What regulations does ComplianceOS cover?

ComplianceOS includes built-in playbooks for DORA (Digital Operational Resilience Act, EU 2022/2554), NIS2 (Network and Information Security Directive, EU 2022/2555), and GDPR (General Data Protection Regulation, EU 2016/679). Each playbook maps requirements to specific articles with legal text pulled directly from EUR-Lex. Additional frameworks include French AML/KYC (Code monetaire et financier) and Austrian Banking (BWG). You can also create custom regulatory playbooks.

How does the compliance gap analysis work?

Upload your policies and procedures (ICT risk frameworks, security policies, data processing agreements), select a regulation (DORA, NIS2, or GDPR), and ComplianceOS checks each article requirement against your documentation. Every finding includes the compliance status, evidence quotes from your documents, the official legal text, and remediation recommendations. Findings are verified through adversarial review and optionally cross-checked with multiple AI models.

Does ComplianceOS replace a compliance audit?

No. ComplianceOS performs a documentation gap analysis — it checks whether your documents address regulatory requirements, not whether technical controls are implemented. It's designed for pre-audit preparation, compliance readiness assessment, and evidence gathering. Results should be reviewed by a qualified compliance professional before being relied upon for regulatory purposes.

How does multi-model verification work?

Each compliance finding is first checked by the primary AI model (Claude), then optionally cross-checked by alternative models (GPT-4o, Gemini). If models agree on the finding, confidence increases. If they disagree, the finding is flagged for manual review with the dissenting view included. This multi-provider approach reduces the risk of any single model's blind spots affecting your compliance assessment.

How does continuous monitoring work?

Set up a monitoring schedule for any regulation — weekly, monthly, or quarterly. ComplianceOS automatically re-runs the analysis against your document collection and emails you when the compliance score changes. It also monitors EUR-Lex, Legifrance, and RIS Austria for legislative changes and triggers an immediate rerun if the law your playbook references is updated.

What happens to my documents?

Your documents are encrypted in transit and at rest. We never use your documents to train AI models. You control retention — delete immediately after analysis or keep for reference. Enterprise customers can specify data sovereignty requirements for EU compliance.

Can teams collaborate on compliance?

Yes. Shared workspaces let compliance teams collaborate on document collections, playbooks, analyses, and remediations. Team members see the same data with role-based access control (owner, admin, member, viewer). The compliance posture dashboard shows the team's regulatory status across all frameworks.

What document types do you support?

PDF, Word (.docx), Excel (.xlsx, .csv), PowerPoint (.pptx), and plain text files. Upload individual files or entire folders. Documents are extracted and analyzed with full context — no page limits on supported plans.

If your regulator walked in tomorrow — could you prove compliance?

Most financial institutions can't. ComplianceOS changes that. Centralise your documentation, analyse it against DORA, NIS2, and GDPR requirements, and produce audit-ready evidence — in minutes, not months.

Book a Demo Try Free

No setup fee. Analyse your first document in under 5 minutes.

Working with

EU-Sovereign Hosting|NVIDIA Inception Member|Nubbo Accelerator|ISO 27001 Aligned

Compliance is becoming a systemic risk

European regulators are no longer asking whether you're compliant. They're asking you to prove it — continuously, with evidence, across multiple overlapping frameworks.

But most institutions are stuck with fragmented documentation scattered across teams, no traceability from policy to proof, and audit cycles that take weeks and cost thousands.

The regulations have changed. Your compliance tooling hasn't.

Fragmented documentation

Policies scattered across shared drives, email threads, and spreadsheets with no single source of truth.

No traceability

No clear link from regulatory requirement to supporting evidence. When the auditor asks, you scramble.

Slow audit cycles

Manual reviews take weeks, cost thousands, and are outdated the moment they're completed.

Three frameworks. One deadline. Zero margin for error.

DORA, NIS2, and GDPR are converging on financial institutions simultaneously. Each demands continuous proof — not annual box-ticking.

DORA

Focus

ICT risk & digital resilience

Key demands

Third-party oversight, resilience testing, incident reporting

Penalty risk

Regulatory sanctions, operational restrictions

NIS2

Focus

Cybersecurity & incident response

Key demands

Executive accountability, mandatory breach notification

Penalty risk

Up to €10M or 2% of global turnover

GDPR

Focus

Data protection & privacy

Key demands

Traceability, explainable decisions, documentation

Penalty risk

Up to €20M or 4% of global turnover

From documentation to proof — instantly

ComplianceOS is the compliance copilot for financial institutions. Upload your policies, connect your evidence, and let six specialist AI reviewers analyse every document against live regulatory requirements.

