AI-native GRC · global reach, local depth

Compliance in balance. Intelligence you can audit.

Mizan is the AI-native governance, risk and compliance platform for corporate groups and growing businesses worldwide. It is built on UK and international experience, and fluent in the regulation of every market you operate in, from London to Riyadh. Every AI answer carries its source, page, confidence and model version, so your evidence stands up to any auditor, anywhere.

Citation lineage on every output Tenant isolation by RLS Multi-jurisdiction by design
Group compliance balance
86%
050100
NCA ECC108 / 108
ISO 2700188%
SOC 279%
Evidence agent · running 3 parsed
Aligned to the frameworks that matter, wherever your group operates
SOC 2ISO 27001GDPRNIS2 PDPLNCA ECCSAMA CSFZATCACMA
Global expertise, local fluency

A platform that has seen both worlds.

Mizan is built on UK and international compliance experience, with a working understanding of Gulf regulation. It holds global standards and regional rules to the same bar, so a group that operates across borders can stay in balance everywhere it does business.

Global grounding

Fluent with global auditors

Built on UK and international GRC practice, so the platform speaks the language of global auditors, boards and investors.

Regional depth

At home in the Gulf

Fluent in NCA ECC, SAMA CSF, PDPL, ZATCA and CMA, and aligned with Saudi Vision 2030.

Every jurisdiction

The right regulators, found

The Regulation Finder maps the right regulators from each entity's country, sector and listing status, wherever it sits.

The difference

Every AI answer, audit-defensible.

Other platforms give you an AI verdict and ask you to trust it. Mizan shows its work. Every determination links to the exact document, page and locator it came from.

  • Source, page, confidence, model and prompt version on every output.
  • The virtual auditor refuses to answer beyond the evidence.
  • Risk figures are computed in code. A model never invents a number.
CTL-014 · Quarterly access reviews Pass
Why this answer?
SourceAccess-recert-Q2.pdf · p.3
Locator§2.1 “reviewed 12 Apr”
Confidence0.92
Modelgemini-2.5-flash
Promptcontrol-testing@1.0
Retrieval distance0.14
The platform

Thirteen agents. One defensible workflow.

Thirteen specialised agents each do one job well, cite their evidence, and hand off to the next, from an uploaded PDF to a workpaper an auditor will sign. The core nine:

Evidence parsing

Turn a PDF into structured, cited facts. Every field carries its page and a confidence score.

Structured JSON · citations

Control testing

Pass, fail, or insufficient evidence, judged only on what the evidence actually shows.

PASS / FAIL / INSUFFICIENT

Regulatory mapping

Map controls to requirements as full, partial or gap, with web grounding off so no standard is invented.

FULL / PARTIAL / GAP

FAIR risk quantification

Annual loss expectancy computed in code. The AI explains the figure, it never invents it.

ALE · code-computed

Documentation

Auditor-ready workpapers with tickmarks, evidence tables and citations, generated in place.

Workpaper HTML

Virtual auditor

A grounded assistant that cites every claim and refuses to answer beyond the evidence.

Grounded · cited · refuses

Regulation discovery & sources

Find the regulators that apply to each entity, and import ISO standards, versioned policies and board resolutions — requirements extracted automatically.

Country · sector · listing

Bring your own AI key

Every user can run the agents on their own Gemini, Claude or OpenAI-style key — encrypted at rest, switchable from the top bar, never shared.

AES-256 · per-user · demo mode

Version history & audit trail

Every record keeps its full change history, and every action is logged with who did it — history survives even deletion.

Who · what · when · why
Group structure

One group, across borders, in balance.

Model your holding company, its legal entities and business units across every country you operate in, each with its own regulators, sector and score, then roll compliance up across the whole group.

Acme Group HoldingGROUP86%
Acme UKUK · Fintech90%
Acme ArabiaKSA · Retail88%
Riyadh operationsBU91%
Acme EUEU · SaaS81%
How it works

From evidence to a defensible position, in one pass.

01

Sign in

Role-based access, scoped to your entities.

02

Upload evidence

A PDF, an image, a policy or a resolution.

03

Parse & cite

Structured facts, each with a page and confidence.

04

Test & map

Controls tested, requirements mapped, gaps flagged.

05

Workpaper & auditor

A cited workpaper, and an auditor who never leaves the page.

Trust by design

Global standards, secure by architecture.

Isolation

Tenant isolation, proven

Row-level security separates every client's data, checked by adversarial cross-tenant tests on every change.

Oversight

Approval-gated AI

The AI proposes. A person decides, and can edit before accepting. Every action is logged with who did it.

Region

Bilingual and right to left

Arabic and English are equal citizens, so the product reads and works naturally either way.

Residency

Host where the law requires

Deploy in the UK, the EU or in-Kingdom. Plain Postgres on Supabase moves to any region for GDPR or PDPL, with no rewrite of the platform.

Where the platform stands

Shipped today. Built for tomorrow.

We publish what works now and what comes next, in the same spirit as the product: nothing claimed without evidence.

Platform today
  • Thirteen AI agents, every output approval-gated and lineage-stamped
  • Multi-tenant isolation by row-level security, adversarially tested
  • Bilingual UI, Arabic right-to-left as an equal citizen
  • Control-testing register with due dates, risk–control linkage with tested residual scores
  • Redundant-control optimisation, public trust center, encrypted per-user AI keys
  • Version history on every record and a full audit trail
On the roadmap
  • NextSingle sign-on via Supabase Auth
  • NextManaged evidence storage with signed, expiring links
  • NextHuman-review queue UI for flagged AI runs
  • PlannedProduction environments in the UK, the EU and in-Kingdom (KSA)
  • PlannedContinuous monitoring and executive reporting dashboards

Bring your group into balance.

Mizan is onboarding a small number of design partners, in the UK, the Gulf and beyond. Join them, and shape a compliance platform your auditors will trust, wherever they are.