If you are a provider dealing with fragmented European security schemes — this project developed a Compliance-as-a-Service tool that enables continuous certification. This reduces the manual effort needed to maintain high assurance levels for EUCS.
Automated Continuous Security Certification for Cloud and AI Services
Imagine if getting a safety certificate for your digital business was like a continuous health monitor instead of a stressful once-a-year medical exam. This tool automatically tracks security evidence in the background so you don't have to manually prove you are safe every time you update your software. It basically turns a mountain of paperwork into a live digital dashboard.
What needed solving
Cloud certification is currently too slow, fragmented, and manual. This creates a barrier for companies trying to prove their security compliance, especially when adding complex AI features.
What was built
A Compliance-as-a-Service (CaaS) system including a unified graph model for knowledge extraction and two Proof of Concepts for composite and AI certification.
Who needs this
Who can put this to work
If you are a vendor dealing with the complexity of adding AI to cloud services — this project developed a mapping tool for AI certification schemes. This ensures your AI features don't break your existing security compliance.
If you are an operator dealing with security across diverse Edge and IoT hardware — this project developed a lean re-certification process. This allows you to maintain trust and transparency without restarting the full audit process.
Quick answers
How much does the solution cost or what is the pricing model?
Based on available project data, no specific pricing or cost details are provided as the project is currently in the development and piloting phase.
Can this be scaled to a large industrial level?
Yes, the project aims for TRL 7 and focuses on a scalable Compliance-as-a-Service (CaaS) approach designed for heterogeneous environments including Cloud, Edge, and IoT.
Who owns the IP and how is licensing handled?
Based on available project data, specific licensing terms are not listed, but the project involves a consortium of 13 partners including 8 industry entities.
How does this help with EU regulations?
It provides a technical pathway to achieve the 'high' assurance level of the EU Cybersecurity Certification Scheme for Cloud Services (EUCS).
How is the tool integrated into existing workflows?
The system uses Infrastructure as Code and includes identity management via Keycloak to integrate into DevOps environments.
Who built it
The consortium is heavily industry-weighted with 8 out of 13 partners being commercial entities (62% industry ratio), including 4 SMEs. This strong industrial presence across 6 European countries suggests the output is driven by market needs rather than pure academic research, increasing the likelihood of commercial viability.
Contact Fundacion Tecnalia Research & Innovation in Spain
Talk to the team behind this work.
Contact us to connect with the EMERALD consortium for pilot opportunities.