Ship AI compliance anywhere you operate.
TrustWays AI covers EU AI Act, ISO 42001, GDPR, UK GDPR, CCPA, FADP, India's DPDP, RBI FREE-AI, and SEBI AI/ML — in one tenant-aware platform that reshapes itself per framework. Switch lenses, reuse evidence, ship audit-ready documentation.
No credit card 30-min walkthrough EU data residency
Spreadsheets and Slack threads can't carry €35M of penalty risk.
The EU AI Act applies to every provider and deployer placing AI on the EU market — including extraterritorially under Article 2(1)(c). Penalties under Article 99 reach €35M or 7% of global annual turnover.
One workspace for the full AI Act lifecycle.
From shadow-AI discovery to notified-body submission — without a separate tool for risk, docs, audit, or jurisdictional posture.
Classify
A seven-step wizard maps each system against Article 5 (prohibited), Article 6 + Annex III (high-risk), Article 50 (transparency), and Article 95 (minimal). Live Claude analysis explains why.
Document
Annex IV technical docs, FRIA reports, Instructions for Use, risk management files, post-market monitoring plans — generated from your system context, version-controlled, reviewer-signed.
Prove
Every action — every classification, document approval, integration sync, incident filing — is hash-chained. Auditors verify the chain in one click. Article 12 logging, solved.
From shadow AI to audit-ready in four steps.
Most customers run their first classification within an hour of connecting their cloud account. From there it's a steady cadence — not a fire drill.
Connect or upload
Plug in GitHub, AWS, Slack, Jira, Okta, OneTrust. We auto-discover AI assets — SageMaker endpoints, Bedrock model usage, repos with AI manifests — and queue them for triage.
Classify with the wizard
Seven questions per system map to all eight Article 5 prohibitions, Annex I + III triggers, Article 50 transparency, and the new Article 2(1)(c) extraterritoriality test.
Generate evidence
Annex IV technical doc, Article 9 risk register, Article 27 FRIA, Article 13 instructions for use. Each draft is system-specific, reviewer-signed, and version-controlled.
Monitor and report
Drift, bias, incident triage with the 72-hour Article 73 countdown. Board-ready PDF reports with jurisdiction posture, cross-border data flow register, and Annex IV gap analysis.
We went from a 47-tab spreadsheet of unclassified models to a board report that survives an EU regulator's questions in eleven working days. The TIA template alone saved us six weeks.
When does the EU AI Act actually apply to us?
Article 5 prohibitions and AI-literacy obligations applied from 2 February 2025. GPAI obligations and governance applied from 2 August 2025. The full general-purpose application date — including Annex III high-risk obligations — is 2 August 2026. Annex I high-risk product rules follow on 2 August 2027. TrustWays AI tracks all four deadlines and shows you which apply per system.
Does the AI Act apply to non-EU companies?
Yes — Article 2(1)(c) brings any provider into scope when the AI system's output is used in the EU, regardless of where the provider sits. We flag this for every system automatically. Non-EU entities also need an Article 22 EU Authorised Representative — we track this on the entity record.
What integrations come pre-built?
GitHub, GitLab, Jira, Linear, Jenkins for engineering. AWS, Azure, GCP for cloud-side discovery. Okta, Azure AD, Google Workspace for SSO + SCIM. Slack, SMTP for notifications. OneTrust, ServiceNow, Vanta for GRC overlap. Forty-eight in total across the catalog.
Where is our data stored?
By default, EU (Frankfurt, eu-central-1). Each tenant can choose EU, UK, US, APAC, India, Canada, or Brazil and we'll route storage accordingly. The jurisdiction module also tracks every cross-border data flow per AI system, including Schrems II TIAs.
How does this differ from Vanta or Drata?
Vanta and Drata focus on SOC 2, ISO 27001, and broad GRC. TrustWays AI is purpose-built for AI compliance — the EU AI Act articles, Annex III categories, FRIA workflows, post-market monitoring, and the Article 22 representative model. We integrate with the GRC tools you already run; we don't replace them.
Can the platform write our Annex IV documentation for us?
Yes — the document generator drafts Annex IV technical documentation from the system's classification + risk register + data flow context. A reviewer in your org signs off; the published PDF carries your branding + footer. Every revision is hash-chained.
Ready to ship EU AI Act compliance?
Join compliance leaders at regulated companies across the EU who use TrustWays AI to turn the AI Act from existential risk into a competitive advantage.