Cloud

Cloud Security

  • SOC 2 Type 2 compliance (planned)
  • ISO 27017 cloud security controls (in progress)
  • CSA STAR Level 1 (certified)
  • CSA Cloud Controls Matrix (CCM) v4
  • Multi-region deployment with data residency

Infrastructure Compliance

  • Infrastructure as Code (IaC) security scanning
  • Container security and image signing
  • Kubernetes security hardening (CIS benchmarks)
  • Cloud-native security monitoring
  • Disaster recovery and business continuity
PILLAR 04

Privacy & Data Protection

Multi-jurisdictional privacy compliance with data residency, sovereignty, and cross-border transfer safeguards for Singapore, EU, and US regulations.

🇸🇬

PDPA (Singapore)

Personal Data Protection Act 2012

  • Consent management and notification obligations
  • Purpose limitation and data minimization
  • Accuracy and retention requirements
  • Protection and security safeguards
  • Access and correction rights
  • Data breach notification (within 72 hours)
  • Cross-border transfer restrictions
🇪🇺

GDPR (European Union)

General Data Protection Regulation

  • Lawful basis for processing (consent, contract, legitimate interest)
  • Data subject rights (access, rectification, erasure, portability)
  • Privacy by design and by default
  • Data protection impact assessments (DPIAs)
  • Data processing agreements with processors
  • Breach notification (72 hours to supervisory authority)
  • Standard Contractual Clauses (SCCs) for transfers
🇺🇸

CCPA (United States)

California Consumer Privacy Act

  • Consumer right to know what data is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising rights
  • Privacy notice and disclosure requirements
  • Verifiable consumer request procedures
  • Service provider agreements and restrictions
🌍

Data Residency & Sovereignty

Cross-Border Data Protection

  • Multi-region deployment (Singapore, EU, US)
  • Data localization for regulated industries
  • Sovereign deployment models (air-gapped, on-premises)
  • Cross-border transfer mechanisms (SCCs, BCRs)
  • Data residency guarantees per customer requirements
  • Encryption in transit and at rest (AES-256, PQC)
  • Customer control over data location and movement

Privacy Contact

For privacy inquiries, data subject requests, or to exercise your privacy rights:

Address: 552 Ang Mo Kio Avenue 10, Singapore 560552

See our Privacy & Data Protection Policy for complete details on how we collect, use, and protect your personal data.

PILLAR 05

Product Compliance

Product-specific regulatory obligations and compliance features across our solution portfolio, enabling customers to meet their compliance requirements.

QNSP Quantum-Native Security Platform

QNSP
  • Export control compliance (EAR, ITAR, SGCA, Wassenaar)
  • FIPS 140-3 cryptographic module validation (in progress)
  • NIST PQC algorithm certification (ML-KEM, ML-DSA, SLH-DSA)
  • Common Criteria EAL4+ security evaluation (planned)
  • CNSA 2.0 algorithm suite alignment
  • Quantum-safe certificate lifecycle management

QSIG Quantum-Safe Interoperable Gateway

QSIG
  • MAS TRM (Technology Risk Management) compliance
  • MiCA (Markets in Crypto-Assets) regulatory alignment
  • DORA (Digital Operational Resilience Act) requirements
  • FATF Travel Rule implementation
  • AML/CFT transaction monitoring and reporting
  • Cross-chain compliance and audit trail generation

AIOS Autonomous Interoperable Operating Systems

AIOS
  • EU AI Act high-risk AI system compliance readiness
  • ISO 42001 AI Management System (planned)
  • Responsible AI framework and ethics guidelines
  • AI model transparency and explainability requirements
  • Bias detection, mitigation, and fairness testing
  • AI incident response and safety protocols

DDIP Deterministic Development Intelligence Platform

DDIP
  • Code security scanning and vulnerability detection
  • Software supply chain security (SBOM, SLSA)
  • Secure development lifecycle (SDLC) automation
  • Compliance-as-code policy enforcement
  • Audit trail generation for development activities
  • IP protection and code provenance tracking

