GDPR & ISO 27001 Compliance

UAML was architected with GDPR compliance and ISO 27001 alignment as core requirements — not bolted on later. Every memory operation respects data sovereignty, consent, and the right to be forgotten.

GDPR Compliance Features

🗑️ Right to Erasure (Article 17)

Complete data deletion on request. UAML tracks all memory entries with provenance metadata, enabling surgical removal of specific data without affecting unrelated memories. Verified deletion with audit proof.

📦 Data Portability (Article 20)

Export all your AI agent's knowledge in standard, machine-readable formats. Switch providers or create backups without vendor lock-in. Your data, your format, your choice.

🔒 Data Minimization (Article 5)

UAML's policy engine enforces data minimization by default. Retention policies automatically expire memories based on configurable rules. Only keep what you need, for as long as you need it.

📋 Consent Management

Every memory entry records its legal basis. Consent-based data is tagged and can be selectively revoked. When consent is withdrawn, associated memories are automatically flagged for review or deletion.

ISO 27001 Alignment

Control Area	UAML Implementation
A.8 Asset Management	Full data inventory with classification labels
A.10 Cryptography	Post-quantum encryption (ML-KEM-768, FIPS 203)
A.12 Operations Security	Automated audit logging, change tracking
A.14 System Acquisition	Security-by-design architecture, threat modeling
A.18 Compliance	Built-in GDPR controls, retention policies

Data Residency

UAML runs entirely on your infrastructure. No data leaves your premises — no cloud sync, no telemetry, no external API calls for core operations. This makes data residency compliance trivial: your data stays where your hardware is.

Compliance Reporting

from uaml.compliance import GDPRReport

report = GDPRReport()

# Generate a data inventory for audit
inventory = report.data_inventory()

# Right to erasure — find all data for a subject
subject_data = report.find_subject_data("user@example.com")

# Execute verified deletion
report.erase_subject("user@example.com", reason="GDPR Art.17 request")

# Export audit trail for compliance review
report.export_audit_trail("2026-Q1", format="pdf")
            

Why It Matters

Legal safety — avoid fines up to €20M or 4% of global turnover
Trust — demonstrate to customers that their data is handled responsibly
Competitive edge — GDPR compliance is a market differentiator in enterprise sales
Future-proof — aligned with evolving EU AI Act requirements

← Back to UAML

🛡️ GDPR & ISO 27001