Compliance for every regulation that matters.
Secruna covers ten frameworks in production today — the EU AI Act, the RICS Responsible Use of AI standard, the UK Defence AI Playbook, Defence Standard 05-138, Secure by Design, the NCSC Cyber Assessment Framework, the NIS2 Directive, DORA, Cyber Essentials Plus and the ICO Statutory AI + ADM Code of Practice — with a single inventory, one rule book per regulation and an evidence-pack export tailored to each regulator. More frameworks are queued behind the same architecture so your AI inventory is reused, never rebuilt, when the next obligation lands.
Pick the regulator on your desk.
Every framework page describes the regulator’s expectations in plain English, names the platform surface that produces the evidence, and links to the rule-book section that backs each verdict.
EU AI Act
Five articles a compliance team has to operate — risk management, human oversight, FRIA, incident reporting and the €35M / 7% penalty bracket.
Read more →RICS Responsible Use of AI
AI register, AI Use Disclosure Statement and audit trail for the September 2025 RICS standard binding every regulated firm.
Read more →UK Defence AI Playbook
Procurement-gate evidence aligned with the MoD AI Playbook so defence tenders pass the supplier-assurance question on first read.
Read more →Defence Standard 05-138
Cyber assurance levels (CAL 1-4) with the technical-control mapping every MoD-contract holder must declare against Issue 4.
Read more →Secure by Design
Confidence Profile and digital spend-control evidence for UK central government and arm's-length-body programmes.
Read more →NCSC CAF + GovAssure
The NCSC Cyber Assessment Framework v3.2 (2024) — gateway cyber assurance for UK government departments, Critical National Infrastructure operators and gov suppliers, ready for GovAssure assessment.
Read more →NIS2 Directive (EU)
EU cyber gateway for banks, fintech, critical infrastructure, digital infrastructure, public administration and the wider regulated-sector list. 22 IGPs across Articles 20 / 21 / 23 / 24 / 28 / 29. Penalties up to EUR 10M or 2% of annual worldwide turnover.
Read more →DORA — Digital Operational Resilience Act
Directly applicable to every EU financial entity since 17 January 2025. 33 IGPs across the five DORA pillars — ICT risk management, incident management, resilience testing, ICT third-party risk + Art. 28 register, information sharing.
Read more →Cyber Essentials Plus
UK government cyber certification required for many UK gov supplier contracts and widely referenced in private-sector RFPs (financial services, NHS, defence prime supply chain). 18 IGPs across the five control families (Firewalls, Secure configuration, User access control, Malware protection, Security update management). Plus tier adds an independent IASME-registered assessor visit; annual renewal.
Read more →ICO Statutory AI + ADM Code of Practice
UK Information Commissioner's Office Code of Practice on AI and Automated Decision-Making. Statutory under DPA 2018 ss. 121-129; non-compliance is admissible evidence in ICO enforcement action and court. 22 IGPs across seven themes (Lawful basis, Transparency, Article 22 ADM, DPIA for AI, Fairness + bias, Data subject rights, Children + high-risk processing).
Read more →Not sure which regulation bites first?
Find out in 30 minutes.
A 30-minute compliance scope call gives you a concrete answer — which of the five frameworks above apply to your estate today, where the gaps are, and what the evidence pack looks like once it is closed.