The compliance AI, as an API
OpenAI-compatible endpoints backed by the engine behind ISMS Copilot. It detects the framework you're working with and answers with that knowledge already loaded.
Why build on a compliance-tuned API
- OpenAI-compatible chat completions: point your existing SDK at a new base URL and keep your code
- Automatic framework detection: the service recognises the framework in each request (ISO 27001, SOC 2, GDPR, NIS 2, DORA, HIPAA, NIST and more) and injects the matching knowledge server-side
- No compliance persona to prompt-engineer and no standards corpus to chunk, embed and maintain yourself
- Two model tiers, so you choose speed or depth per call
- Per-key spending limits, so an integration bug never burns your budget
What's in the box
A chat completions endpoint that speaks the request and response shape your OpenAI SDK already knows
Model aliases isms-fast (high-volume tasks) and isms-thinking (harder analysis)
Framework knowledge injection handled server-side, invisible to your integration code
API keys with per-key daily, weekly and monthly caps you control
Per-key usage tracking, so you can attribute spend to features or customers
What people are building with it
Internal review tooling that pre-checks policies before an auditor sees them. Compliance features inside vertical SaaS products. Agent pipelines that need a compliance-literate model as one step. If what you actually want is a finished chat widget in your product rather than raw API calls, that's a different offer.
Looking for a drop-in widget? See ISMS Copilot Embed →Status: private preview
The API is built and running. We're opening access in small batches so every early integration gets real support instead of a ticket queue. Join the waitlist and tell us what you want to build; that's what we use to sequence invitations.
Frequently Asked Questions
Is it really OpenAI-compatible?
Yes. The chat completions endpoint accepts the same request shape and returns the same response shape as the OpenAI API, so official and community SDKs work by changing the base URL and the API key.
Which frameworks does it know?
Framework knowledge covers the major information-security and privacy frameworks: ISO 27001, SOC 2, GDPR, NIS 2, DORA, HIPAA, NIST and more. Detection happens per request, so you don't pick a framework up front; the model answers with the relevant knowledge loaded.
How is it priced?
Pricing isn't published yet. Waitlist members get the details first, before general availability.
When do I get access?
We onboard from the waitlist in small batches. Telling us what you plan to build helps us slot you in sooner.
Build on compliance intelligence
Join the API waitlist and we'll email you when access opens.