AI compliance documentation. In hours, not months.
The Compliance Documentation Assistant guides your team from risk classification through technical documentation to evidence-based compliance reports. AI-powered, legally transparent, auditable.
The deadlines are set
Feb 2025
Prohibited practices (Art. 5)
in effect
Aug 2025
AI competence (Art. 4)
AI Literacy in effect
Aug 2026
GPAI enforcement
Market surveillance active, fines up to €35M or 7% annual revenue
Q4 2026
Harmonized standards
CEN/CENELEC JTC 21 expected
Aug 2027
High-risk systems
All obligations apply, Annex IV fully required
Feb 2025
Prohibited practices (Art. 5)
in effect
Aug 2025
AI competence (Art. 4)
AI Literacy in effect
Aug 2026
GPAI enforcement
Market surveillance active, fines up to €35M or 7% annual revenue
Q4 2026
Harmonized standards
CEN/CENELEC JTC 21 expected
Aug 2027
High-risk systems
All obligations apply, Annex IV fully required
14 tasks
per high-risk AI system
EU AI Act
1 person
typical staffing for AI compliance in companies
AI Act Now Conference 2026
3 months
until GPAI enforcement (August 2, 2026)
EU AI Act Art. 113
Companies face 14 documentation obligations with over 117 fields, per AI system. At the same time, the EU AI Act, GDPR, DORA, BaFin guidance, and BSI standards overlap. The alternative: expensive consultants at €1,000-2,000 per day, or wait and hope.
One tool for the entire regulatory landscape
EU AI Act
Regulation (EU) 2024/1689
Risk classification, Annex IV (63 fields), Annex V, Art. 17 QMS, Art. 72 PMM, Art. 27 FRIA. Full coverage of all 14 obligation types
GDPR
General Data Protection Regulation
Data Protection Impact Assessment (DPIA), Art. 9 special categories of data, Art. 35 high-risk processing
BaFin AI Guidance
Guidance on AI/ICT Risks
Governance, board oversight, testing obligations, burden of proof for insurance and financial services
BSI AI Criteria Catalog
AI Testing Criteria for Federal Agencies
Unified criteria catalog for AI in public administration, under development by BSI T25
DORA
Digital Operational Resilience Act
ICT risk management, resilience testing, third-party risk for AI systems in the financial sector
NIS2
Network and Information Security Directive
Cybersecurity requirements for essential and important entities, 24h reporting obligation
GDNG
Health Data Use Act
Secondary use of health data for AI training/testing, pseudonymization, access concepts
ISO 42001
AI Management System Standard
International standard for AI governance beyond regulatory minimums
EHDS
European Health Data Space
EU-wide framework for health data interoperability and secondary use (from 2029)
MDR
Medical Device Regulation
AI systems as medical devices, dual regulation AI Act + MDR
Copyright / DSM
Text and Data Mining (Art. 4 DSM Directive)
Training data documentation, TDM exception, opt-out mechanism
EU AI Act is here. Are you ready?
The EU AI Act creates hard deadlines for organizations deploying AI systems. GPAI enforcement starts August 2026. High-risk obligations follow in 2027. elluminate helps you prepare now, with structured evaluation and documentation workflows that turn regulatory requirements into actionable steps.
Test against real compliance frameworks.
Run pre-built compliance packages based on the Fraunhofer KI-Prüfkatalog, BSI criteria, and EU AI Act prohibited practices. Six trustworthiness dimensions, 54 test cases each, plus 96 prohibited-practice tests. See exactly where your AI system passes, where it fails, and what needs attention.
From evaluation results to regulatory documentation.
The Compliance Documentation Assistant guides you from risk classification through Annex IV technical documentation. Answer guided questions section by section, see the legal basis for every field, and generate draft reports with evaluation evidence integrated. Gaps are clearly marked, so you always know what's missing.
What a generated compliance report looks like
