EU · Regulation 2024/1689 · Compliance instrument

Enterprise-grade EU AI Act compliance.
Without the enterprise sales call.

Veritome classifies, documents and tracks your AI systems article by article — at a price you can see and start today. The depth of a six-figure platform, built for teams that don’t have six figures.

2 Dec 2027
High-risk deadline
Art. 6
Classification engine
EU-only
Data residency
DeployerCV-Screener · Hiring · Annex III §4
Art. 9 · Risk management
Identify, analyse, mitigate.
Annex III domain confirmed
Residual risk score recorded
Post-market monitoring plan draftedOPEN →
Art. 9(8) periodic review scheduledOPEN →
Founding membersFirst 100 Founding Members get 30% off for life plus quarterly regulator roundtables.73 / 100 SPOTS OPEN
Become a Founding Member
Why a dedicated instrument

Most compliance tools weren't built for the EU AI Act.

Generic GRC platforms don't understand AI risk tiers, Annex III domains, or Article-specific obligations. We built for the regulation, not around it.

Without Veritome

We use twenty SaaS tools. Which ones are AI?

With Veritome

The system register with guided classification shows exactly which tools trigger EU AI Act obligations — with article references.

Without Veritome

We read four hundred pages of regulation and still don't know what to do.

With Veritome

Aria analyses your systems against Annex III and Article 5, proposes classifications, and drafts the matching obligations.

Without Veritome

Compliance is a one-time project we did in a spreadsheet.

With Veritome

Automated review schedules, evidence expiry alerts, and a living compliance calendar that never lets the file go cold.

The category has a gap

Too small for the enterprise tools. Too serious for a checklist.

Compliance software splits in two: platforms priced for companies a hundred times your size, and cheap tools that were never really built for the AI Act. Veritome is the instrument made for the middle.

Enterprise GRC

€30k–€100k+ / year · contact sales
  • Powerful — but priced for the Fortune 500
  • Months of procurement and demos
  • AI governance bolted onto a generic suite
  • Needs a dedicated team to run it
The incumbents
Veritome — the missing middle

Dedicated. Self-serve. Deep.

€0 free → paid plans · see the price, start today
  • Article-by-article classification built for the Act
  • Annex IV, FRIA & DoC dossiers for audit preparation
  • Transparent pricing — no sales call required
  • EU-hosted, GDPR-native, verifiable evidence
Enterprise depth, SME reality.

Cheap SME tools

€0–€150 / month
  • Broad multi-framework, shallow on the AI Act
  • Stops at a questionnaire or a checklist
  • Little real documentation or evidence
  • No living review cycle
Generic compliance apps
Art. 9 · Art. 6(3)

Classification that follows the law.

A branching decision tree that mirrors the Act's exact classification logic: prohibited practices, Annex III domains, Article 6(3) exceptions, role determination. Every decision documented with its article reference, every wizard step backed by Aria.

  • Every branch lands on a specific article or recital.
  • Aria proposes the classification; you confirm and sign.
  • Re-classification is a diff, not a reset.
ART. 9
Prohibited practice?NoArt. 5
Annex III domain?YesAnnex III
Art. 6(3) exception?NoArt. 6(3)
ClassificationHIGH RISK
Smart obligation mapping

The right obligations, auto-mapped.

The engine reads your classification and materialises the exact obligations that apply — by role, risk tier and Annex III domain. A workbench, not a checklist: drag tasks between To-do, In Progress, In Review, and Complete, with the deadline chip derived from the article, never guessed.

  • Role-aware — deployer vs. provider vs. importer vs. distributor.
  • Conditional logic for biometrics, workplace AI, GPAI on top.
  • One click to open the form that closes the obligation.
OBLIGATIONS · KANBAN
To do
In progress
Done
Annex IV · FRIA · DoC

Documentation, verifiable.

Annex IV technical docs, Fundamental Rights Impact Assessments and EU Declarations of Conformity assemble themselves from your live data. Every page is timestamped and hash-sealed; every dossier carries a public verify URL a regulator or buyer can check without an account.

  • Smart forms with Aria suggestions; evidence at item level.
  • Provider ↔ deployer Art. 13 IFU handoff in one click.
  • Regulator view: Fraunces display, marginalia article refs.
VERIFIABLE
Annex IV · Technical file
Hash-sealed · public verify URL
SHA-256 · 9f2a…c41VERIFIED
Already mandatory · Live since February 2025

AI literacy is not optional. Article 4 is in force.

Every company using AI professionally must ensure staff have sufficient literacy. Veritome's training module covers six role-based programmes, needs assessment, individual progress tracking, and compliance evidence generation.

Explore AI Literacy
AI Act Awareness2h
All staff — baseline literacy for anyone using AI.
Ready
High-Risk Operators6h
Tech team / operators running high-risk systems.
Ready
Oversight Procedures4h
Reviewers / overseers — Art. 14 human oversight.
Ready
Bias & Fairness3h
Data team — Art. 10 data governance.
Ready
GPAI Fundamentals2h
Leadership — general-purpose AI obligations.
Ready
Deployer Operations4h
Operations staff — Art. 26 deployer duties.
Ready
The rhythm

Compliance isn't a project. It's a cycle.

Veritome automates the review schedule. When a review is due, you know. When evidence expires, you know.

Annual risk-management reviewsArt. 9
Risk management system review required annually.
Six-month log retention checksArt. 26(6)
Verify decision logs retained and accessible.
Oversight training reviewsArt. 26(2)
Human oversight officer training currency check.
Quarterly change assessmentsArt. 9
Material changes re-trigger classification review.
Incident reporting timersArt. 73
15-day notification countdown from detection.
Evidence expiry alertsArt. 26
Certificate and document validity tracking.
The journey

Six phases, one continuous thread.

