AI GOVERNANCE INFRASTRUCTURE  ·  EU AI ACT  ·  SOC 2  ·  NIST AI RMF

AI Models are shipped faster than ever.
Compliance needs to keep up.

Vigilens is the AI governance layer for teams that ship continuously. Encode EU AI Act, SOC 2, and NIST AI RMF controls directly into your deployment pipeline -- and stay audit-ready without slowing down.

Live · system audit
PASSING
SYSTEM credit-risk-v3.2
CLASSIFICATION HIGH-RISK · ANNEX III
CONTROLS PASSING 58 / 70
EVIDENCE FRESHNESS 12 min ago
AUDIT PACK v0247 · ready
Audit readiness 73%
VGL · 2026.04.26 NEXT RUN · 14:00 UTC
EU AI ACTHIGH-RISK OBLIGATIONS: 2 AUGUST 2026
SOC 2AUTOMATED CONTROLS · TRUST SERVICE CRITERIA
NIST AI RMFGOVERN · MAP · MEASURE · MANAGE
INTERNAL POLICIESMACHINE-EXECUTABLE · CUSTOM FRAMEWORKS
NON-COMPLIANCEUP TO €35M OR 7% GLOBAL TURNOVER
RULES-AS-CODENOT DOCUMENTS. EXECUTABLE CONTROLS.
SHIP FASTSTAY AUDIT-READY ON EVERY DEPLOYMENT
EU AI ACTHIGH-RISK OBLIGATIONS: 2 AUGUST 2026
SOC 2AUTOMATED CONTROLS · TRUST SERVICE CRITERIA
NIST AI RMFGOVERN · MAP · MEASURE · MANAGE
INTERNAL POLICIESMACHINE-EXECUTABLE · CUSTOM FRAMEWORKS
NON-COMPLIANCEUP TO €35M OR 7% GLOBAL TURNOVER
RULES-AS-CODENOT DOCUMENTS. EXECUTABLE CONTROLS.
SHIP FASTSTAY AUDIT-READY ON EVERY DEPLOYMENT
LIVE PRODUCT

Compliance, automated.
Evidence, continuous.

VIGILENS GOVERNANCE COPILOT — LIVE PRODUCT
app.vigilens.io / onboarding / classify
CLASSIFY
CONTROLS
EVIDENCE
AUDIT PACK
Workspace
Frameworks
EU AI Act
SOC 2
NIST AI RMF
Step 1 — Describe your AI system
READY
AI System Registration
Describe your AI system
System Name
Loan Approval Engine v2.4
What does it do?
⚡ CLASSIFY RISK
🔴
Classification Result
HIGH RISK
EU AI Act Annex III · Article 6 · Automated individual decisions
Control Library — Running Checks
0 / 8 controls passing
Human oversight review procedure documented
EU AI ACT
Technical documentation filed per Annex IV
EU AI ACT
Access control records current (90 days)
SOC 2
Incident response plan reviewed
SOC 2
Bias evaluation missing for v2.4
EU AI ACT
!
Data drift threshold exceeded — review required
NIST
Log retention policy active (EU AI Act compliant)
SOC 2
Model card published to internal registry
NIST
Evidence Stream — Auto-Collected
LIVE
GitHub · PR #441 merged → main
Model retrain commit — documentation requirement triggered
2m ago
Jira · ISSUE-2289 resolved
Human review ticket closed by @leila.a — auto-linked to control
14m ago
Datadog · Anomaly detected
Prediction drift +18% — Jira review ticket auto-created by Vigilens
1h ago
S3 · Log archive snapshot
Monthly inference logs archived · EU AI Act record-keeping satisfied
3h ago
MLflow · Model version v2.4 registered
Lineage captured — training data hash, hyperparameters, eval metrics
Yesterday
📦
GENERATING AUDIT PACK…
Loan Approval Engine v2.4
EU AI Act · SOC 2 · NIST AI RMF — READY
Controls
Artifacts
Frameworks
⬇ DOWNLOAD PACK — PDF + JSON
Generated with Vigilens · AI Governance Copilot · vigilens.io
CLASSIFICATION COMPLETE ×
EU AI Act — HIGH RISK detected. 70 applicable controls loaded.
! 2 VIOLATIONS NEED REVIEW ×
Bias evaluation missing · Data drift exceeded threshold.
1,204 ARTIFACTS COLLECTED ×
GitHub · Jira · Datadog · S3 · MLflow — 5 integrations active.
AI Classify
Controls
Evidence
📦
Audit Pack
THE VELOCITY GAP

Your AI ships daily.
Your compliance docs don't.

