COMPLIANCE 
Book Call With Gerrit
GDPR & EU AI Act Compliance Built In
Compliance is not an afterthought. It is the foundation of every Ironum deployment. European data sovereignty by design, not by retrofit.
Book Call With Gerrit 
Compliance is not an afterthought. It is the foundation of every Ironum deployment. European data sovereignty by design, not by retrofit.
Book Call With Gerrit The General Data Protection Regulation requires that personal data of EU citizens is processed lawfully, transparently, and with purpose limitation. Ironum ensures every AI deployment meets these requirements.
All data is processed and stored within the European Union. Our primary infrastructure runs on Hetzner data centers in Germany (Nuremberg and Falkenstein). No data is transferred to non-EU jurisdictions.
Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys are managed within your infrastructure. Ironum does not hold master keys to your data.
Every data access, model query, and system change is logged with timestamps, user identity, and action type. Logs are immutable and available for regulatory audits on demand.
Every Ironum engagement includes a Data Processing Agreement (DPA) under Art. 28 GDPR and a mutual Non-Disclosure Agreement. No extra negotiation or legal fees required.
The EU AI Act is the world's first comprehensive AI regulation. Non-compliance carries penalties of up to EUR 35 million or 7% of global annual turnover. Here is the enforcement timeline.
AI systems that manipulate behavior, exploit vulnerabilities, or enable social scoring are banned. All Ironum solutions are designed to avoid prohibited practices.
General-purpose AI model providers must meet transparency requirements, including technical documentation and copyright compliance. Ironum's orchestration layer ensures model-level compliance.
All provisions take effect, including requirements for high-risk AI systems: risk assessments, quality management, human oversight, and mandatory registration in the EU database.
If you use AI for hiring, credit scoring, healthcare triage, or other high-risk applications, you need documented risk assessments, human oversight mechanisms, and auditable decision logs. Ironum builds all of these into every deployment.
European data sovereignty means your data is stored, processed, and governed under EU law, with no backdoors, no foreign government access requests, and no transatlantic data transfers.
German hosting provider. Data centers in Nuremberg and Falkenstein. ISO 27001 certified.
Microsoft Azure EU regions for GDPR-compliant LLM inference. DPA included.
Deploy on your own hardware. Zero external data transfer. Air-gap capable.
Role-based access control. Granular permissions. Least-privilege by default.
Yes. Every Ironum deployment is GDPR compliant by design. We provide Data Processing Agreements (DPA) under Art. 28 GDPR, ensure data residency within the EU, implement end-to-end encryption, and maintain comprehensive audit logs. Our primary hosting runs on Hetzner data centers in Germany.
The EU AI Act enters full enforcement in August 2026. Ironum builds EU AI Act readiness into every deployment: risk classification documentation, human-in-the-loop workflows for high-risk applications, transparent model documentation, and immutable audit trails for AI-assisted decisions.
Your data is stored exclusively within the European Union. For managed deployments, we use Hetzner data centers in Germany (Nuremberg and Falkenstein). For Azure deployments, data stays in EU Azure regions. For on-premises deployments, data never leaves your own infrastructure.
Yes. Every Ironum engagement includes a DPA under Art. 28 GDPR and a mutual Non-Disclosure Agreement (NDA) at no additional cost. These are standard documents, so no lengthy legal negotiations are required.
Yes. Our on-premises deployment option supports fully air-gapped environments using open-source models. No data leaves your network, no external API calls are made, and the system operates completely independently. This is ideal for defense, government, and highly regulated industries.
Our Hetzner hosting infrastructure is ISO 27001 certified. Azure deployments inherit Microsoft's comprehensive certifications including ISO 27001, SOC 2, and more. On-premises deployments can be configured to meet your specific certification requirements.
Ironum's audit logging system tracks all data processing activities by data subject. When a DSAR is received, we can quickly identify, export, or delete all data associated with a specific individual. Our systems support the right to access, rectification, erasure, and data portability as required by GDPR.
Free 30-minute strategy call with Gerrit: no sales pitch, just a concrete roadmap for your business.