Knogin
[Developers]

Compliance Domain

A financial services organisation must demonstrate compliance with GDPR, PCI-DSS, and ISO 27001 simultaneously. Each framework has hundreds of controls. Some controls overlap; others conflict. Tracking compliance status

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscomplianceblockchain

Overview#

A financial services organisation must demonstrate compliance with GDPR, PCI-DSS, and ISO 27001 simultaneously. Each framework has hundreds of controls. Some controls overlap; others conflict. Tracking compliance status across all three manually is a full-time job with no audit trail.

The Compliance domain replaces that manual tracking with a centralised framework registry, versioned policy bundles, and automated gap analysis. Every control has a defined status. Every policy change is recorded with a cryptographic fingerprint. When the regulator asks for evidence of compliance, the answer is a report export rather than a three-day documentation exercise.

Key Features#

  • Centralised compliance framework registry with versioned control definitions.
  • Policy bundle management with cryptographic fingerprinting and versioning.
  • Bundle activation workflow with validation, pre-activation checks, and rollback support.
  • Control validation to identify missing compliance requirements.
  • Policy rules with configurable actions (ALLOW, DENY, AUDIT, ALERT, REQUIRE_APPROVAL).
  • Support for GDPR, HIPAA, SOC2, PCI-DSS, ISO 27001, and NIST frameworks.
  • Immutable audit logs for all compliance changes.
  • Automated compliance reporting with gap analysis.

Use Cases#

Financial institutions track organisational compliance across GDPR, PCI-DSS, and SOC2 simultaneously, maintaining a single source of truth for all three frameworks rather than managing separate tracking systems that diverge over time.

Healthcare organisations manage HIPAA policy bundles with versioning and rollback support, ensuring that any policy change goes through a validated activation workflow with a documented audit trail.

Government agencies validate control implementation against multiple framework requirements simultaneously, with automated gap analysis identifying missing controls before regulatory examination rather than during it.

Compliance officers generate compliance reports with gap identification and remediation recommendations on demand, providing leadership with a current-state assessment without manual data gathering.

Integration#

Integrates with policy enforcement, audit logging, and security services. Supports organisation-specific compliance configurations.

Open Standards#

  • GDPR (EU) 2016/679: Articles 25, 32, and 33 are implemented as named, automatically assessed controls covering data protection by design, security of processing, and the 72-hour breach notification obligation to supervisory authorities.
  • NIS2 Directive (EU) 2022/2555: Articles 21 and 23 are implemented directly, with the incident service enforcing the 24-hour early-warning and 72-hour full-notification deadlines to national CSIRTs such as NCSC Ireland.
  • ISO/IEC 27001:2022: The Information Security Management System framework is supported as a first-class compliance target, with Annex A control assessments mapped across organisational, people, physical, and technological themes.
  • NIST SP 800-53: Security and privacy controls AC-2, AU-2, IA-2, SC-8, and SC-13 are implemented as named automated checks covering account management, event logging, authentication, and transmission confidentiality.
  • FIPS 140-2: Cryptographic module compliance is assessed across Sections 1, 3, 5, and 7 (module specification, roles and authentication, physical security, and key management), with cipher-suite and TLS version validation enforced against FIPS-approved baselines.
  • ISO/IEC 19005-3 (PDF/A-3B): Compliance assessment reports are generated in PDF/A-3B archival format, with the full machine-readable control matrix and gap register embedded as an associated JSON file for auditors.
  • HL7 FHIR (EU Implementation Guides): EHDS conformance milestones track alignment with the HL7 Europe Base and Core Implementation Guides as required by EHDS Regulation (EU) 2025/327 Annex II deadlines.
  • eIDAS 2.0 / EUDI Wallet: Cross-border trust service interoperability and EUDI Wallet assurance-level credential verification are modelled as named compliance controls within the framework registry.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.