Sovereign AI Compliance
Agent Mai helps you classify use cases, run Annex-ready audits, and draft technical documentation — with structured evidence your governance teams can review (not legal advice).
Live Compliance Scanner
ACTIVE91.4%
Integrity
2
Open Gaps
PASS
Art. 5
How it works
No months-long setup. Create a workspace, run a quick integrity audit on your real model cards and policies, then share structured gaps and scores with legal and engineering — from the same console.
Sign up with your work email. Your audits, reports, and team invites stay under one org — the boundary EU AI Act evidence should follow.
Create workspacePaste text or upload files (model cards, architecture notes, DPIA excerpts). Agent Mai normalizes them for scanning against Annex III–style signals and Annex IV documentation depth.
Open Quick AuditGet a conformity-style score, prioritized gaps, and draft remediation language your counsel can edit — then export JSON for GRC or print a report for the board.
See report workflowQuick benefits
EU AI Act · plain English
Regulation (EU) 2024/1689 is long, but most product and compliance conversations boil down to a handful of ideas: what is forbidden, what counts as high-risk, what you must prove, and how people stay in control. Here is a simple map — always confirm details with your legal team.
A short list of AI practices the EU does not allow — for example certain social scoring, manipulative systems, or emotion inference in schools or workplaces. If you are in this bucket, it is not a paperwork problem: the use case itself has to change.
If your AI is used in areas like biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, or justice, it is often treated as high-risk. That triggers the full provider rulebook — not optional extras.
Risk management, training data governance, technical documentation, logging, transparency, human oversight, accuracy, and cybersecurity — all designed so authorities can see how the system was built and how it stays safe in production.
Annex IV spells out what “technical documentation” means: system design, data, testing, monitoring plans, and more. Think of it as the structured evidence bundle behind your AI, not a one-page marketing summary.
Many systems must make clear when people are talking to an AI, when content is synthetic, or when emotion or biometric categorisation is used — so users are not misled about what is happening.
High-risk systems need meaningful human oversight: people who understand the limits of the system, can stop it, and are not just rubber-stamping outputs — especially where decisions affect rights or safety.
Simplified for orientation only — not legal advice. Official text and guidance from the EU and national authorities always prevail.
In plain language
Instead of legal complexity, your teams get practical answers: which obligations apply, which controls are missing, and which fix should happen first.
Know if a feature is likely low-risk, high-risk, or prohibited before roadmap commitments become expensive rework.
Review structured outputs with legal references, confidence, and evidence links instead of disconnected screenshots.
Choose cloud speed or private vault sovereignty while preserving the same controls, logs, and governance process.
Modules
Each module handles one practical job: detect risk, map obligations, prepare evidence, and keep compliance current as your product evolves.
Ten-section technical documentation draft in the workspace — pair with audits and export as you iterate with legal.
Heuristic prohibited-risk signals in each audit plus a workspace checklist — not a full repository scanner.
Structured gaps and Article references in every report — deeper artifact linking on the roadmap.
Mai Cloud for speed, Vault mode for private LLM endpoints when configured — same workspace UX.
Deployment path
Fastest path to active compliance operations.
First-pass integrity report in the workspace
Classify → audit → Annex IV draft in one shell
API keys for automated audits (Developers)
runtime profile
MODE=SOVEREIGN_CLOUD
RESIDENCY=EU_REGIONS
EGRESS=CONTROLLED
OPS=MANAGED
Your compliance cycle
You do not need to redesign your stack. Start with existing docs and logs, then iterate in short compliance cycles with clear ownership across product, legal, and security.
Step 01
Connect architecture docs, model cards, and policy notes.
Step 02
Map use case to AI Act risk tiers and obligations.
Step 03
Generate control gaps and remediation sequencing.
Step 04
JSON exports, Annex IV drafts, API keys for repeat runs.
System-level results
Teams stop chasing updates across spreadsheets, tickets, and policy docs. Everyone works from one source of truth.
5+ → 1
Governance tools unified
80% → 20%
Manual reporting effort
10 → 1,000+
Scale without control loss
Ecosystem
Implementation resources
Instead of FAQs in the landing flow, start with concrete assets: deployment runbooks, legal templates, and role-based launch checklists.
A practical sequence from first audit to production monitoring so teams can move without confusion.
Open checklistStarter language for internal AI governance policy, human oversight ownership, and escalation paths.
See compliance noticeA full product, legal, security, and deployment FAQ in a dedicated page for stakeholders.
Read full FAQAgent Mai translates EU AI Act language into deployable controls, technical evidence, and auditable process.