CURRENT STATE
01

Manual and Spreadsheet-Driven

A regulation drops. Lawyers interpret it. Someone writes a policy doc. Teams fill Word templates. Once a year they scramble to prove they did it. Then the model retrains and the cycle breaks.

THE VELOCITY GAP
02

Engineering Moved Faster Than Governance

Your AI team ships 40 times while your compliance team updates one spreadsheet. By the time you're in the audit room, the evidence trail is months out of date and impossible to reconstruct.

THE COST
03

Compliance Debt Compounds Like Technical Debt

Every deployment without a compliance check is a liability you'll pay back later -- under pressure, in front of a regulator, a customer's security team, or a notified body asking for evidence you don't have.

THE ARCHITECTURE

One platform.
Every framework your team will ever face.

LAYER 01

Scoping & Classification

The platform identifies which regulations apply based on your use case — hiring, credit, biometric, customer-facing — and maps the relevant jurisdictions automatically.

EU AI Act SOC 2 NIST RMF
LAYER 02

Control Library

The brain of the system. Regulatory obligations mapped to controls, mapped to machine-executable checks. Not a checklist — a running test suite for governance.

Rules-as-Code Auto-mapped
LAYER 03

Evidence Collector

Middleware that pulls evidence from where your team actually works — Jira, GitHub, ML platforms, observability tools, vendor contracts — automatically.

GitHub Jira Datadog AWS/GCP
LAYER 04

Continuous Compliance

Every release triggers compliance checks. Retrained model? Documentation required. Performance regression? Sign-off blocked. Like CI/CD — but for governance.

CI/CD Runtime Audit-ready
FREE TOOL · LAYER ONE

Does your AI fall under
the EU AI Act?

Answer 6 questions to find out your classification and obligations under the EU AI Act (Regulation 2024/1689). Based on the official Future of Life Institute compliance flowchart — updated July 2025.

Covers all provider, deployer, distributor and importer roles under Article 3
Outputs your specific obligations with article references
Free — no account required
vigilens.ai / eu-ai-act-checker
STEP 01 / 06 — ENTITY TYPE

What is your organisation's role?

Select the option that best describes your relationship to this AI system. You may qualify as more than one type — run the checker once per role. (Source: Article 3, Recital 83)

STEP 02 / 06 — PROHIBITED PRACTICES

Does your AI system perform any of the following?

These functions are prohibited under Article 5 of the EU AI Act. Select all that apply — if any apply, immediate legal review is required.

STEP 03 / 06 — HIGH-RISK CATEGORIES

Which categories does your AI system's use case fall into?

These are the Annex III high-risk categories under Article 6(2). Select all that apply — even partial overlap is enough to trigger high-risk status.

STEP 04 / 06 — SPECIAL SYSTEM TYPES

Does your AI system have any of these characteristics?

These trigger either GPAI obligations (Article 51–55) or transparency obligations (Article 50). Select all that apply.

STEP 05 / 06 — SCOPE & JURISDICTION

Which of the following apply to your AI system?

Certain systems are excluded from scope, and jurisdiction determines whether the Act applies at all. Select all that apply. (Source: Article 2)

STEP 06 / 06 — YOUR DETAILS

Where should we send your compliance report?

We'll email you a personalised compliance summary based on your answers. Company email required — personal email addresses are not accepted.

By submitting you agree to receive your compliance summary and occasional relevant updates from Vigilens. Unsubscribe anytime.

INSIGHTS

The ungoverned AI
problem, explained.

