One workspace for the full AI Act lifecycle — from discovery to notified-body submission.
Nine modules, one audit chain, EU data residency by default. Designed for compliance teams that already use Vanta or Drata for SOC 2 and need something purpose-built for AI.
Find every AI system in production.
Plug in GitHub, AWS, Azure, GCP, Slack, Jira, Okta — we auto-discover SageMaker endpoints, Bedrock model usage, repos with AI manifests, and feed them into a triage queue your team can register in seconds.
- 48 pre-built integrations across cloud, DevOps, identity, GRC
- Webhook-driven discovery + scheduled sync
- De-duplication across teams + entities
The seven-step wizard that an EU lawyer would accept.
Every system runs through all eight Article 5 prohibitions (including Art. 5(1)(h) real-time remote biometric ID), Annex I and III triggers, Article 50 transparency obligations, and the new Article 2(1)(c) extraterritorial test. Live Claude analysis explains the verdict.
- Unacceptable / High / Limited / Minimal tier output
- Confidence score + machine-readable rationale
- Reviewer approval workflow + change history
Generate the technical doc the auditor wants to read.
Annex IV technical documentation, Fundamental Rights Impact Assessments (Article 27), Instructions for Use (Article 13), risk management files (Article 9), and post-market monitoring plans (Article 72) — drafted from your system context, version-controlled, reviewer-signed.
- Branded PDF with your logo + footer
- DRAFT → IN_REVIEW → APPROVED → PUBLISHED workflow
- Auto-section: cross-border data flows + transfer mechanisms
5×5 probability × severity, mitigated and reviewed.
Per-system risk register with probability × severity heatmap, mitigation tracking, owner assignment, and review cadence. Counsel suggests mitigations from your existing controls.
- P×S heatmap with click-to-edit
- Status flow: Identified → Planned → In Progress → Implemented → Verified
- AI-suggested mitigations from your risk patterns
Where you operate, where data flows, what each market needs.
Map every entity, system, and integration onto 15 pre-seeded jurisdictions. Detects extraterritorial scope under Art. 2(1)(c), missing Art. 22 representatives, GDPR Article 46 transfer mechanism gaps, and Schrems II TIA debt.
- Cross-border data flow register
- Auto-gap creation when mechanism is missing
- Per-jurisdiction obligation cards (EU, UK, US, IN, BR, …)
72-hour incident clock + drift and bias telemetry.
Post-market monitoring with drift detection, bias tracking, and the Article 73 serious-incident workflow including the 72-hour notification countdown and 15-day full-report deadline.
- Drift / bias / accuracy time-series per system
- Article 73 SLA dashboard + auto-notifications
- Notified-body submission packet on demand
Hash-chained evidence the auditor can verify.
Every action — every classification, document approval, integration sync, incident filing — is hash-chained with SHA-256 over canonical JSON. Auditors verify the chain in one click and get a tamper-evidence report.
- SHA-256 over canonical JSON + prev_hash per row
- One-click chain integrity verification
- CSV + PDF export for regulator submission
An in-house EU AI Act counsel that knows your stack.
Counsel injects your live system, entity, risk, and data-flow context into every prompt — so when you ask 'do we need a FRIA for the Resume Screener', it answers from your actual classification, not from generic regulatory text.
- 5 specialised modes: Classify, Ask, Draft, Review-risk, Remediate
- Cite-checks against Articles 5–73 + Annexes I, III, IV
- Save any answer as a draft document
Board PDFs that survive the regulator.
Eight report types out of the box — Board, Readiness, Article-by-Article Gap, FRIA, Risk Management, Data Governance, Custom, Benchmark. Branded with your colours + footer, exportable to PDF in seconds.
- Score gauge + 8-dimension readiness bars
- Per-entity rollup + priority gaps timeline
- Cross-border data residency posture section
Ready to ship EU AI Act compliance?
Join compliance leaders at regulated companies across the EU who use TrustWays AI to turn the AI Act from existential risk into a competitive advantage.