Case file — C7191EF0
The idea
“ActReady The Problem: Non-compliance costs up to €35M (or 7% of revenue). Law firms charge €50k+ to draft these documents manually, which is unaffordable for small teams.”
The panel
eyreACT is your most direct competitor—already live, already using the same "TurboTax-style" framing, same €35M penalty talking point, same step-by-step risk assessment flow, and positioning around evidence automation rather than just document generation. Their GitHub/code integration depth isn't clear from available data, but their "living proof" messaging suggests they're moving beyond static docs. No funding figures found for eyreACT. The Reddit signal shows someone already marketing an EU AI Act compliance plan to r/ProductivityApps, confirming awareness is building but also that the space is getting noisy fast. Market size data wasn't found in live search, so I can't confirm TAM claims. Red flag you're ignoring: eyreACT already exists and covers your exact value prop. You're planning a 3-month solo build against an established team, leaving almost no margin before the August 2026 deadline to acquire customers. By the time you ship, prospects will already have chosen a tool. Genuine strength: The GitHub connector auto-populating architecture and data provenance sections is a concrete technical differentiator if eyreACT lacks deep code-level integration. Developer-native tooling could carve a wedge with engineering-led SMBs who distrust form-filling compliance platforms. Ship that single feature fast or you're dead on arrival.
The core challenge you're underestimating is regulatory interpretation. Annex IV isn't a static form—it requires nuanced judgment about risk classification, conformity assessment paths, and how technical details map to legal requirements. Your "smart interview" needs to encode legal reasoning that even specialists disagree on, and one wrong template output could expose customers to the very fines they're trying to avoid. That's a liability nightmare. The GitHub connector sounds impressive but will be a build-vs-buy trap—parsing arbitrary codebases for meaningful architecture and data provenance is an NLP/static-analysis problem far harder than a 3-month solo build suggests; you'll end up buying expensive tooling or shipping something superficial. There's no real technical moat here: the moment compliance becomes urgent, Vanta, OneTrust, or any GRC platform bolts on an AI Act module in weeks. What's genuinely well-chosen is the timing and the narrow scope—targeting Annex IV documentation specifically rather than broad compliance gives you a concrete, shippable MVP. But you need a regulatory partner embedded from day one, not just engineering.
The TurboTax analogy is seductive but hides a brutal CAC/LTV problem: your buyers are AI startups who don't yet know they need this, selling compliance to people who aren't thinking about compliance means expensive education-heavy sales cycles. Your €5k-€10k price point (the logical sweet spot below law firms) is likely wrong—SMBs will push for €1-2k expecting a SaaS tool, not a consulting substitute, and enterprises needing it most will want white-glove service you can't provide solo. With zero traction and a hard August 2026 deadline, you have maybe 12-15 months of relevance before the market either complies or finds alternatives; burn through €50-80k of runway fast. What works: the regulatory deadline creates genuine urgency and a non-negotiable purchase trigger—that's rare for early-stage SaaS. Ship fast or die.
This is exceptionally well-timed but dangerously narrow. The August 2026 EU AI Act compliance deadline creates genuine urgency starting mid-2025 as companies realize they're unprepared — you're entering right at the panic inflection point. The macro trend that matters most is regulatory enforcement credibility: if the EU signals serious enforcement (fines, audits), demand spikes; if enforcement appears toothless or delayed, your market evaporates overnight. The window is open now but will close fast — Big Four consultancies, legal tech players, and existing GRC platforms are all eyeing this space. Your genuine timing advantage: incumbents are still treating this as a consulting engagement, not a product problem, giving a solo dev a brief opening to ship something usable before they productize. Move immediately or this becomes a feature inside Vanta or OneTrust within 12 months.
Cause of death
eyreACT Already Ate Your Lunch
This isn't a "there might be competitors" situation. eyreACT is live, uses the same "TurboTax-style" language, the same €35M scare stat, the same step-by-step flow, and positions around evidence automation — your exact value proposition. You're planning a 3-month build. They've already shipped. By the time you have something demoable, the early-adopter SMBs who actually care about compliance ahead of the deadline will have already chosen a tool. You're not entering a race; you're arriving at a race that's already in progress, on foot, carrying your shoes.
The GitHub Connector Is a 3-Month Project Inside Your 3-Month Project
Your one concrete differentiator — auto-populating architecture and data provenance by scanning repos — is an NLP/static-analysis problem that sounds like a feature but is actually a product. Parsing arbitrary codebases to extract meaningful, legally defensible documentation about model architecture, training data lineage, and system boundaries? That's not a weekend integration. You'll either ship something superficial that no compliance officer would trust, or you'll burn your entire runway trying to make it real. And if you ship something superficial, you've lost the only thing that distinguishes you from eyreACT.
You're Selling Fire Insurance During a Sunny Day — With a 15-Month Shelf Life
Your buyers are AI startups who, by definition, are focused on shipping product, not on EU regulatory paperwork. The finance panel nailed it: this is an education-heavy sales cycle. You have to convince people who aren't thinking about compliance to spend money on compliance, price it low enough to beat a law firm but high enough to sustain a business, and do all of this before August 2026 — after which your market either complied (and doesn't need you) or decided the EU won't enforce (and doesn't care). Your entire revenue window is roughly 12-15 months, and the first 3 are spent building. That leaves you 9-12 months to find, educate, and close customers. Solo.
⚠ Blind spot
You're treating Annex IV as a document generation problem. It's not. It's a legal judgment problem. Risk classification, conformity assessment paths, how a specific model's architecture maps to specific legal requirements — these are areas where actual AI Act specialists disagree with each other. Your "smart interview" needs to encode legal reasoning, not just collect inputs. One wrong template output doesn't just lose you a customer; it exposes them to the exact fines they hired you to avoid. That's not a bug report — that's a lawsuit. You need errors & omissions insurance and a regulatory partner on day one, and you've budgeted for neither. The moment a customer gets fined using your output, your product is radioactive. TurboTax works because tax law has clear right answers. The AI Act, in its first year of enforcement, will not.
Recommended intervention
Kill the full-stack compliance platform. Ship only the GitHub connector as an open-source developer tool — a CLI or GitHub Action that scans a repo and generates a structured Annex IV data provenance and architecture skeleton in a standardized format. Don't interpret the law. Don't do risk classification. Just extract the technical facts from code and output them in a format that any compliance tool (including eyreACT) can ingest. This does three things: (1) it's the one feature you can actually build well in 3 months as a solo dev, (2) it targets engineering-led SMBs who distrust form-filling platforms — your actual wedge, (3) it makes you a complement to existing tools rather than a competitor, which means eyreACT's existence becomes distribution instead of a death sentence. Charge nothing for the OSS tool, monetize a hosted version with team dashboards and CI/CD integration at $50-100/month. You become the "developer layer" of AI Act compliance. If that gets traction, then you expand.
Intervention unlocking
5seconds
No account needed. One email, no follow-ups.
Want your idea examined? Free triage or full panel →