Trust Centre
Security, compliance, and responsible AI governance - built into the platform from day one.
NCSC Cloud Security Principles
The UK's National Cyber Security Centre (NCSC), part of GCHQ, defines 14 Cloud Security Principles used to evaluate cloud services across government and public sector. SXP.ai aligns with all 14 - providing an internationally recognised standard of cloud security assurance.
Aligned with all 14 principles
AWS-hosted with defence-in-depth security, AES-256 encryption, and region-specific data residency. SXP.ai is an AWS Validated Partner - independently assessed against their Foundational Technical Review.
Full documentation detailing how SXP.ai meets each principle - including data protection, governance, operational security, and secure development - is available on request.
Request full documentationEU AI Act compliance
The EU AI Act is the world's first comprehensive AI regulation, setting legally binding requirements for AI systems operating in or serving the EU market. Any university with EU students - whether online or on campus - is subject to its requirements, regardless of where the institution is based globally. SXP.ai proactively applies high-risk controls across all personalised use cases, ensuring the highest standard of AI governance however the platform is used.
Built in - not bolted on
EU AI Act high-risk controls are integrated directly into our ISO 27001/27701 management system and platform - covering wellbeing, retention, student support, and any future use case.
Request full documentationFrequently asked questions
Is customer data used to train AI models?
No. Customer data is never used to train, fine-tune, or improve any AI model.
Where is our data stored?
Customer data stays in-region. UK and EU data is hosted in AWS London, Australian data in AWS Sydney, and US data in AWS N. Virginia.
Can we request copies of your ISO certificates?
Yes. ISO 27001 and ISO 27701 certificates, along with NCSC Cloud Security Principles documentation and EU AI Act compliance documentation, are available on request. Request documentation
Does the EU AI Act apply to our institution?
The EU AI Act applies to any university with EU students - whether online or on campus - regardless of where the institution is based globally. SXP.ai proactively applies high-risk controls across all personalised use cases.
Do you support WCAG 2.2 accessibility standards?
Yes. The SXP.ai platform and website are designed to meet WCAG 2.2 Level AA standards, with built-in accessibility features including high contrast mode, reduced motion, dyslexia-friendly fonts, and adjustable text sizing.
Does EU AI Act high-risk classification apply to our use case?
Yes. AI systems used for personalised student support, personalised learning, wellbeing interventions, or retention fall within the EU AI Act's high-risk classification. SXP.ai applies high-risk controls across all personalised use cases as standard - so your institution is covered regardless of how the platform is used.
Are we locked into a single AI model or vendor?
No. The platform is model-agnostic and supports Amazon Bedrock, Claude, ChatGPT, and other providers. Different micro-agents can use different models - or a mix of models within a single micro-agent - depending on the use case. SXP.ai manages model selection and can evolve choices over time as capability, cost, and the wider AI landscape develops - without disruption to your deployment.
Which AI models does SXP.ai use?
As standard, SXP.ai runs on Amazon Bedrock using Anthropic Claude models. Where a use case requires it, the platform can also connect directly to Anthropic and OpenAI. Model selection is managed by SXP.ai and optimised per use case for capability, cost, and data residency requirements.
See how it works
A walkthrough tailored to your institution - whether you want a quick overview or a deep dive into platform architecture, governance, and deployment.