The whole instrument

Every capability, in one place.

AIComply is one system, not a suite. Classification, obligation mapping, risk management, quality system, verifiable documentation, provider–deployer handoff and AI-literacy tracking — all sharing the same engine, the same evidence ledger, the same audit trail.

Classification wizard

ART. 5 · ART. 6 · ANNEX III

A wizard that walks the law, not your gut.

A branching decision tree that mirrors the Act's exact classification logic — prohibited practices first, then Annex I sectoral overlap, then Annex III §1–§8 domains, then Article 6(3) self-exclusion, then Article 6(4) authority notification when the system stays out. Every step is anchored to its article; every answer becomes a Classification record you can re-open without restarting.

Prohibited-practice screening (Art. 5) before anything else.
Annex III domain picker with conditional flags (biometrics, workplace, GPAI).
Art. 6(3) exception wizard with the six criteria, individually argued.
Art. 6(4) authority-notification record for self-excluded systems.
Aria suggests the answer; you confirm and sign — every decision audited.

ProviderTriage Assistant · Classify · Step 3 of 4

Step 3 of 4 · Annex III filter

Which Annex III domain applies?

ART. 6(2)

✦

Aria suggests · §4 Employment

"Reading 'CV-Screener for hiring decisions' — Annex III §4 covers AI used in recruitment, performance evaluation and worker monitoring."

§1BiometricsRemote ID · emotion · categorisation

§2Critical infrastructureEnergy · transport · water

§4EmploymentHiring · evaluation · termination

§5Essential servicesCredit · insurance · benefits

Smart obligation mapping

ENGINE

The right obligations, auto-mapped.

Once a system is classified, the engine reads role + risk tier + Annex III domain + behavioural flags and materialises the exact obligations that apply. A workbench, not a checklist: drag tasks between To-do, In Progress, In Review and Complete. Article-derived deadlines, role-aware filters, evidence at the item level.

Conditional logic for biometrics, workplace AI, GPAI, emotion recognition.
Role-aware: deployer, provider, importer, distributor — different journeys.
Tabs auto-generated from the engine; phase gates lock the next step.
Granular checklist auto-tick from backing data (RiskPlan, Annex IV doc, Oversight plan).

CompliancePortfolio · 12 systems · Q2 2026

To do2

Art. 9

Residual risk sign-off

12 MayJD

Art. 14

Stop-mechanism designed

20 MayMK

In progress2

Art. 11

Annex IV technical doc

5 MayAS

Art. 26(7)

Worker notification

1 JunJD

Complete2

Art. 6(3)

Self-exclusion record

—MK

Art. 13

IFU drafted + sealed

—AS

Risk management

ART. 9

From risk register to residual sign-off.

A working RiskPlan with item-level controls, inherent and residual scoring, and a sign-off ledger. Mitigations that close items also tick the Art. 9 checklist. Reality wins — delete every risk item and the obligation flips back to NOT_STARTED.

Inherent + residual scoring per item, with a heat-map view.
Mitigation actions tied to evidence + assignee + due date.
Residual-risk sign-off transitions Art. 9 to COMPLETE; the ledger is permanent.
Periodic review (Art. 9(8)) scheduled automatically; calendar integration.

DeployerCV-Screener · Hiring · Annex III §4

Art. 9 · Risk management

Identify, analyse, mitigate.

Annex III domain confirmed

Residual risk score recorded

Post-market monitoring plan draftedOPEN →

Art. 9(8) periodic review scheduledOPEN →

Quality management system

ART. 17

QMS that lives where the work happens.

The Art. 17 quality management system is not a Word document — it's the union of every other obligation. AIComply gives you the QMS shape (policies, responsibility allocation, change management, post-market plan, incident reporting) and wires each piece to the live evidence already attached to your obligations.

Policies + responsibility matrix maintained inside the platform.
Change management triggers re-classification when systems materially change.
Post-market monitoring plan and serious-incident reporting workflow.
QMS export: a single PDF that references every backing document by hash.

CompliancePortfolio · 12 systems · Q2 2026

To do2

Art. 9

Residual risk sign-off

12 MayJD

Art. 14

Stop-mechanism designed

20 MayMK

In progress2

Art. 11

Annex IV technical doc

5 MayAS

Art. 26(7)

Worker notification

1 JunJD

Complete2

Art. 6(3)

Self-exclusion record

—MK

Art. 13

IFU drafted + sealed

—AS

Verifiable documentation

ANNEX IV · ART. 47 · ART. 49

Documents you can prove.

Annex IV technical files, Fundamental Rights Impact Assessments, EU Declarations of Conformity and Annex VIII registration packs assemble themselves from your live system data. Smart forms with Aria suggestions, evidence at item level, audit trail of who filled what when. Every document is hash-sealed; every dossier carries a public verify URL.

Annex IV builder pulls from RiskPlan, oversight plan, training data record.
FRIA wizard for Annex III §5 deployers; auto-skipped where not required.
EU DoC editor pre-fills from the chosen Art. 43 pathway.
Annex VIII export: the EUDB registration sheet, ready to paste.
verify.aicomply.ie — a regulator or buyer can check the seal without an account.

Regulator viewTriage Assistant · Dossier · DOS-000041

Annex VIII · Art. 49 dossier

Triage Assistant — provider record.

Provider: NorthLine Health Ltd · IE
Risk tier: HIGH · Annex III §5
Pathway: Annex VI · internal control
DoC: signed 18 Apr 2026 · v1.2

● SEALEDSHA-256: 8a4f…d12cverify.aicomply.ie/d/DOS-41

Provider ↔ deployer handoff

ART. 13

Art. 13 IFU exchange, in one click.

When a provider hands a high-risk system to a deployer, the Instructions for Use must travel — system purpose, performance, known limitations, oversight measures, monitoring obligations. AIComply seals the IFU package on the provider side and lets the deployer paste-import it on theirs. Cross-org, cross-account, cryptographically sealed.

Provider seals the IFU package; gets a one-time sharing token.
Deployer pastes the token; the package imports into their system record.
Hash chain links the deployer's copy back to the provider's seal.
Audit log on both sides — fields imported, who imported, when.

Provider → DeployerArt. 13 · IFU package · sealed 24 Apr 2026

Art. 13 · Instructions for use

Provider → Deployer handoff sealed.

Provider

NorthLine Health

────→

Deployer

St. James's Hospital

System purpose + intended population

Performance metrics + known limitations

Human oversight measures (Art. 14)

Monitoring obligations (Art. 26)

SEAL · 24 APR 2026 · 14:02 UTC

AI literacy programmes

ART. 4

Six role-based programmes, tracked.

Article 4 obliges providers and deployers to ensure a sufficient level of AI literacy across staff. AIComply ships six role-tailored programmes (Engineering, Product, Compliance, Data, Sales, Leadership), tracks completion per person, and surfaces the org-level percentage your auditor will ask for first.

Programmes calibrated to role responsibilities, not generic e-learning.
Per-person completion certificates; org-level dashboard for the board.
Refresher cadence (annual / on-role-change) tracked and prompted.
Certificate hash + verify URL — same trust mechanism as Annex IV docs.

Org · 84 peopleAI Literacy · Art. 4 · Q2 2026

Art. 4 · AI literacy programmes

68% of staff certified

84 PEOPLE

Engineering

92%

Product

78%

Compliance

100%

Data

64%

Sales

41%

Leadership

23%

Where to next

See how it fits your shape.

The same instrument, different starting points — by company size, by sector, by what you're optimising for.

Small Business →Enterprise →Tech Startup →Legal →Healthcare →