Login
Request Onboarding
Enterprise grade · Zero trust · Post-quantum ready

Security and compliance
built for critical infrastructure.

AmpVerve connects to EV fleets, hospital heating systems, and data centres. Security is not a feature we add. It is the architecture everything else is built on. Zero trust, cryptographically auditable, and designed to meet the requirements of every regulatory framework our customers operate under.

Talk to our security team → Request security documentation
Security architecture

Four pillars.
Every deployment.

🔒
Zero Trust Architecture
No implicit trust between any component. Every request authenticated, authorised, and encrypted regardless of network origin. TLS 1.3 minimum. mTLS for all service-to-service communication. Hardware security modules for key management.
📋
Cryptographic Audit Trail
SHA-256 hash-chain on every dispatch decision, market instruction, constraint check, and settlement event. Tamper-evident by design. Not just audit logging - a cryptographically verifiable chain of evidence that satisfies FOI, clinical governance, and regulatory requirements.
Post-Quantum Ready
NIST-approved post-quantum algorithms implemented across key exchange and digital signature functions. Quantum computers pose a threat to current cryptographic standards on a 10–15 year horizon. AmpVerve is already migrated. Your data remains secure against future compute capabilities.
🌏
Edge Autonomy
The on-site execution agent operates independently of cloud connectivity. Local constraint enforcement and dispatch capability persist during internet outages, protecting operational continuity even when cloud communication is interrupted. No connectivity, no problem.
Compliance frameworks

Standards alignment
that matters to your sector.

AmpVerve is built to meet the requirements of the regulatory frameworks that govern the sectors we serve. NHS Trusts.

In progress
🔍
SOC 2 Type II
Security, Availability, Confidentiality
Annual independent audit of security controls covering trust services criteria. Provides formal third-party assurance that AmpVerve’s systems protect customer data with appropriate controls.
Planned
🌏
ISO 27001
Information Security Management System
International standard for information security management systems. Covers risk assessment, controls, and continuous improvement. Required by enterprise customers in financial services and critical infrastructure.
Compliant
🇪🇺
GDPR
General Data Protection Regulation
Full UK GDPR compliance for personal data processing. Data minimisation principles applied by design. Data Processing Agreements available for all enterprise customers. UK ICO registered.
Compliant
🔌
NIS2
Network and Information Security Directive 2
EU cybersecurity directive for essential and important entities. Relevant to energy sector customers operating in the EU. AmpVerve’s security controls align with NIS2 Article 21 requirements for risk management measures.
On roadmap
🏥
DSPT / NHS DTAC
Data Security and Protection Toolkit
NHS Data Security and Protection Toolkit assessment and Digital Technology Assessment Criteria compliance for NHS customers. Required for all digital tools deployed in NHS settings. On roadmap for NHS pilot expansion.
By design
📊
Elexon BSC
Balancing and Settlement Code
Compliance with Elexon’s Balancing and Settlement Code for participation in UK electricity markets. Metering and settlement data integrity requirements are met by AmpVerve’s cryptographic audit trail.
Post-quantum cryptography

Already prepared for
quantum-era threats.

Quantum computers capable of breaking current RSA and ECC encryption are projected within 10–15 years. “Harvest now, decrypt later” attacks mean adversaries are collecting encrypted data today to decrypt once quantum compute arrives.

AmpVerve has implemented NIST-approved post-quantum algorithms across key exchange and digital signature operations. Your data is protected against both current and future threat capabilities.

CRYSTALS-Kyber (ML-KEM)
NIST-standardised post-quantum key encapsulation mechanism. Replaces RSA and ECDH for key exchange. Implemented across all AmpVerve service-to-service communication channels.
CRYSTALS-Dilithium (ML-DSA)
NIST-standardised post-quantum digital signature algorithm. Replaces ECDSA for signing audit trail entries, dispatch instructions, and settlement records.
TLS 1.3 Hybrid Mode
Combined classical and post-quantum key exchange in TLS 1.3 connections. Provides protection against both classical and quantum attacks during the transition period.
SHA-256 Hash-Chain Audit Log
Cryptographic audit trail uses SHA-256, which remains quantum-resistant (requires Grover’s algorithm, providing only square-root speedup versus exponential for RSA). Audit evidence remains secure.
Developer tools

Everything you need
to integrate securely.

Comprehensive tooling for integration, testing, and ongoing operation. Security built into the developer experience from day one.

🔑
API Key Management
Generate and manage API keys with granular scopes, rate limits, IP allowlisting, and automatic rotation. Keys are hashed at rest and never stored in plaintext. Full key audit history with creation, last-use, and revocation timestamps.
Scoped permissions · Rate limiting · IP allowlisting · Automatic rotation
📱
Webhooks with Signatures
Real-time event notifications for dispatch changes, alerts, and settlement events. Every webhook payload is signed with HMAC-SHA256. Replay attack prevention via timestamp validation and idempotency keys. Configurable retry logic with exponential backoff.
HMAC-SHA256 signatures · Replay prevention · Configurable retry
OCPP Testing Utilities
Testing utilities for OCPP 1.6 and 2.0.1 charger integrations. Simulate dispatch scenarios, fault conditions, and connectivity interruptions in a sandboxed environment before production deployment. No live grid exposure during testing.
OCPP 1.6 & 2.0.1 · Fault simulation · Sandboxed environment
📦
SDK and API Reference
Python, Node.js, and Go SDKs with full TypeScript type definitions. OpenAPI 3.1 specification available for automated client generation. Interactive API explorer with live request testing against sandbox environment.
Python · Node.js · Go · TypeScript · OpenAPI 3.1

Security questions
answered directly.

Every security enquiry reaches our technical team directly. We provide detailed responses to security questionnaires, penetration test requirements, and compliance documentation requests.

Request security docs → Book a security review
hello@ampverve.com · Security documentation available under NDA