Skip to content
Certifications & Warranties

Compliance, documented.

Every service we ship is paired with signed attestations documenting compliance with real technical standards and regulations. Not promises: evidence.

Request Quote See the Attestations
attestation.pdf

SPECTROSEC ยท Attestation of Compliance

project: my-client-platform

commit: 9f4a1c2

date: 2026-06-20

// COVERAGE

OWASP Top 10 ............ PASS

GDPR Art. 25 ............ PASS

WCAG 2.2 AA ............. PASS

AI Act risk class ....... limited

Core Web Vitals ......... PASS

SBOM CycloneDX .......... signed

โœ“ DELIVERABLE CERTIFIED

6
Core attestations
100%
Deliverables covered
14+
Reference standards
โ‚ฌ0
Extra cost

Attestation Catalog

What we sign with every deliverable

Six attestations, each backed by public verifiable standards. We select the ones that apply to your project and ship them as a signed PDF alongside production deployment.

verified_user CERT_01

Secure Development Attestation

Code shipped without known vulnerabilities. OWASP, CWE/SANS, SAST and dependency audit included.

Reference standards

  • OWASP Top 10 (2021)

    The 10 most critical web application vulnerability categories: A01 Broken Access Control โ†’ A10 SSRF.

  • CWE/SANS Top 25

    The 25 most dangerous software weaknesses (memory safety, input validation, crypto misuse).

  • SAST + dependency audit

    Static code analysis + dependency audit (Snyk / npm audit / pip-audit) โ†’ 0 open HIGH/CRITICAL.

What we deliver

  • check_circle Signed PDF report
  • check_circle Pre/post vulnerability diff
  • check_circle Test evidence appendix
lock_person CERT_02

GDPR by Design Attestation

Privacy engineered from the architecture up. Data minimization, encryption, DPA and cookie compliance for Italian PA and EU clients.

Reference standards

  • Reg. UE 2016/679 (GDPR), Art. 25

    Privacy by Design and by Default: technical and organizational measures from project inception.

  • Linee Guida Garante 10/06/2021

    Cookies and other tracking tools: explicit pre-deployment consent, compliant banner.

  • ePrivacy Directive 2002/58/CE

    Confidentiality of electronic communications and metadata processing.

What we deliver

  • check_circle Bilingual Privacy Policy + Cookie Policy
  • check_circle DPA template
  • check_circle Data processing map
accessibility_new CERT_03

Accessibility Attestation

Interfaces usable by everyone. WCAG 2.2 AA conformance, Italian Stanca Act and European Accessibility Act 2025.

Reference standards

  • WCAG 2.2 livello AA

    Web Content Accessibility Guidelines 2.2, four principles: perceivable, operable, understandable, robust.

  • Legge 9 gennaio 2004 n. 4 (Stanca)

    Italian accessibility requirements for public administration and suppliers: AGID technical checklist.

  • European Accessibility Act (Dir. UE 2019/882)

    Mandatory from 28 June 2025 for e-commerce, banks, transport, ebooks and consumer devices.

What we deliver

  • check_circle Lighthouse + axe-core audit
  • check_circle Per-criterion WCAG 2.2 report
  • check_circle AGID Accessibility Statement
smart_toy CERT_04

AI Act Compliance Attestation

For every AI integration: risk classification, user transparency, interaction logging, and synthetic content labeling.

Reference standards

  • Reg. UE 2024/1689 (AI Act)

    Four risk tiers (unacceptable / high / limited / minimal). Tiered obligations. Phased entry 2025-2027.

  • Trasparenza output AI (Art. 50)

    Duty to inform users they are interacting with AI. Watermarks for deepfakes and synthetic content.

  • Logging e audit trail

    LLM call log (prompt + output, metrics, cost) for accountability and debugging.

What we deliver

  • check_circle AI Act Risk Assessment
  • check_circle User disclosure embedded in UI
  • check_circle Model call audit log
speed CERT_05

Performance & Quality Attestation

Code that is tested, fast and traceable. Core Web Vitals on Google targets, โ‰ฅ80% test coverage and standard Software Bill of Materials.

Reference standards

  • Core Web Vitals (Google)

    LCP < 2.5s ยท INP < 200ms ยท CLS < 0.1. Measured via Lighthouse + Real User Monitoring.

  • Test Coverage โ‰ฅ80%

    Unit + integration tests with coverage report (Vitest / Pytest / Playwright E2E).

  • SBOM CycloneDX (ISO/IEC 5962:2021)

    Software Bill of Materials international standard: traceability of every dependency and license.

What we deliver

  • check_circle Lighthouse + RUM report
  • check_circle CI/CD coverage report
  • check_circle Signed CycloneDX SBOM
shield CERT_06

NIS2 & DSA Attestation

For platforms and enterprise clients: alignment with EU directives on cybersecurity (NIS2) and digital services (DSA).

Reference standards

  • Direttiva UE 2022/2555 (NIS2)

    Transposed in Italy via Legislative Decree 138/2024. Security-by-design measures, incident response, supply chain risk.

  • Reg. UE 2022/2065 (DSA)

    Algorithm transparency, moderation, notice-and-action, illegal content reporting for online platforms.

  • Incident Response Procedure

    Documented runbook with escalation, 72h ACN communication and user notification.

What we deliver

  • check_circle NIS2 deliverable checklist
  • check_circle DSA Compliance Matrix
  • check_circle Incident Response Runbook

Why it matters

The difference between "shipped" and "certified"

Standard vendor

Your problem after deploy.

  • close "It goes live" without test or security audit evidence.
  • close Generic cookie banner, GDPR offloaded to your lawyer.
  • close Accessibility "we'll handle it later", until an EAA complaint lands.
  • close AI Act? We'll figure it out when it kicks in.

SPECTROSEC

Your deliverable, compliant, today.

  • check_circle Every release passes the 6 attestations. No undocumented code.
  • check_circle Privacy Policy, Cookie Policy and DPA ready for your DPO.
  • check_circle WCAG 2.2 AA audit + Accessibility Statement included.
  • check_circle AI Act Risk Assessment + user disclosure embedded in LLM features.

Regulatory framework

The rules we apply

EU Reg. 2016/679

GDPR

EU Reg. 2024/1689

AI Act

EU Dir. 2022/2555

NIS2

EU Reg. 2022/2065

DSA

EU Dir. 2019/882

EAA

IT Law 4/2004

Stanca Act

IT D.Lgs. 138/2024

NIS2 IT

WCAG 2.2 AA

W3C

Transparency

What our attestations are NOT

SPECTROSEC attestations are vendor-issued compliance documents describing the technical verifications performed on the deliverable against reference standards. They are standard practice in professional B2B software development.

They do not replace ISO certifications (e.g., ISO/IEC 27001, ISO 9001) issued by accredited third-party bodies (Accredia or equivalents), nor product certifications under Common Criteria, nor conformity assessments requiring notified bodies under the new Cyber Resilience Act.

If your sector requires accredited certifications (e.g., strategic PA, finance, healthcare) our attestations are the perfect starting point for subsequent formal certification: we provide the documented evidence external auditors need.

Want a certified deliverable?

Tell us about your project. Within 24 hours we'll tell you which attestations apply and what to include in the quote.

Get a Free Quote โ†’