Every system walks the same gated journey — classify, scope, build, assess, register, monitor. Each phase unlocks the next; every obligation is tied to its article.

Compliance JourneyCompletion 8%

Phase 2 of 6 · Scope & literacy

Next step
Art. 4 AI literacy — all staff dealing with AI
Unassigned · Due 02 Aug 2026
Open
Setup · Here
Overview1/2Tech Docs0/1Certificates
Phase 3 · Build & Document
Risk Assessment0/1Human Oversight0/1Data Governance0/1
Phase 4 · Conformity Assessment
FRIA0/1
Phase 5 · Register
Registration0/1
Phase 6 · Operate & Monitor
Transparency0/1Incidents0/4
A working method for tracking your obligations — completion here is not a guarantee of legal compliance. Confirm with your counsel.
Powered by Mistral · Paris

Meet Aria — regulatory intelligence that speaks Article.

Aria analyses your AI systems against the EU AI Act, suggests risk classifications, identifies evidence gaps, and drafts the matching forms. Your data never leaves the EU.

Classification guidance
Describe a system — receive an Article-referenced suggestion with evidence.
Evidence analysis
Aria predicts what documents you need and flags what is missing.
Smart form assistance
Contextual suggestions while you fill Annex IV, FRIA and oversight forms.
Aria · Dialogue
“I have a CV screening tool used in hiring. Is it high-risk?”
Yes — this falls under Annex III §4(a). Employment, workers management and access to self-employment.

You will owe the Art. 9 risk management system, Art. 10 data governance checks, Art. 14 human oversight plan, and a Fundamental Rights Impact Assessment under Art. 27(1).
ART. 9ART. 10ART. 14ART. 27
113
Articles, mapped
< 1 hr
To first classification
100%
EU-hosted & GDPR-native
73 / 100
Founding spots open
Transparent tender

One price. No surprises.

All plans include EEA data residency and GDPR-native infrastructure.

Free
€0/month
Explore the platform risk-free.
1 AI system
Risk classification wizard
Basic obligation overview
Community support
Start free
Starter
€119/month
€149/month
For early-stage teams managing their obligations.
5 AI systems
Up to 5 team members
Full risk classification
Document generation (Annex IV, FRIA, DoC)
Obligation mapping
Email support
Get started
Most popular
Growth
€279/month
€349/month
For scaling teams with multiple systems.
Everything in Starter
25 AI systems
Up to 10 team members
GDPR integration module
Human oversight protocols
Transparency notices
API & webhook access
Priority support
Exports for your records
Get started
Business
€559/month
€699/month
For organisations with complex AI portfolios.
Everything in Growth
Unlimited AI systems
Up to 20 team members
Role-based access control
Custom document templates
Custom integrations
Get started
Questions, answered

EU AI Act, in plain English.

When do the EU AI Act rules actually apply?

Prohibited practices (Art. 5) have been banned since February 2025, and Art. 4 AI-literacy duties are already in force. High-risk obligations for stand-alone Annex III systems apply from 2 December 2027, and for AI embedded in regulated products (Annex I) from 2 August 2028 — both moved later by the Digital Omnibus.

Art. 4Art. 5Annex III

How do I know if my AI system is high-risk?

A system is high-risk if it falls within an Annex III domain — biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, or justice — unless an Art. 6(3) exception applies. Veritome's classification wizard walks this logic question by question and lands every system on its specific article.

Art. 6Annex III

I only use third-party AI tools like ChatGPT. Does the Act still apply to me?

Yes. You are a "deployer," and deployers have real duties — Art. 4 staff literacy, Art. 50 transparency for limited-risk tools, and full obligations if a tool is used in a high-risk way. Veritome defaults to the deployer journey, which is the one most SMEs need.

Art. 26Art. 50

What's the difference between a deployer and a provider?

A provider develops or places an AI system on the market under its own name; a deployer uses an AI system under its authority. Most SMEs are deployers. Veritome determines your role during classification and maps role-specific obligations automatically.

Art. 3Art. 25

What are the penalties for non-compliance?

Fines reach up to €35 million or 7% of global annual turnover for prohibited practices, with lower bands for other breaches. Even Veritome's top self-serve plan is a rounding error against that exposure. The free readiness check gives you a worst-case fine estimate.

Art. 99

Where is my data stored?

Entirely in the EU. Application and database on Hetzner (Germany), file storage on Hetzner S3, AI processing by Mistral (France) with training use contractually excluded, and no US sub-processors for compliance-critical data. Supervisory authority: the Irish DPC.

GDPR · EU-sovereign
Free resources

Start before you sign up.

New · 5 min

EU AI Act Readiness Check

15 branching questions. Score out of 100, risk classification per use case, fine-exposure estimate, and a prioritised action plan — delivered as a PDF.

Take the check
Excel · Download

EU AI Act Compliance Tracker

Six ready-to-use worksheets with pre-built templates, obligation checklists, and the full regulatory timeline. Works offline.

Download free tracker
The file stays cold for no one

Every AI system, accounted for.

The EU AI Act landed in August 2024. Prohibited practices are already banned, Article 4 literacy requirements are live, and the high-risk provisions land on 2 December 2027 (moved from August 2026 by the Digital Omnibus). Get ahead, properly.

“A dataset you cannot describe is a dataset you cannot defend.”
The Veritome handbook · Art. 10