Vanta, the trust management platform announced new investments in the United Kingdom and Ireland, including new compliance frameworks, product features, and the opening of its London office.
These initiatives reflect Vanta’s ongoing commitment to helping UKI and European businesses easily achieve compliance and scale security programmes by providing the technology, local expertise, and trusted partnerships needed to compete on a global stage.
Support for the EU AI Act
The rapid adoption of AI technologies presents both opportunities and risks for organisations. According to Vanta’s new State of Trust 2024 report, nearly half (49%) of UK companies are concerned about the risks AI poses to their security.
Vanta’s support for the EU AI Act includes all AI-specific controls, policies, tests, and documents mandated by the act, helping companies meet emerging regulations and avoid significant penalties.
AI risk assessments
The new offering also ensures that customers have the necessary documentation for external auditors
Vanta categorises AI systems as “high-risk” or “low-risk” based on regulatory criteria and automates the collection of the evidence needed to prove compliance, enabling continuous compliance monitoring while also automating AI risk assessments.
The new offering also ensures that customers have the necessary documentation for external auditors making compliance with the EU AI Act seamless.
Added support for DORA and NIS 2
In addition to the EU AI Act, Vanta has expanded its offerings to support DORA and NIS 2 for European businesses. DORA, which takes effect in January 2025, requires financial institutions to strengthen their digital operational resilience, ensuring that they can withstand, respond to, and recover from information and communication technology (ICT) disruptions.
With Vanta’s support for the DORA framework, financial services firms in Europe can automate compliance efforts to ensure operational resilience by the January deadline.
Cross-regional control set
The NIS 2 directive raises standards for risk management, incident reporting, and control verification
Vanta’s newly added support for the NIS 2 directive is designed to help organisations across sectors like energy, banking, and manufacturing improve their resilience and response to cyber threats. The NIS 2 directive raises standards for risk management, incident reporting, and control verification.
Vanta’s support for this framework provides a cross-regional control set that allows companies to meet NIS 2 compliance regardless of where they are based, helping them to prepare ahead of the local NIS 2 law being released.
Proactive approach
“Vanta’s automated frameworks keep businesses up-to-date with the latest regulations, enabling them to move from point-in-time checks to a continuous, proactive approach to security and compliance,” said Jeremy Epling, Chief Product Officer, Vanta.
“By automating evidence collection, streamlining workflows, and intelligently mapping requirements across multiple frameworks, Vanta helps companies achieve compliance faster and more efficiently allowing them to focus on innovation and growth.”
Additional European frameworks and free penetration testing
The NIS 2 directive raises standards for risk management, incident reporting, and control verification
Organisations in the UK spend an average of 12 weeks a year on compliance tasks, more than in the U.S. and Australia highlighting the critical need for automation. By simplifying the implementation of new controls and policies, The NIS 2 directive raises standards for risk management, incident reporting, and control verification.
“Instead of hiring two full-time consultants and spending a year on the process, [with Vanta] we achieved compliance in just seven months, saving time and costs,” Magnus Sparf, CISO, Sitoo.
UK Cyber Essentials framework
Announced earlier this year, Vanta’s ISO 42001 solution helps organisations responsibly develop and use AI. By satisfying ISO 42001, organisations are better positioned to meet and exceed AI Act requirements.
Vanta also enables compliance with the UK Cyber Essentials framework, a widely adopted cybersecurity framework critical for any company seeking to improve their overall security posture or bid on UK government contracts.
Black-box assessments
Vanta provides free penetration testing for UKI and European customers through Cognisys
Vanta’s cross-mapping of controls across frameworks enables customers to leverage already completed work to achieve compliance with these, and other, frameworks faster.
As part of these offerings, Vanta provides free penetration testing for UKI and European customers through Cognisys. These tests, which include external scans and black-box assessments, are integrated into Vanta’s platform simplifying the compliance process for European businesses.
Expanded in-region presence with London office
To better serve its customers in Europe, Vanta is expanding its local presence with an office in London. This is the latest investment by Vanta in the region, which includes a Frankfurt-based data centre providing customers with an option for meeting internal policies on data storage location and regulatory requirements, and its European headquarters in Dublin, which opened in 2022.
Throughout the upcoming year, Vanta will expand its support in London and Dublin to ensure European businesses have the technology and guidance to establish and scale their security and compliance programmes, and demonstrate trust with Vanta.