Is Knowlee ISO 27001 certified?

Not yet. ISO 27001 certification is in progress with a target of Q1 2027. Today Knowlee is ISO 42001 aligned (the AI management system standard) with 80%+ technical coverage of the controls relevant to AI orchestration. We never claim "certified" without a real cert artifact — only "compliant", "aligned", or "ready" framing.

Does Knowlee replace tools like OneTrust or IBM watsonx.governance?

No — Knowlee complements them. OneTrust and watsonx.governance are GRC layers that sit on top of AI deployments. Knowlee adds runtime governance metadata (risk_level, data_categories, human_oversight_required, approved_by, approved_at) on every job execution. That metadata can be ingested by your existing GRC tool, giving it the audit trail it needs but cannot generate on its own.

How long does it take to deploy Knowlee?

A typical deployment reaches audit-ready posture in 90 days, versus the 12–18 months common for legacy GRC bolt-ons. Because compliance metadata is generated at runtime by the orchestration layer, you do not need a separate compliance project — every job that ships is governed from day one.

Does Knowlee work for non-EU companies?

Yes. The EU AI Act applies extraterritorially: any AI system whose output is used inside the EU is in scope, regardless of where the provider is incorporated. Knowlee is used by US, UK, and EU-based teams that have customers, employees, or data subjects in the EU. The same audit-trail and human-oversight primitives also map cleanly onto NIST AI RMF and ISO 42001.

What's the difference between AI Act Ready and AI Act compliant?

"Ready" means the platform emits the evidence an audit needs (risk classification, audit log, human-oversight records, conformity-assessment-ready documentation) at runtime, by design. "Compliant" is the certification status of a specific deployed system, which depends on the customer's own AI inventory, DPIA, and conformity assessment. Knowlee makes the second much faster by not making customers rebuild the first.

AI Act Compliance Software That's Audit-Ready by Design

Knowlee's compliance posture is implemented in the orchestration runtime, not bolted on as a separate GRC project. Risk classification, audit trail, and human oversight ship with every workflow execution — generating the evidence an EU AI Act audit needs at runtime, by design. Built for legal counsel, DPOs, compliance officers, and AI programme owners who need to reach audit-ready posture in 90 days, not 18 months.

Audit trail by default, not as an upsell

Every job in the Knowlee registry declares its risk classification, the data categories it processes, whether human oversight is required, who approved it, and when. Those fields are emitted on every execution and surface directly in the audit-pack output. Internal-audit teams get the trail before procurement signs — not after a six-month implementation cycle of an enterprise-tier add-on.

Human-in-the-loop on high-risk processes

Workflows classified as high-risk under the EU AI Act — recruiting, scoring decisions, candidate selection, employment-related profiling — run with mandatory human approval before action. Override mechanisms are first-class. The platform refuses to autonomously execute a workflow whose governance metadata declares human oversight required and whose approval record is missing.

ISO 42001 aligned, ISO 27001 and SOC 2 in progress

Knowlee is ISO 42001 Aligned today — 80%+ technical coverage of the AI management standard's controls relevant to AI orchestration (sections 5.3, 6.1, 7.5, 8.4). ISO 27001 Compliant with the formal certification audit targeted Q1 2027. SOC 2 Type II Compliant with Type II attestation targeted Q4 2026. EU AI Act Ready by Design. GDPR Compliant via per-tenant database isolation and a documented DPIA framework. Knowlee never claims certified without a real cert artifact — only compliant, aligned, or ready.

Complements your GRC stack rather than replacing it

OneTrust, IBM watsonx.governance, and similar GRC layers sit on top of AI deployments and need an audit trail they cannot generate on their own. Knowlee adds runtime governance metadata on every workflow execution — risk classification, data categories handled, human-oversight requirement, approval owner and timestamp — and feeds that metadata into the GRC tool you already run. Reach audit-ready posture in 90 days versus the 12–18 months common for legacy bolt-ons.

EU and non-EU coverage

The EU AI Act applies extraterritorially: any AI system whose output is used inside the EU is in scope, regardless of where the provider is incorporated. Knowlee is used by US, UK, and EU-based teams with customers, employees, or data subjects in the EU. The same audit-trail and human-oversight primitives map cleanly onto NIST AI RMF, ISO 42001, and adjacent regulatory regimes.