Regulation 12 Feb 2026 · 8 min read

The EU AI Act Is Here: What High-Risk AI Deployers Must Do Before August 2026

Deadlines are no longer abstract. The EU AI Act's high-risk obligations are live — and most AI teams deploying into HR, credit, and customer decisions have months to get compliant. Here's the practical checklist your legal team won't give you.

Read article
Rules-as-Code 28 Jan 2026 · 6 min read

Why AI Compliance Needs to Run Like CI/CD: Rules-as-Code Explained

Your code has unit tests. Your infrastructure has Terraform. But your governance still runs on Word documents and annual audits. Rules-as-Code changes that — turning regulations into executable checks that run on every release.

Read article
Enterprise 10 Jan 2026 · 5 min read

The $2M Enterprise Deal Your Governance Gap Is Killing

AI startups are losing enterprise contracts not because of the product — but because they can't produce verifiable proof that their AI is safe, auditable, and under control. The security questionnaire has become the new product demo. Here's how to win it.

Read article
Compliance Guide 12 Mar 2026 · 10 min read

Is My Company EU AI Act Compliant? Here's How to Check.

A plain-language guide to understanding the EU AI Act, what Articles 5, 6 and 9 actually require, and a step-by-step checklist to assess your current compliance status.

Read article
Innovation 12 Mar 2026 · 8 min read

The EU AI Act Was Built for Big Tech. Not for You.

Compliance costs of up to €400,000. Launch delays for 60% of EU startups. Here's the data on how regulation is hitting SMEs hardest — and how to automate your way through it.

Read article
Regulation 23 Apr 2026 · 6 min read

EU AI Act Enforcement Timeline 2024–2027

Prohibited practices were the first to bite. GPAI obligations followed in August 2025. High-risk AI hits 2 August 2026. Full phase-in breakdown and readiness checklist for each enforcement wave.

Read article
Technical Guide 10 Apr 2026 · 7 min read

EU AI Act Article 9: Risk Management System Requirements

Four mandatory components — hazard identification, risk estimation, risk evaluation, risk mitigation — plus the continuous lifecycle obligation that runs from design to post-market monitoring.

Read article
Technical Guide 19 Apr 2026 · 6 min read

EU AI Act Annex IV: Technical Documentation Requirements

Eight sections, a continuous update obligation, and 10-year retention. What Annex IV actually requires — and how to structure your documentation so an auditor can verify it in minutes.

Read article
Compliance Guide 14 Apr 2026 · 5 min read

EU AI Act FRIA: Fundamental Rights Impact Assessment Explained

Who must conduct a FRIA, when it must be done, what it covers, how it differs from a GDPR DPIA, and the Article 27 notification obligation to market surveillance authorities.

Read article
Roles Guide 17 Apr 2026 · 6 min read

EU AI Act: Provider vs Deployer — What It Means for SaaS

Most AI SaaS companies are simultaneously providers and deployers. The obligations are different and both apply. Here is how to map your product architecture to the right compliance track.

Read article
Regulation 21 Apr 2026 · 5 min read

GPAI vs High-Risk AI: Separate Tracks, Overlapping Obligations

Chapter V applies to GPAI model providers. Chapter III applies to high-risk system deployers. When your GPAI model powers a high-risk application, both chapters apply simultaneously.

Read article
Engineering Guide 25 Apr 2026 · 8 min read

GitHub Best Practices for EU AI Act Compliance Evidence

PR naming conventions, branch structure, CODEOWNERS, release tagging, and GitHub Actions checks that generate Article 9, 12, and 14 compliance evidence automatically on every commit.

Read article
Engineering Guide 25 Apr 2026 · 7 min read

Confluence and Jira for EU AI Act Technical Documentation

Annex IV page templates, Jira label conventions for tracing obligations to tickets, and how to build the Confluence-Jira-GitHub evidence chain regulators expect.

Read article
Engineering Guide 25 Apr 2026 · 7 min read

MLflow and Datadog for EU AI Act Compliance

MLflow run tags for Article 9 test evidence, model registry compliance gates, Datadog Article 12 log schema, Article 72 monitor naming, and 10-year retention configuration.

Read article
View all 14 posts  →
Last reviewed: 25 April 2026