Centralise

Bring all your policies, procedures, and evidence into one structured workspace. No more hunting across shared drives, email threads, and spreadsheets.

Analyse

Six specialist AI reviewers — Financial Accountant, Commercial Lawyer, ISO Auditor, Technical Architect, Privacy Officer, KYC/AML Officer — examine every document in parallel. Each finding includes the exact source text, page number, and confidence score.

Prove

Generate audit-ready evidence packages with full traceability from regulatory requirement to supporting document. When the regulator asks, you answer in minutes.

See ComplianceOS in action

Watch how a 47-page contract becomes a verified risk summary in under 3 minutes.

Try Free Book a Walkthrough

Five steps from chaos to audit-ready

Upload your SOPs

Use your own procedures or deploy our DORA, NIS2, and GDPR starter packs.

Build playbooks

AI constructs executable review workflows mapped to live EU and national regulation feeds.

Load your data room

Evidence-gathering tools collect supporting documents automatically from connected sources.

Multi-lens review

Six specialist AI reviewers analyse every document in parallel, flagging gaps and scoring confidence.

Export deliverables

Completed reports, gap analyses, and audit-ready evidence packages — ready when your regulator is.

The math is simple

Metric

Manual process

With ComplianceOS

Time per policy review

Days to weeks

Minutes

Cost per review cycle

Thousands per cycle

~90% less

Analyst throughput/year

Dozens of reviews

Thousands

Framework coverage

One at a time

DORA + NIS2 + GDPR together

Built for everyone who owns the risk

Compliance & Risk Teams

Faster audit preparation. Consolidated risk visibility. Evidence-based answers you can trust and trace.

IT & Security

Align with DORA and NIS2 technical requirements. Improve ICT risk management. Run on EU-sovereign cloud infrastructure.

Executive Leadership

Reduce regulatory exposure. Strengthen governance posture. Build regulator trust through continuous, demonstrable compliance.

Six expert perspectives. Every document. Every time.

Upload once, get reviewed by six specialist AI reviewers in parallel. Each finding includes the exact quote, page number, and confidence score — so you can verify in seconds what used to take hours.

Financial Accountant

Reviews financial accuracy, valuation assumptions, and fiscal compliance.

Commercial Lawyer

Identifies contractual risks, liability exposure, and regulatory obligations.

ISO Auditor

Checks alignment with ISO standards, audit readiness, and process gaps.

Technical Architect

Evaluates ICT resilience, system dependencies, and technical risk.

Privacy Officer

Assesses GDPR alignment, data handling practices, and consent mechanisms.

KYC/AML Officer

Reviews identity verification, anti-money laundering controls, and risk scoring.

Expert viewpoints per analysis

12x

Faster than manual review

100%

Findings include citations

Every answer is traceable.

AI-generated answers are only useful if you can verify them. ComplianceOS extracts the specific text that supports each response, with document location and a confidence score.

If the system isn't confident, it says so. If the answer requires information that isn't in your documents, it tells you that too.

We also run a secondary verification pass that checks for unsupported claims, missing context, and overconfident assertions. You see both the answer and the critique.

Extracted Evidence

"The agreement shall automatically renew for successive one-year periods unless terminated with 90 days written notice prior to the renewal date."

Source: Master Agreement.pdfPage: 12Section: 4.2

Your data stays sovereign

We don't train on your documents. We don't share them. We don't keep them longer than necessary.

GDPR-Compliant by Design

Designed to meet EU and UK data protection requirements.

ISO 27001-Aligned

Building towards ISO 27001 certification.

Encrypted

All data encrypted at rest and in transit.

EU-Sovereign Hosting

Hosted on Clever Cloud. Your data stays in the EU.

No Training on Your Data

Documents are never used to train models.

What makes ComplianceOS different

Feature

ComplianceOS

Enterprise GRC

Generic AI

Verbatim source citations

✓

Partial

✗

Six-persona adversarial review

✓

✗

DORA + NIS2 + GDPR in one platform

✓

Limited

✗

Time to first value

Minutes

Months

Minutes

EU-sovereign hosting

✓

Varies

✗

Confidence scoring + verification

✓

✗

What our customers say

“My team now works MANY times faster.”

