Six stages. Four roles. Every handoff documented, every artifact structured and attributable. This is how governed AI compliance produces a reconstructable record.
EAB structures role separation by design — no single actor can complete the governance cycle alone. Each stage produces a timestamped artifact that the next stage builds on, creating a chain of custody that holds under external scrutiny.
Each stage is gated on the previous one. The output of every stage is a structured, timestamped artifact — not a field in a form.
The operator registers the AI system through a structured wizard. Business context, deployment scope, affected populations, and intended use — all captured in a defined schema, not free-text fields that drift between audits.
The AI system owner or IT department adds the technical layer that the law requires to be documented: training data characteristics, model architecture, decision output type, and human oversight provisions.
The most critical stage. A qualified supervisor initiates the screening session against the obligation profile for the system's risk classification. EAB analyzes the system against Annex III criteria and derives the full obligation set. The supervisor retains override authority — but every bypass is logged with justification.
The screening result activates a structured obligation set, derived from the risk classification and legal source context. Each obligation is mapped to its article reference, assigned to a role, and tracked independently. The legal source context informs the obligation logic — human responsibility for each obligation remains intact and attributed.
Each obligation requires evidence. EAB structures what must be collected — technical documentation, conformity declarations, QMS policies, data governance records, oversight logs. Evidence is attached to the obligation record, not stored separately in a folder that nobody finds at audit time.
External or internal auditors receive a dedicated, read-only workspace. Sealed records, complete decision trails, legal version snapshots, and PDF exports — structured for conformity assessments and supervisory authority reviews, without requiring preparation from your team and without any modification access to live records.
When incorporated legal source changes are confirmed, EAB analyzes which obligation areas are affected and flags each impacted system for controlled re-screening. A new screening record is created — anchored to the new legal version — while the entire previous chain remains intact. The audit trail is never modified. It only grows.
Available from Professional. The full governance chain activates the moment your first system is registered.
EU-hosted · Anchored to CELEX 32024R1689
Tell us about your organization and what you’re looking to address. We’ll follow up with the relevant information.
