Documentation
Step-by-step guides to get your company compliant with the EU AI Act.
Getting started
~15 minutes to onboard your first AI system
Create your account
Go to the sign-up page and fill in your name, company email and password. You'll receive a confirmation email. No credit card needed for the 14-day trial.
Set up your organization
Enter your company name, country, sector and size. This information helps the platform pre-select applicable obligations (e.g., public sector organizations have additional requirements under Annex III).
Add your first AI system
From the dashboard, click "Add AI system". Give it a name, a brief description and the intended purpose (e.g., "HR recruitment screening tool" or "Customer support chatbot"). Each tool, application or model that uses AI needs its own entry.
Run the classification wizard
Answer 8–12 plain-language questions about the system. The platform automatically determines the risk level (prohibited, high-risk, transparency obligations, minimal risk, or GPAI) and lists the exact obligations that apply.
Upload the user manual
Per Art. 13 + Art. 26(1), every AI system must have the provider's user instructions stored and accessible. Upload the manual (PDF, DOCX or URL) in the Document Vault. This step is required before deployment.
Register the deployment
Before going live, confirm the deployment: select the responsible person (deployment operator), the go-live date and the intended use environment. This creates the immutable audit trail required by Art. 26.
Risk classification
How the engine works and how to interpret the result
The five risk levels
Practices banned outright by Art. 5 (e.g., social scoring, real-time biometric surveillance in public spaces). These systems must not be deployed.
Systems listed in Annex I (safety components of regulated products) or Annex III (AI in recruitment, credit scoring, law enforcement, education, critical infrastructure, etc.). Full obligation set applies.
Systems that interact with people (chatbots, emotion detection, deepfakes). Must disclose they are AI — Art. 50.
General-purpose AI models integrated into your product (GPT-4o, Claude, Gemini, etc.). Triggers additional obligations under Art. 53–55 if you fine-tune or substantially integrate them.
Most AI tools (spam filters, recommendation engines, AI-assisted productivity tools). No mandatory obligations — good practice documentation recommended.
How the classification engine works
The engine is rule-based (deterministic), not machine learning. It applies a decision tree of ~30 rules derived directly from the EU AI Act text and the Commission's Art. 3 and Art. 6 guidelines. Every decision is explainable and auditable — you can view the exact rule that triggered the classification.
When to re-classify
Re-run classification when: (1) the system's intended purpose changes, (2) the system is substantially modified (new training data, new features), or (3) new regulations come into force (e.g., Omnibus amendments). The platform will alert you when a re-classification is needed.
Document Vault
What to upload and how retention works
Required documents per risk level
| Document | High-risk | Transparency | Minimal | Legal basis |
|---|---|---|---|---|
| User manual (provider) | ✅ Required | — | ✅ Recommended | Art. 13 + Art. 26(1) |
| FRIA report | ✅ If Art. 27 applies | — | — | Art. 27 |
| DPIA / GDPR Art. 35 | ✅ Required | — | — | Art. 26(9) |
| EU Database registration (use) | ✅ Public bodies only | — | — | Art. 49(3) |
| Transparency notice (users) | ✅ Required | ✅ Required | — | Art. 50 + Art. 26(11) |
| Operations log (6 months) | ✅ Required | — | — | Art. 26(5) + Art. 12 |
| Incident reports | ✅ Required | ✅ If serious | — | Art. 73 |
| Annual review record | ✅ Required | — | — | Art. 26 |
Accepted file formats
PDF, DOCX, XLSX, PNG, JPG (max 50 MB per file). All files are scanned for malware on upload. URL links to external documents (SharePoint, Google Drive) are also supported with a reference note.
Document retention policy
Art. 12 requires keeping logs for at least 6 months after the end of the AI system's life. The platform automatically flags documents approaching the end of their retention window and sends reminders 30 days before deletion is possible.
Enterprise API & Webhooks
REST API for integrating compliance data with external GRC, BPM or BI tools.
The Enterprise API provides programmatic access to your compliance data. Authenticate with a personal access token generated in the platform.
| Method | Path | Description |
|---|---|---|
| GET | /api/v1/me | Authenticated user info |
| GET | /api/v1/ai-systems | List AI systems (filterable) |
| GET | /api/v1/ai-systems/{id} | Single AI system |
| GET | /api/v1/obligations | 28 obligations with status |
| GET | /api/v1/incidents | List incidents |
| POST | /api/v1/incidents | Create incident + fires webhook |
Webhook events
incident.created
ai_system.classified
ai_system.deployed
ai_system.retired
Payloads are signed with HMAC-SHA256. Verify the X-EuAiComply-Signature header on each request.