Platform Overview

The complete AI
compliance stack

Three integrated phases of AI compliance — from static code analysis to live inference monitoring. Built on a cryptographically auditable foundation.

Phase 1
Detect
Scanner · GitHub Action · Risk Classification
Phase 2
Document
Legal RAG · Annex IV · PDF Reports
Phase 3
Monitor
Drift Monitor · Audit Vault · Enterprise SSO
Phase 1

AI Compliance Scanner

Static analysis of your codebase detects every AI library, classifies risk tier, and generates a compliance score — before code reaches production.

Python, TypeScript/JS, Cloud SDK detection
23 AI library signatures (OpenAI, HuggingFace, Anthropic, etc.)
Annex III intent patterns with proximity-window regex
Article 52 transparency obligation detection
Manifest scanner (requirements.txt, package.json)
Risk tiers: PROHIBITED → HIGH-RISK → LIMITED → MINIMAL
Build gate: blocks on PROHIBITED/HIGH-RISK without exemption
Compliance score + grade (A+ to F)
Coloured Rich CLI output + JSON + Markdown reports
PII sanitiser — no raw code sent to external APIs
sovereignaudit scan —path ./
# Scanning repository...
Scanning 47 files in ./src
Detecting AI libraries...
⚠ HIGH-RISK hr/screening.py:42 — CV scoring model (Annex III §4)
⚠ HIGH-RISK finance/credit.py:18 — Credit assessment AI (Annex III §5)
ℹ LIMITED chat/assistant.py:7 — Chatbot (Art. 52 transparency)
✓ MINIMAL utils/spam.py:3 — Spam filter (Recital 43)
Compliance Score: 72/100Grade: C
Files scanned: 47 · Findings: 3 · PDF report: ./compliance_report.pdf
⚠ Gatekeeper: 2 HIGH-RISK findings require Annex IV documentation
Phase 2

Annex IV Documentation Generator

Automatically generates all 7 required Annex IV technical documentation sections from your codebase. Creates board-ready PDF reports for regulators and auditors.

The generator analyses your code for model architectures, data sources, training patterns, evaluation metrics, and oversight mechanisms — then produces legally-aligned documentation using the Legal RAG engine.

Annex IV Dossier7 / 7 sections
A1
System Description
Purpose, capabilities, deployment context
A2
Technical Specifications
Architecture, model types, parameters
A3
Data Provenance
Training data sources, validation methodology
A4
Training Methodology
Training procedures, optimisation, metrics
A5
Human Oversight
Oversight mechanisms, intervention procedures
A6
Performance Metrics
Accuracy, robustness, bias evaluation
A7
Risk Mitigation
Identified risks and mitigation measures
Pulse — Drift Monitor
Live
Input Schema Drift
Undocumented fields appearing in inference inputs
WARNING
Output Category Drift
Model returning undocumented decision types
CRITICAL
Sensitive Fields Drift
PII/sensitive data in AI system inputs
CRITICAL
Confidence Drift Drift
Systematic decline in model confidence scores
WARNING
Volume Spike Drift
Request volume exceeds documented baseline 3×
WARNING
Model Version Drift
Undocumented model IDs detected in production
WARNING
Phase 3

Compliance Drift Monitor

Continuously monitors live inference logs against your Annex IV baseline. Detects regulatory exposure before it becomes a violation — and dispatches alerts in real time.

Submit NDJSON inference logs via the REST API. The Pulse module analyses each batch against six drift detectors and raises alerts when thresholds are exceeded.

Alerts dispatch to Slack, PagerDuty, and email. Critical violations trigger webhooks to Salesforce Risk and ServiceNow GRC.

Phase 3

Audit Vault & Data Room

Cryptographically chained audit trail with one-click M&A due diligence export. Every scan, override, and governance action is tamper-evident.

Cryptographic Audit Chain

HMAC-SHA256 blockchain-style chain. Any tampering breaks the hash — detectable instantly by the verification API.

SOC2 CC6.1, CC7.2, ISO 42001 Clause 9.1

Article 14 Liability Shield

Documents every human review decision on high-risk AI findings. The evidence trail that proves oversight was active.

Required: EU AI Act Article 14

M&A Data Room Export

One-click evidence package for due diligence: AI inventory, compliance history, oversight log, regulatory framework.

Includes due diligence readiness score
EU AI Act Enforcement: 2 August 2026

Know your AI systems.
Govern your risk.

Join the enterprises building defensible, auditable AI compliance infrastructure. Full visibility into every AI system — from first commit to live inference.

No source code retention SOC2 architecture ISO 42001 aligned Dedicated enterprise support