Autonomous · EU AI Act · 2026
Regulators expect a defensible risk story and traceable evidence — not a slide deck you update once a year. Agent Mai is autonomous compliance software: classify use cases, run integrity audits, and export Annex-ready artifacts on your timeline, with optional API automation so nothing waits on a vendor’s meeting slot.
Self-serve from signup. No mandatory consulting retainer. Wire audits into your pipeline when you are ready.
Live Compliance Scanner
ACTIVE91.4%
Integrity
2
Open Gaps
PASS
Art. 5
Autonomous by design
Agent Mai is product-first: you bring evidence, the engine classifies and maps gaps, and you export — or trigger runs from CI with API keys. No mandatory sales workshop to get your first report.
Sign up, run classify and audits, invite teammates — the same flow whether your legal team is lean or large.
API keys and scheduled scans fit your release train so integrity checks keep pace with code, not quarterly reviews.
Clear Lite vs Pro pricing versus open-ended advisory fees — see Pricing for the full ladder.
How it works
Most teams start in under a day: one workspace, real model cards and policies, then structured gaps your legal and engineering leads can challenge in the same thread — not a six-month programme.
Sign up with your work email. Audits, reports, and invites stay under one org — the boundary EU AI Act evidence should follow, even if you have no dedicated AI compliance office.
Create workspacePaste text or upload files (model cards, architecture notes, policy excerpts). We normalize them for Annex III–style signals and Annex IV depth checks — no consultant prep phase.
Open Quick AuditGet a conformity-style score, prioritized gaps, and draft language your counsel can edit. Export JSON for GRC or a report for the board when stakeholders align.
See report workflowWhy lean teams stay
EU AI Act · plain English
Regulation (EU) 2024/1689 is long; most mid-market conversations boil down to a handful of ideas: what is forbidden, what counts as high-risk, what you must prove, and how people stay in control. Here is a simple map — confirm details with your legal team.
A short list of AI practices the EU does not allow — for example certain social scoring, manipulative systems, or emotion inference in schools or workplaces. If you are in this bucket, it is not a paperwork problem: the use case itself has to change.
If your AI is used in areas like biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, or justice, it is often treated as high-risk. That triggers the full provider rulebook — not optional extras.
Risk management, training data governance, technical documentation, logging, transparency, human oversight, accuracy, and cybersecurity — all designed so authorities can see how the system was built and how it stays safe in production.
Annex IV spells out what “technical documentation” means: system design, data, testing, monitoring plans, and more. Think of it as the structured evidence bundle behind your AI, not a one-page marketing summary.
Many systems must make clear when people are talking to an AI, when content is synthetic, or when emotion or biometric categorisation is used — so users are not misled about what is happening.
High-risk systems need meaningful human oversight: people who understand the limits of the system, can stop it, and are not just rubber-stamping outputs — especially where decisions affect rights or safety.
Simplified for orientation only — not legal advice. Official text and guidance from the EU and national authorities always prevail.
In plain language
Instead of drowning in articles, your teams get practical answers: which obligations apply, which controls are missing, and what to fix first — whether you are product-led, legal-led, or engineering-led.
Know if a feature is likely low-risk, high-risk, or off-limits before roadmap commitments become expensive rework.
Review structured outputs with references and confidence cues — not a wall of screenshots and chat exports.
Choose Mai Cloud velocity or Vault-style control without changing the compliance story your board hears.
Modules
Each module does one practical thing: surface risk, map obligations, prepare evidence, and keep pace as your product changes — sized for teams that cannot staff a full GRC programme.
Ten-section technical documentation draft — pair with audits and export as you iterate with legal, without a document factory.
Heuristic prohibited-risk signals in each audit plus a checklist — honesty over false certainty.
Structured gaps and Article references in every report — deeper artifact linking as you mature.
Mai Cloud for speed; Vault mode when your policy forbids external inference — same workspace UX.
Deployment path
Fastest path to active compliance — built for lean teams that still need audit-grade evidence.
First-pass integrity report in the workspace
Classify → audit → Annex IV draft in one shell
API keys for automated audits (Developers)
runtime profile
MODE=SOVEREIGN_CLOUD
RESIDENCY=EU_REGIONS
EGRESS=CONTROLLED
OPS=MANAGED
Your compliance cycle
You do not need a new stack. Start with existing model cards and logs, then iterate in short cycles with clear ownership — realistic for organisations without a dedicated AI Act PMO.
Step 01
Architecture docs, model cards, and policy notes you already maintain.
Step 02
Map the use case to AI Act risk tiers and obligations.
Step 03
Prioritize control gaps and sequencing your bench can actually execute.
Step 04
JSON exports, Annex IV drafts, API keys for repeat runs as things change.
Operational truth
Mid-sized teams fail when every function keeps its own story. Agent Mai keeps classification, gaps, and exports in one org boundary so updates do not get lost between tools.
5+ → 1
Places evidence used to live
80% → 20%
Typical prep time for review packs
10 → 1,000+
Scale without losing the thread
Ecosystem
Implementation resources
Concrete assets for lean rollouts: deployment notes, compliance boundaries, and FAQs — so legal, IT, and product read the same memo.
From first audit to recurring reviews — a sequence teams can follow without a programme office.
Open checklistClear limits: what software assists with, what still needs counsel and regulators.
Read noticeProduct, legal, security, and deployment answers in one page for procurement and IT.
Read FAQTurn EU AI Act obligations into controls, technical evidence, and exports — without a retainer for every release. Start free; scale when your pipeline needs a saved workspace and API automation.