Value Driven AI · getvda.ai
Compliance · For AI agents

Audit-ready compliance artifacts for every AI agent in your portfolio.

The C2MD Compliance Agent generates EU AI Act, GDPR, and NIST AI RMF documentation in a single pass — for every AI agent your organisation deploys, regardless of who built it or where it runs.

The product

One request. Three frameworks. One bundle.

C2MD generates a complete compliance bundle — assessment, governance artifacts, regulatory mappings, DPIAs, FRIAs — for an AI agent in under five minutes. The methodology is open-source under CC-BY-4.0; the agent itself is operated as a managed service in the European Union.

Designed for CTOs, CISOs, and compliance leads at organisations operating multiple AI agents who need the regulatory paperwork to keep pace with the engineering.

Read the methodology →

Documents

Public documentation

  • Security & Privacy Overview
    Detailed treatment of architecture, identity and access, privacy posture, application security, infrastructure, supply chain, operational resilience, incident response, compliance, and an FAQ. Honest about gaps; specific about controls.
    v1.0 · 20 pages
  • Privacy Notice
    Public privacy notice covering processor role under GDPR, sub-processor list, EU residency commitments, retention, and data subject rights pathway.
    v1.0 · 3 pages
  • VDA-MD Framework v4.1
    The open-source methodology underlying C2MD. 12-section technical whitepaper covering compliance artifact schemas, regulatory mapping, validation rules, and signing protocols. Published under CC-BY-4.0.
    v4.1.0 · 42 pages
Posture

Built for enterprise procurement.

EU data residency enforced in source code, not just deployment configuration. No persistent customer data. Authentication delegated to Google or Microsoft Entra. PII pseudonymised before any LLM call. Outbound content screened by Model Armor. Single sub-processor: Google Cloud.

The Security & Privacy Overview describes the technical posture in depth, including honest treatment of pre-launch gaps and trigger-based commitments for closing them.

Review the security posture →

Engagement

How to engage.

For technical evaluations and Marketplace procurement, contact mike@getvda.ai. For security disclosures, use security@getvda.ai. For privacy and data subject enquiries, use privacy@getvda.ai.

Standard offerings are available via Google Cloud Marketplace. Custom configurations (multi-region deployment, CMEK, HIPAA BAA, ISO 42001 commitments, managed-service partnership) are available via Private Offer.

Contact details →