Melissa F Swanepoel-Jooste (Adv.)

Managing Director, Bridgepoint Legal Consultants

“Finally, an AI tool that doesn’t ask me to blindly trust it. Every answer links back to the source document. That’s how it should work.”

Laurent Guyot

CEO, Qwil Messenger

Simple pricing

Loading plans...

Works with your documents, wherever they live

Upload directly or connect your document storage

Supported formats

.pdf.docx.doc.xlsx.csv.pptx.txt

Integrations

Google DriveAvailable

SharePointAvailable

NotionAvailable

BoxAvailable

DropboxComing soon

API AccessEnterprise

Common questions

Compliance Intelligence

Insights for compliance leaders

Research, analysis, and practical guides on AI-assisted document review, regulatory trends, and operational best practices.

View all articles

Due Diligence6 min read

The Hidden Cost of Manual Due Diligence

Why the traditional 3-day contract review is costing your firm more than you think—and what leading teams are doing differently.

Read article

AI & Compliance8 min read

AI Verification: Beyond the Black Box

How citation-based AI is changing the trust equation in compliance workflows.

Read article

Best Practices5 min read

Building Audit Trails That Actually Work

A practical guide to documentation that satisfies regulators and protects your organisation.

Read article

The Compliance Brief

Monthly insights on AI, compliance automation, and document intelligence. Join 2,000+ professionals staying ahead of the curve.

Subscribe on Substack

Free · No spam · Unsubscribe anytime

Built by people who've lived the compliance pain

After years of watching analysts spend days on document review—only to miss critical details—we built the tool we wished existed.

This team combines technical AI expertise, operational scale-up experience, and deep legal/compliance domain knowledge—exactly what's needed to win in this space.

Martin Shillo

CEO & Co-Founder

Main Architect of the Platform. 20+ years in Enterprise Software. 10+ years leading AI/ML engineering teams. 8 years in LegalTech. 25 years enterprise sales.

Antony Marsh

General Counsel & Co-Founder

Domain Expert. 25+ years M&A experience. The source of proprietary legal playbook knowledge and the voice of the customer.

Monique Duarte-Webster

COO & Co-Founder

Product & Operations Leader. Certified ISO Auditor and Product Manager. The expert on accreditation workflows and operational excellence. Innovate UK grant winner.

Our approach to AI

Like all AI systems, it can make mistakes.

That's why every answer includes the source text, document location, and confidence score. A second model reviews responses for unsupported claims. And all queries are logged for audit purposes.

We don't claim AI should replace human judgment in compliance work. We think it should assist—make human review faster and more consistent—with evidence you can check for yourself.

Ready to be audit-ready?

Stop scrambling before inspections. Start proving compliance continuously.

Book a Live Demo Try Free

If your regulator walked in tomorrow — could you prove compliance?

Compliance is becoming a systemic risk

Fragmented documentation

No traceability

Slow audit cycles

Three frameworks. One deadline. Zero margin for error.

DORA

NIS2

GDPR

From documentation to proof — instantly

Centralise

Analyse

Prove

See ComplianceOS in action

Five steps from chaos to audit-ready

Upload your SOPs

Build playbooks

Load your data room

Multi-lens review

Export deliverables

The math is simple

Built for everyone who owns the risk

Compliance & Risk Teams

IT & Security

Executive Leadership

Six expert perspectives. Every document. Every time.

Financial Accountant

Commercial Lawyer

ISO Auditor

Technical Architect

Privacy Officer

KYC/AML Officer

Every answer is traceable.

Your data stays sovereign

GDPR-Compliant by Design

ISO 27001-Aligned

Encrypted

EU-Sovereign Hosting

No Training on Your Data

What makes ComplianceOS different

What our customers say

Simple pricing

Works with your documents, wherever they live

Supported formats

Integrations

Common questions

How accurate is ComplianceOS?

What happens to my documents?

How long does setup take?

Can I create custom playbooks?

What document types do you support?

Is there an API?

Do you have SOC 2 certification?

What if I need help or something goes wrong?

Insights for compliance leaders

The Hidden Cost of Manual Due Diligence

AI Verification: Beyond the Black Box

Building Audit Trails That Actually Work

The Compliance Brief

Built by people who've lived the compliance pain

Martin Shillo

Antony Marsh

Monique Duarte-Webster

Our approach to AI

Ready to be audit-ready?