Company
Trust and Security

Compliance Infrastructure You Can Rely On

When your business depends on documents reaching the right place, in the right
format, with the right legal standing — the platform underneath it cannot be an
afterthought. At Semansys, security and operational integrity are not features we added.

The foundation we built on

Our customers include enterprises, regulators, and software providers operating in some of the most demanding compliance environments in Europe. They trust us because we have spent twenty-five years earning that trust — quietly, methodically, and without shortcuts.

Our Certifications

Every certification we hold reflects an operational discipline that was in place long before we formalised it. We pursue these standards not to display badges, but because they impose the kind of rigour that compliance-critical infrastructure demands.

XBRL International Certified

Our structured reporting capabilities are formally certified by the global body that governs the XBRL standard.

GDPR ready

Our platform is designed and operated in full alignment with EU data protection law — with data residency, retention, and access controls you can audit.

Peppol Access Point Certified Provider

We are a certified operator on the Peppol network, meeting the technical and security requirements set by OpenPeppol for eInvoicing and eDelivery across Europe and beyond.

SOC2 Type II

An independent attestation that our controls for security, availability, and confidentiality meet the standards that enterprise procurement teams require.

ISO 9001:2015

Every process we operate is governed by a quality management system that ensures consistency, accountability, and continuous improvement.

ISO 27001:2022

Your data is protected by an independently audited information security management system — the global benchmark for information security.

ISO 20000-1:2028

Our IT service management practices meet international standards — so the platform you depend on is managed with the same rigour you apply to your own operations.

ISO 22301

A global standard for Business Continuity Management Systems (BCMS) that provides a framework for organizations to plan, establish, implement, and improve a system to prepare for, respond to, and recover from disruptive incidents.

ISO 42001:2023

A global standard for Artificial Intelligence management systems, providing a framework for us to develop and use AI responsibly, ethically, and safely. It enables certification for AI governance, focusing on risk management, transparency, and continuous improvement.

ISO 27701:2025

ISO 27701 is an international standard that sets out requirements for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It also provides guidance to support organisations in putting these requirements into practice.

How we protect your data

Data residency
Your data stays in the EU. We do not route or store sensitivebusiness information outside European jurisdiction.
Encryption in transit and at rest
All data exchanged with our platform isencrypted using current TLS standards. Stored data is encrypted at rest across allenvironments.
Non-repudiation
Every document exchange on our platform produces a legallyrobust audit record — signed, timestamped, and aligned with eIDAS 2.0 and ETSInon-repudiation standards. If a dispute arises, the evidence is there.
Access control
Role-based access, audit logging, and multi-factor authenticationare standard across all customer environments — not optional add-ons.
Incident management
Our ISO 20000-certified service management processes includedefined incident response procedures, with contractual notification timelines forsecurity events.

Our commitment

We understand that trust is not granted on the basis of a certificate. It is built through consistent delivery, transparent communication, and the willingness to be held accountable.

We publish our certifications. We answer security questionnaires directly and thoroughly. We engage openly with procurement and infosec teams, because we know that the organisations that ask the hardest questions are usually the ones that become the most durable partners.

If you have specific security or compliance requirements you would like to discuss, our team is ready to engage.

Book a discovery call