Laravel Cloud Achieves SOC 2 Type 2 Certification, Nightwatch and Forge Next
Laravel Cloud has achieved SOC 2 Type 2 certification. We completed our audit on July 31st, 2025, earning attestation for Security, Confidentiality, and Availability.
SOC 2 compliance means our security practices meet rigorous standards for protecting your data, backed by independent verification.
This milestone reflects Laravel's commitment to compliance as we expand our tooling and customer base. Enterprise customers, regulated industries, and security-conscious teams need assurance that their data is handled with proven security practices.
We're also extending this same rigor across other products. We're completing the SOC 2 Type 1 audit for Nightwatch and expect certification within September. Once Nightwatch is complete, we'll begin the SOC 2 process for Forge, targeting completion by the end of November.
What Is SOC 2, and What Is in Scope
SOC 2 (Service Organization Control 2) is a widely recognized framework for managing customer data securely, developed by the American Institute of Certified Public Accountants (AICPA). The framework has become the gold standard for evaluating how service providers handle sensitive information.
The framework covers five trust service principles, also called Trust Services Criteria (TSCs). While Security is the minimum requirement for SOC 2 certification, Laravel Cloud chose to be audited on three of the five criteria: Security, Availability, and Confidentiality. This approach goes beyond the baseline because these principles directly impact what matters most to our users.
Availability ensures Laravel Cloud stays operational when you need it. Confidentiality is critical for products like Nightwatch, where monitoring data often contains sensitive application details. By choosing additional criteria, we demonstrate our commitment to comprehensive data protection beyond minimum standards.
SOC 2 requires ongoing audits and continuous improvement to maintain compliance. We're meeting security standards today and committing to uphold them consistently over time.
There are two types of SOC 2 reports: Type 1 examines the design of controls at a specific point in time, while Type 2 tests the operating effectiveness of those controls over a period (typically 3-12 months). Type 2 provides stronger assurance because it proves controls work in practice, not just on paper.
SOC 2 = Developer Peace of Mind
SOC 2 compliance translates into tangible benefits for developers, teams, and businesses using Laravel's commercial products.
- Assurance: Your client data is handled with audited security practices. You have independent verification that we follow established protocols for data protection, system availability, and confidentiality.
- Compliance alignment: Many organizations now require their vendors to have SOC 2 certification. This requirement is especially common in healthcare, finance, and enterprise environments where regulatory compliance is critical. Laravel's SOC 2 status makes our products easier to adopt in these regulated industries.
- Risk reduction: SOC 2 compliance reduces your exposure to security incidents, data misuse, and service disruptions. Our controls are designed to prevent issues before they occur and respond effectively when they do.
- Trust and credibility: You can trust Laravel tools for their functionality and their security posture. When evaluating hosting platforms or development tools, you need confidence that the provider takes security seriously. SOC 2 provides that confidence.
Why We Invested in This
We decided to pursue SOC 2 compliance at Laravel for three main reasons:
- Customer demand: Enterprises, agencies, and regulated industries can't adopt tools without compliance assurances. We've heard from customers who want to use Laravel's paid services but need SOC 2 certification to satisfy their own compliance requirements or client contracts.
- Long-term vision: Laravel has evolved beyond developer experience alone. As we build tools that scale into enterprise environments, compliance becomes essential.
- Transparency: SOC 2 proves our security practices exist and work as designed. Independent auditors have verified our controls. This transparency builds trust and demonstrates our commitment to protecting your data with measurable, audited standards.
The Laravel Compliance Roadmap
SOC 2 is the beginning of Laravel's compliance roadmap. We're building a comprehensive framework to meet the needs of customers in regulated industries and international markets.
GDPR, CCPA, SOC 2 Type2
Currently, Laravel maintains compliance with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), alongside our new SOC 2 Type 2 certification for Laravel Cloud. You can view our complete compliance status at trust.laravel.com.
US-EU DPF
Next up is the US-EU Data Privacy Framework (DPF), which we're targeting for completion in September. The DPF provides a mechanism for lawful transfers of personal data from the EU to the United States.
ISO 27001 and HIPAA
After completing SOC 2 across all products and achieving DPF compliance, we'll pursue ISO 27001 certification. ISO 27001 is an international standard for information security management systems, providing another layer of assurance for enterprise customers. Following that, we plan to achieve HIPAA compliance, targeting completion by the end of March 2026. This will enable Laravel products to be used in healthcare environments where protected health information is involved.
What Comes Next
SOC 2 compliance is rolling out across Laravel Cloud, Forge, and Nightwatch throughout the remainder of 2025. Nightwatch should complete its SOC 2 Type 1 audit within the next few weeks, followed by Forge's certification by the end of November.
Once certified, customers will be able to request SOC 2 reports through our trust portal. These reports provide detailed documentation of our security controls and audit results, which many organizations need for their own compliance processes or vendor assessments.
SOC 2 compliance requires ongoing commitment. We'll continue conducting regular audits and continuously improving our security posture. As Laravel's tools evolve, our compliance framework will evolve with them, ensuring your data remains protected as we add new features and capabilities.
Trusted by Design
Laravel has always committed to developer happiness, and now we're extending that same attention to enterprise-grade trust and compliance. SOC 2 certification means you can use tools that are both enjoyable and meet strict security requirements.
Laravel Cloud, Nightwatch, and Forge all prioritize compliance alongside functionality. You can proceed with confidence knowing that your data is protected by audited security practices designed to scale with your business needs.
Explore Laravel Cloud, Nightwatch, and Forge with the assurance that compliance is built into everything we do.