Conformité en un coup d'œil
Sélectionnez votre industrie pour voir comment Weeki répond aux cadres réglementaires qui gouvernent votre secteur -- des mandats universels de l'UE aux obligations sectorielles.
Les réglementations universelles (RGPD, AI Act, ISO 27001, NIS2) sont incluses pour chaque industrie.
General Data Protection Regulation
European Union
Mandates lawful processing of personal data, data subject rights (erasure, portability, access), 72-hour breach notification, Data Protection Officer appointment, and privacy-by-design principles across all organisations handling EU personal data.
Comment Weeki y répond
Weeki enforces data minimisation by design, provides a right-to-erasure API, and maintains a documented 72-hour breach notification SLA. A Data Processing Agreement with Standard Contractual Clauses is available on request.
- EU-only data residency (OVHcloud France — Gravelines & Strasbourg)
- Immutable audit logs with 12-month retention
- Customer-controlled data deletion
- GDPR-compliant DPA template with SCCs
- Zero cross-border data transfers
EU Artificial Intelligence Act
European Union
Classifies AI systems by risk level (unacceptable, high, limited, minimal). High-risk systems require conformity assessments, human oversight mechanisms, model documentation, and risk management systems per Art. 6 and Art. 9.
Comment Weeki y répond
Weeki provides a model registry with risk classification, full lineage traceability for every AI output, human-in-the-loop override controls, and transparent documentation aligned with Annex IV requirements.
- Model risk classification registry
- Audit trail per inference
- Human oversight toggle for every AI workflow
- Explainability layer for model outputs
- No training on customer data
Information Security Management
International (ISO/IEC)
Requires an Information Security Management System (ISMS) covering risk assessment, controls across Annex A domains (access, cryptography, physical security, incident management), and continual improvement cycles.
Comment Weeki y répond
Security controls are aligned to ISO 27001 Annex A. Formal certification is on the 2026 roadmap. Penetration testing, vulnerability management, and a Secure Software Development Lifecycle are already in place.
- RBAC + SSO (SAML 2.0, OIDC)
- AES-256 encryption at rest, TLS 1.3 in transit
- Annual third-party penetration tests
- 90-day encryption key rotation
- Immutable audit logs exportable to SIEM
Network & Information Security Directive 2
European Union
Essential and important entities must implement security risk management measures, supply chain security, incident reporting (24-hour early warning, 72-hour full report), business continuity planning, and governance accountability.
Comment Weeki y répond
Documented incident response plan with severity tiers, 24-hour early warning capability, supply chain security controls over sub-processors, and top-management security governance charter.
- Incident SLA: < 1 h initial triage
- Customer notification within 72 hours
- Sub-processor DPAs and security audits
- Business continuity testing quarterly
- Security governance charter with board-level accountability
Digital Operational Resilience Act
European Union
ICT risk management framework, third-party ICT provider oversight, incident classification and reporting (4 h initial, 24 h intermediate, 1 month final), digital resilience testing (TLPT for significant firms), and contractual requirements for critical ICT vendors.
Comment Weeki y répond
Weeki serves as a critical ICT provider with documented ICT risk management, DORA-compatible contractual terms, incident reporting aligned to RTS timelines, and annual resilience testing.
- ICT risk register maintained and reviewed
- DORA-ready contract templates available
- Incident reporting APIs aligned to RTS timelines
- Annual penetration testing (TLPT-eligible scope)
- RTO 4 h / RPO 24 h disaster recovery
Markets in Financial Instruments Directive II
European Union
Record-keeping of all communications and transactions for 5 years, best-execution documentation, algorithm governance, and audit trails for automated trading decisions.
Comment Weeki y répond
Immutable document store with configurable retention policies (up to 7 years), version-controlled knowledge artifacts, and full algorithmic decision audit trails.
- 7-year document retention policy available
- Tamper-proof audit logs
- Model decision versioning
- Knowledge graph lineage tracing
- SIEM-exportable log format
Payment Services Directive 2
European Union
Strong Customer Authentication (SCA), open banking API security, incident reporting for payment service providers, and data minimisation in payment contexts.
Comment Weeki y répond
SCA-compatible authentication via SAML/OIDC with MFA, API security with OAuth 2.0 and scoped tokens, incident notification process aligned to PSD2 RTS Article 19.
- Mandatory MFA for all admin accounts
- SAML 2.0 / OIDC single sign-on
- OAuth 2.0 scoped API keys
- Rate limiting and IP allowlisting
- Incident notification workflow
Capital Adequacy & Risk Frameworks (BCBS 239)
Basel Committee (International)
Data aggregation capabilities for BCBS 239 (risk data aggregation and reporting), model risk management for IRB/FRTB models, documentation of model assumptions and governance.
Comment Weeki y répond
Centralised data catalog for risk data aggregation, model registry with version control and governance workflows, lineage tracing from raw data to model output.
- Data lineage graph from source to model output
- Model registry with approval workflows
- Risk data catalog with metadata management
- Automated model documentation generation
- Governance workflow engine
Anti-Money Laundering Directive 6
European Union
Risk-based approach to customer due diligence, transaction monitoring, suspicious activity reporting, and record keeping for 5 years.
Comment Weeki y répond
Knowledge graph for entity relationship mapping supports AML typology analysis, audit trails for all data access, configurable retention for compliance records.
- Entity relationship graph for AML analysis
- Suspicious pattern knowledge maps
- 5-year+ configurable retention policies
- Immutable audit trail for all access
- Exportable compliance records
Affichage de 9 réglementations pour Banking & Finance (4 universelles + 5 spécifiques à l'industrie)
Besoin d'une revue de conformité détaillée ?
Notre équipe sécurité peut vous accompagner sur la façon dont Weeki répond aux exigences réglementaires spécifiques à votre industrie et organisation.