European rules deserve a European platform.
Yōjin is governance, risk and compliance built for NIS2, DORA, GDPR, CER, CRA and the AI Act — not adapted to them. Your data stays in Europe. Your AI runs in Europe. Your evidence keeps its lineage.
EU data & inference
Hosted in Europe, with European AI inference and an isolated tenant boundary.
Security & architecture →One governed control spine
Implement a control once. Map its evidence across every obligation it satisfies.
The frameworks →Kōan · Yōjin's governed AI
Specialist agents cite, draft and propose. A person decides what enters the record.
How Kōan works →Frameworks multiply. Your team doesn't.
NIS2 is national law across the EU — transposed differently in each member state. DORA has applied to financial entities since January 2025. GDPR never went away, and CER, the CRA and the AI Act each arrive with duties of their own. Every framework brings its own vocabulary, its own auditors, and its own deadlines — yet most of what they demand overlaps. Treated as separate projects, the same control gets implemented, documented, and proven six times.
Implement once. Prove it everywhere.
At Yōjin's core is a human-reviewed knowledge graph that maps a canonical control spine to the obligations of NIS2 — as each member state transposes it — DORA, GDPR, CER, the CRA and the AI Act, and to the attack techniques those controls defend against. Implement multi-factor authentication once, and every article it satisfies knows about it. Evidence flows to all of them. Nothing is proven twice.
Mappings are reviewed by people before they are published — a mapping you can't trace to the text of the law doesn't make it into the graph.
Six modules. One governed record.
Policy is intent, risk is consequence, controls are operation, audit is assurance — connected objects in one graph, not four tools stapled together.
A living map of your organisation
Who you are, what you run, and which rules bind you — captured once, kept current, and read by every other part of the platform.
PolicyPolicies that stay true
Import or author policies, see clause-level gaps against your obligations, and govern the full lifecycle from draft to supersession.
ControlsControls with proof built in
Adopt controls from a tiered NIST 800-53 catalogue. Each one carries its evidence requirements and its framework mappings with it.
RiskRisk you can defend
Model realistic scenarios, assess them qualitatively or quantify them FAIR-style, and track treatment to acceptance.
AuditAudit-ready is the default state
Run engagements with item-level evidence sufficiency, findings, and frozen point-in-time snapshots an auditor can rely on.
ProgrammeCompliance work that ships
Programmes, projects and work items with dependency tracking, execution health, and board-pack reporting.
AI that shows its work, then waits for yours.
Kōan brings agentic work to compliance. Specialist agents read the governed graph and live evidence, draft cited mappings and assessments, and stop for human review.
- Every proposal arrives as needs review — a person accepts it, or it never becomes part of your compliance record.
- By contract, no agent can mark its own work successful before review completes.
- Every run is recorded: what was asked, what was read, what was proposed, who decided.
Evidence that arrives on its own.
Kinetic Fabric is the platform's live-evidence layer. Connectors read the estate you already run — Microsoft 365, Azure, AWS, Google Cloud, Google Workspace, Okta, Defender — hundreds of provider services deep, from cloud control plane to device fleet, assessed by more than 1,300 deterministic rules. Every result is one of four honest states: pass, fail, error, or unknown.
Unknown is an answer, not a blank. When Yōjin can't prove something, it tells you — it never paints a green dashboard over a gap in the evidence.
Inside Kinetic FabricContinuous checks. Governed agentic follow-through.
Kinetic Fabric collects and checks evidence with deterministic rules. Kōan reads the results, drafts cited assessments and mappings, and waits for review.
- Kinetic Fabric01Observe and checkLive evidence · deterministic rules
- Governed graph02Connect the factsControls · obligations · provenance
- Draft and proposeCited agentic work · no direct writes
03
- Human review04Decide what changesAccept · reject · return
Built to be delivered.
Managed service providers
Run many clients' compliance from one platform — isolated tenants, shared method, and hours saved on every engagement. Yōjin is built for delivery at MSP scale.
The MSP story →Compliance teams
Own the record. Every object has a lifecycle, an owner, and a review state — and the platform's job is to make your judgement faster, not to replace it.
The six modules →CISOs
Defensible posture on one screen: what's covered, what's stale, what's unknown, and what it costs — with the audit trail to back every claim.
Security & architecture →Three steps to a governed baseline.
- 01
Capture your context
Answer a tiered questionnaire or upload the documents you already have. Yōjin builds the organisational baseline every module reads from.
- 02
Adopt your controls
Import from the tiered catalogue. Watch obligations light up across your framework set — from NIS2 to the AI Act — as each control lands.
- 03
Assess continuously
Connect your estate, let evidence flow, and review what Kōan proposes. Your posture stays current instead of expiring between audits.
See it on your own terms.
A demo walks your frameworks, your estate, and your questions — not a scripted tour.