The idea

“AI compliance SaaS for companies using AI tools. We help businesses comply with EU AI Act (Article 4 AI literacy — already in force since Feb 2025), GDPR-for-AI, and US AI regulations (NIST AI RMF, CCPA). The problem: Every company using ChatGPT, Copilot, or any AI tool on customer data has live GDPR exposure right now. EU AI Act Article 4 (AI literacy obligation) has been in force since February 2025 — most companies have zero documentation. Enterprise clients are starting to ask for AI governance proof before signing contracts. The Aug 2026 deadline for high-risk AI (Annex III — fintech credit scoring, HR screening, healthcare AI) is 15 months away. What we do: AI Inventory — companies register all AI tools they use, with guided risk classification under EU AI Act tiers (minimal/limited/high/unacceptable risk) and NIST AI RMF categories Compliance Document Generation — one-click generation of AI Usage Policy, Technical Documentation, GDPR DPIA, Transparency Notice, Conformity Declaration. All version-controlled. Team Governance — send policies to employees, collect timestamped digital acknowledgements. Proof of Article 4 AI literacy compliance. Audit trail. Shadow AI Detection — browser extension that detects which AI tools employees are actually using (including ones not in the inventory). Flags GDPR risk in real time. Audit Reports — one-click PDF compliance reports, board-ready, exportable for enterprise due diligence or regulatory audit. Compliance Score — live score tracking across EU AI Act and NIST AI RMF frameworks. arget: B2B, 10-250 employee companies in EU (primary) and US (secondary) that are actively using AI tools and need to prove governance — either for regulatory reasons or because enterprise clients are asking. Likely buyers: compliance officers, legal/privacy teams, CTOs at scale-ups. What we're NOT: We don't cover GPAI model rules (that's for companies building foundation models like OpenAI/Mistral, not users). We don't do deep Annex III conformity assessments for medical devices or critical infrastructure — that's a consulting engagement.”