EU
AI Act Compliance Platform
Regulation (EU) 2024/1689 — high-risk obligations apply 2 August 2026

EU AI Act compliance
without the Big Four invoice.

Start with a 15-minute triage to find out if the Act even applies to you. If it does, the platform walks you through discovery, classification, gaps and evidence — reusing your existing GDPR work, chasing your vendors for you, and ending with a shareable trust profile you can attach to any RFP.

Start with the 15-minute triageSee how it worksNo credit card · out-of-scope users leave with a signed certificate
Regulation coverage
113 Articles
Classification framework
6-gate engine
Built-in artefacts
FRIA · PMM · Art. 73
Literacy training (Art. 4)
6 modules · 37 Qs
Member State authorities
EU-27 + EEA
Process

From ‘what’s AI?’ to audit-ready in five stages.

The platform takes you through the compliance lifecycle in the same order the Act itself is structured.

STEP 01

Discovery

An AI-guided interview identifies every AI system you provide, deploy, or integrate — including the ones hidden inside your SaaS.

STEP 02

Classification

A six-gate engine maps each system against Articles 5, 6, 50 and Annex III with traceable reasoning at every step.

STEP 03

Gap assessment

Role-aware analysis for providers and deployers across Articles 9–15 and 26, with priorities and deadlines.

STEP 04

Expert validation

Every material classification is reviewed by a qualified analyst before it becomes your compliance record.

STEP 05

Audit evidence

Generate Annex IV documentation, FRIAs, post-market monitoring plans, and Article 73 incident reports on demand.

Capabilities

Every Article the SMB needs. Nothing it doesn’t.

The platform ships with the specific obligations every provider and deployer must meet — not a generic GRC toolkit.

Art. 3

Intelligent discovery

Conversational AI + document intelligence surfaces every AI system in your organisation, including vendor-embedded features most inventories miss.

Arts. 5, 6, 50

Six-gate classification

Deterministic rules for clear cases; LLM reasoning with citations for edge cases; mandatory human validation on every material output.

Arts. 9–15, 26

Role-aware gap assessment

Different obligations apply to providers and deployers. Each gap maps to a specific Article, with recommended actions, priorities, and deadlines.

Art. 27

FRIA workflow

Guided Fundamental Rights Impact Assessment for public authorities, private entities providing public services, and Annex III points 5(b)/(c).

Art. 73

Serious incident reporting

2-day / 10-day / 15-day SLA countdown, EU-27 + EEA authority directory, structured Commission-template report generator.

Art. 72

Post-market monitoring

Default metric catalogue grounded in Arts. 9–15, threshold-driven alerts, periodic reviews with Art. 79 risk escalation, Annex IV-ready plan PDF.

Art. 25

Value-chain contracts

Six grounded templates (Provider–Deployer, GPAI, Art. 25(4) addendum, substantial modification, purpose change, supplier bundle). Track counterparties and role-switching events.

Art. 4

AI literacy programme

Six role-based training modules with 37 quiz questions, completion certificates, and org-wide coverage tracking — auditable Art. 4 evidence.

Annex IV

Audit-ready exports

Technical documentation, conformity evidence, incident reports, literacy certificates, and monitoring plans in PDF and JSON formats.

Built for Marta, not McKinsey

Four things you won’t find in a generic GRC tool.

The AI Act SMBs face the same obligations as the Fortune 500 — but with a fraction of the budget. These are the four entry-points we built because no one else did.

15-min path

Express Triage

Am I even in scope?

A structured 11-question wizard that gives you a deterministic scope verdict in a coffee break. Out-of-scope users leave with a signed PDF certificate — no upsell, no funnel trap.

Arts. 2, 3(1), 5, 6, 50, 51
Onboarding accelerator

GDPR → AI Act Bridge

Reuse what you already did.

Import your Art. 30 ROPA entries and Art. 35 DPIAs. One click turns ROPA-with-AI into inventory entries; one click syncs your DPIA into a pre-filled FRIA. Article 27(4) exists for exactly this.

Art. 27(4)
Value-chain evidence

Vendor AI Act DDQ

Answer the Art. 25(4) question.

Send a 47-question DDQ to your AI vendors via a tokenised public link — no account for them to create. Responses auto-file into your Art. 25 dossier. Vendors answer once, share with every customer.

Arts. 25(4), 25(5)
Procurement-ready

Public Trust Profile

Answer procurement once.

Publish a versioned, SHA-256-signed attestation at a shareable URL. Enterprise buyers see your compliance posture without an NDA; you stop filling in the same RFP questionnaire twice a month.

Attestation + growth loop
15-minute first value
Triage certificate in one sitting
Zero re-entry
Your GDPR work imports directly
Network-effect vendor portal
Answer once, share with every customer
Signed attestation
SHA-256 tamper-evident, versioned
Pricing

Priced for SMBs, not Deloitte.

Start free forever. Unlock your Compliance Pack for €499 once. Run your ongoing programme from €149 per month.

Free
€0forever

Triage, discovery, classification, Trust Profile — no card.

  • Express Triage — Am I in scope?
  • Discovery + AI Systems inventory
  • Gap assessment (view-only)
  • Public Trust Profile
Start free
Essentials
€149per month

Run the operate tier: literacy, DDQs, roadmap.

  • Art. 4 Literacy programme
  • Vendor DDQ campaigns
  • GDPR Bridge — team features
  • Roadmap kanban · 3 seats
Choose Essentials
Most popular
Professional
€349per month

Full Operate: monitoring, incidents, contracts.

  • Everything in Essentials
  • Art. 72 Monitoring plans
  • Art. 73 Incident workflow
  • Art. 25 Contracts · 10 seats
Choose Professional
Team
€799per month

Groups, regulated sectors, priority support.

  • Everything in Professional
  • Unlimited seats
  • Advisory credits bundled
  • Priority support + SLA
Choose Team
One-time · €499 · No subscription
Compliance Pack — unlock your full output layer
Consolidated AI Act PDF + per-system Art. 11 tech docs + Art. 47 DoC + Art. 13 IFU + FRIA exports. Signed, versioned, SHA-256 hashed.
Unlock · €499
See detailed plan comparison and FAQ
Who it’s for

Different roles. Different obligations. Same platform.

The Act treats providers and deployers differently. The platform knows the difference — and the value chain between you.

Art. 3(3)

Provider

You develop, train, or place AI systems on the EU market. Providers carry the bulk of the compliance load: conformity assessment, documentation, post-market monitoring.

  • Risk management system (Art. 9)
  • Technical documentation (Art. 11 + Annex IV)
  • Conformity assessment (Art. 43)
  • Post-market monitoring (Art. 72)
  • Serious incident reporting (Art. 73)
Art. 3(4)

Deployer

You use AI systems under your authority in the EU. Deployers are responsible for operational governance, human oversight, and transparency to affected persons.

  • Use per instructions (Art. 26(1))
  • Human oversight assignment (Art. 26(2))
  • Log retention for 6+ months (Art. 26(6))
  • FRIA where applicable (Art. 27)
  • Transparency to affected persons (Arts. 26(9), 50)

Start before the deadline finds you.

Most SMBs will need months of work to meet the 2 August 2026 high-risk deadline. Begin with a free discovery session. No credit card required.

Create free accountSee pricing