IACC Industrial Autonomous Command Cloud

IACC
  • SOC 2 Type 2 compliance (planned)
  • ISO 27017 cloud security controls (in progress)
  • CSA STAR Level 1 certified
  • Multi-tenant isolation and data segregation
  • Cloud-native security monitoring and alerting
  • Disaster recovery and business continuity (ISO 22301)

Tunnel Quantum-Safe Connectivity Fabric

Tunnel
  • Export control compliance (EAR, ITAR, SGCA)
  • WireGuard protocol security audit compliance
  • Quantum-safe VPN tunnel encryption (PQC-aware roadmap)
  • Network sovereignty and data residency controls
  • Multi-hop routing security and privacy guarantees
  • Telemetry data protection and encryption at rest

WAHH Blockchain Multi-Rails for Modern Finance

WAHH
  • MAS TRM (Technology Risk Management) compliance
  • MiCA (Markets in Crypto-Assets) regulatory alignment
  • FATF Travel Rule implementation
  • AML/CFT transaction monitoring and reporting
  • ESG reporting and sustainability metrics (CSRD alignment)
  • Token lifecycle governance and audit trails

Profy Modern Operating System for Finance & Compliance

Profy
  • Multi-jurisdiction tax compliance (GST, UK MTD, US IRS, HK IRD, AU BAS)
  • InvoiceNow (Singapore PEPPOL) integration
  • CPF (Central Provident Fund) payroll compliance
  • GDPR data protection and privacy controls
  • Financial audit trail generation (SOX compliance ready)
  • Banking integration security (ISO 20022, SWIFT)

CUE Operational Intelligence System

CUE
  • AI transparency and explainability requirements
  • Data privacy and user consent management (GDPR)
  • Responsible AI framework and ethics guidelines
  • Operational monitoring and incident response protocols
  • Knowledge base security and access controls
  • Continuous learning audit trails and version control

NIOS Neural-Interface Operating System

NIOS
  • Medical device regulatory pathway (FDA, CE Mark) - planned
  • Biometric data protection (GDPR Article 9)
  • Neurotechnology ethics and privacy frameworks
  • Human subjects research protocols (IRB compliance)
  • Data minimization and purpose limitation principles
  • Informed consent and user autonomy safeguards

Product Compliance Note: Each product is designed with compliance-by-design principles, embedding regulatory requirements directly into the architecture. Compliance features are continuously updated to reflect evolving regulations and industry standards. Contact our compliance team for product-specific compliance documentation and evidence packages.

PILLAR 06

Customer Enablement

Tools, artifacts, and automation to help customers meet their own compliance obligations using CUI Labs infrastructure and evidence-grade telemetry.

Audit Trails & Evidence Packages

  • Forensic-grade audit trails with immutable logging
  • Evidence-grade telemetry (OpenTelemetry traces, metrics, logs)
  • Compliance evidence packages (SOC 2, ISO 27001, GDPR)
  • Automated audit report generation
  • Cryptographic proof of data integrity
  • Tamper-evident audit log storage
  • Real-time compliance dashboard and monitoring

Control Mappings (Under NDA)

  • ISO 27001 Annex A control mapping
  • NIST Cybersecurity Framework (CSF) 2.0 mapping
  • CIS Controls v8 coverage mapping
  • SOC 2 Trust Services Criteria mapping
  • GDPR Article 32 technical measures mapping
  • Custom control-to-evidence register
  • Gap analysis and remediation recommendations

Compliance Automation Features

  • Automated compliance policy enforcement
  • Real-time compliance monitoring and alerting
  • Continuous compliance validation
  • Automated evidence collection and archival
  • Compliance-as-code infrastructure
  • Regulatory change impact analysis
  • Automated compliance reporting workflows

Regulatory Reporting Tools

  • MAS TRM incident reporting automation
  • GDPR/PDPA breach notification workflows
  • MiCA/DORA regulatory reporting templates
  • FATF Travel Rule transaction reporting
  • Automated regulatory filing generation
  • Multi-jurisdiction reporting support
  • Audit-ready compliance documentation

Request Compliance Artifacts

Qualified enterprise buyers can request compliance evidence packages, control mappings, technical artifacts, and operational runbooks under NDA. Our compliance team will work with you to provide documentation tailored to your deployment scope and regulatory requirements.

