Compliance Frameworks
Xilos supports the compliance frameworks that matter most to enterprise AI deployments. Each framework maps to specific Xilos features that help you meet your regulatory and contractual obligations.
Supported Frameworks
- HIPAA — Healthcare data protection with BAA, PII detection, and audit logging.
- GDPR — EU data residency, data subject rights, and PII detection.
- SOC 2 — Security, availability, processing integrity, confidentiality, and privacy.
How Xilos Helps
Xilos provides features that directly support compliance across all three frameworks:
Audit Trail
Every query, routing decision, restriction trigger, and configuration change is logged. The audit trail is searchable and exportable, giving you evidence for compliance audits.
Restriction Rules
Restriction rules let you block, mask, or flag queries that contain sensitive content. Use keyword rules for deterministic blocks (e.g., SSNs) and AI rules for semantic policy enforcement.
Data Residency
Configure data residency to control where your data is stored. Choose US, EU, APAC, or on-premise regions to meet regional data protection requirements.
PII Detection
Xilos includes PII detection that identifies sensitive information in queries and responses. Detected PII can be masked by restriction rules before it reaches the LLM.
Role-Based Access Control
RBAC ensures that only authorized users can access configuration, audit logs, and API keys. Three roles — SuperAdmin, Org Admin, and User — provide scoped permissions.
SIEM Export
Forward governance events to your SIEM platform via the SIEM API. Choose from CEF, Syslog, or JSON formats to match your security infrastructure.
Framework Comparison
| Feature | HIPAA | GDPR | SOC 2 |
|---|---|---|---|
| Audit trail | ✅ | ✅ | ✅ |
| Data residency | ✅ (US) | ✅ (EU) | ✅ |
| PII detection | ✅ | ✅ | ✅ |
| Restriction rules | ✅ | ✅ | ✅ |
| BAA available | ✅ | — | — |
| Data deletion | — | ✅ (right to erasure) | ✅ |
| Encryption at rest | ✅ | ✅ | ✅ |
| Encryption in transit | ✅ | ✅ | ✅ |
| RBAC | ✅ | ✅ | ✅ |
| SIEM export | ✅ | ✅ | ✅ |
Info: Xilos provides the tools and controls to support these frameworks, but compliance is a shared responsibility. Your organization is responsible for configuring policies, managing access, and conducting regular audits.
Deployment Options and Compliance
| Deployment | HIPAA | GDPR | SOC 2 |
|---|---|---|---|
| Managed SaaS | ✅ (with BAA) | ✅ (US/EU regions) | ✅ |
| Private Cloud | ✅ (with BAA) | ✅ (EU region) | ✅ |
| On-Premise | ✅ (with BAA) | ✅ (full sovereignty) | ✅ |
For HIPAA compliance, a Business Associate Agreement (BAA) is available across all deployment options. Contact Xilos to execute a BAA.
Getting Started
HIPAA
- Contact Xilos to execute a BAA. 2. Configure data residency to US region. 3. Enable PII detection and create restriction rules for PHI. 4. Set up SIEM export for audit events. 5. Review the HIPAA guide for detailed steps.
GDPR
- Configure data residency to EU region. 2. Enable PII detection and create restriction rules for personal data. 3. Review the GDPR guide for data subject rights. 4. Set up data deletion procedures for right-to-erasure requests.
SOC 2
- Review the SOC 2 guide for trust service criteria. 2. Configure RBAC to scope access. 3. Enable audit trail logging. 4. Set up SIEM export for continuous monitoring.