SOC 3

No, SOC 3 is a general-use report and does not include any customer-specific information or detailed audit results.

SOC 2 is a detailed, confidential report intended for customers under NDA.

SOC 3 is a summarized version of the same audit, designed for public consumption.

Yes, SOC 3 is meant to be publicly distributed and can be shared freely.

The audit includes Nebiius AI Cloud, AI Studio (now Nebius Token Factory) and Tracto AI within its scope, confirming that these products meet applicable requirements.

Deloitte is recognized as one of the market leaders in SOC reports and internal control services and HIPAA compliance assessments.

As Nebius’ external auditors, they have a dedicated group of risk and control specialists with deep industry experience in reducing risks and accelerating readiness for regulatory compliance.

Deloitte optimizes their third-party reporting by establishing a detailed process for understanding, operationalizing, enhancing and continuously monitoring their approach to third-party assurance (TPA).

Deloitte has been at the forefront of SOC and HIPAA-related assurance services since the initial SOC standards were issued by the AICPA in the early 1990s, and they continue to serve as an adviser to the AICPA to this day.

As Nebius seeks trusted partners for third-party assurance (SOC 2 Type II and HIPAA compliance), we wanted to work with an organization that reflects our own performance standards and high level of service.

Deloitte has a history of delivering projects of superior quality and is committed to a transparent approach marked by continuous improvement.