Compliance Team: compliance@cuilabs.io
Legal Team: legal@cuilabs.io
DOCUMENT MANAGEMENT

Policy Library

Comprehensive management system policies and governance documentation supporting ISO certification and audit readiness.

Management System Policies

ISO certification program scheduled to commence Q2 2026, subject to funding and customer acquisition milestones.

In Development

Information Security Policy

ISMS policy covering CIA triad, risk management, incident response

ISO 27001

In Development

Business Continuity Policy

BC policy with RTO/RPO objectives and disaster recovery

ISO 22301

In Development

Quality Management Policy

QMS policy covering customer satisfaction and continuous improvement

ISO 9001

In Development

Environmental Policy

EMS policy with carbon neutrality and sustainability objectives

ISO 14001

In Development

OH&S Policy

Occupational health and safety policy with zero harm objective

ISO 45001

Governance & Risk

In Development

Risk Management Framework

Risk assessment methodology, appetite, and treatment approach

In Development

ISMS Scope Statement

Information Security Management System scope and boundaries

In Development

Statement of Applicability

ISO 27001 Annex A controls applicability summary

Legal & Compliance Documents

Privacy & Data Protection

Terms of Use

Cookie Policy

Sustainability Commitment

Export Control Notice

Security Limitations

AUDIT EVIDENCE

📚 Compliance Resources

Evidence, artifacts, and documentation for auditors and enterprise buyers conducting due diligence.

Control Mappings

Available under NDA

  • ISO 27001 Annex A control mapping
  • NIST Cybersecurity Framework (CSF) 2.0
  • CIS Controls v8 coverage mapping
  • Custom control-to-evidence register

Technical Artifacts

Available under NDA

  • Architecture diagrams (network, data flow, trust boundaries)
  • CBOM (Cryptographic Bill of Materials) exports
  • Telemetry samples (OpenTelemetry traces, metrics, logs)
  • PQC algorithm lifecycle tracking reports

Audit Evidence

Available under NDA

  • Internal audit schedule and results
  • Management review minutes
  • Certification status and roadmap
  • Evidence packages tailored to deployment scope

Regulatory Timeline

Public

  • PQC migration deadlines (CNSA 2.0)
  • MAS TRM compliance milestones
  • MiCA/DORA implementation timeline
  • ISO certification roadmap
View detailed timeline
REQUEST ACCESS

Document Request Center

Request compliance evidence, audit artifacts, and NDA-protected documentation for due diligence and regulatory review.

1

Initial Contact

Reach out with your scope and timeline

2

NDA & Scoping

Execute NDA and define evidence requirements

3

Secure Delivery

Access artifacts via secure data room

Contact Compliance Team

Compliance Team

compliance@cuilabs.io

Legal Team

legal@cuilabs.io

Security Team

security@cuilabs.io

Response time: Within 24 hours for compliance inquiries

Additional Resources

Explore detailed compliance documentation and certifications

Security & Certifications

CSA STAR Level 1, ISO certification roadmap, and audit artifacts

View details

Export Control Notice

EAR, ITAR, SGCA compliance for cryptographic products

View details

Security Limitations

Product security limitations and warranty disclaimers

View details

Privacy & Data Protection

PDPA, GDPR, CCPA compliance and data protection policy

View details

Terms of Use

Service terms, acceptable use, and intellectual property

View details

Cookie Policy

Cookie usage, tracking, and consent management

View details