What regulations does ComplianceOS cover?

ComplianceOS includes built-in playbooks for DORA (Digital Operational Resilience Act, EU 2022/2554), NIS2 (Network and Information Security Directive, EU 2022/2555), and GDPR (General Data Protection Regulation, EU 2016/679). Each playbook maps requirements to specific articles with legal text pulled directly from EUR-Lex. Additional frameworks include French AML/KYC (Code monetaire et financier) and Austrian Banking (BWG). You can also create custom regulatory playbooks.

How does the compliance gap analysis work?

Upload your policies and procedures (ICT risk frameworks, security policies, data processing agreements), select a regulation (DORA, NIS2, or GDPR), and ComplianceOS checks each article requirement against your documentation. Every finding includes the compliance status, evidence quotes from your documents, the official legal text, and remediation recommendations. Findings are verified through adversarial review and optionally cross-checked with multiple AI models.

Does ComplianceOS replace a compliance audit?

No. ComplianceOS performs a documentation gap analysis — it checks whether your documents address regulatory requirements, not whether technical controls are implemented. It's designed for pre-audit preparation, compliance readiness assessment, and evidence gathering. Results should be reviewed by a qualified compliance professional before being relied upon for regulatory purposes.

How does multi-model verification work?

Each compliance finding is first checked by the primary AI model (Claude), then optionally cross-checked by alternative models (GPT-4o, Gemini). If models agree on the finding, confidence increases. If they disagree, the finding is flagged for manual review with the dissenting view included. This multi-provider approach reduces the risk of any single model's blind spots affecting your compliance assessment.

How does continuous monitoring work?

Set up a monitoring schedule for any regulation — weekly, monthly, or quarterly. ComplianceOS automatically re-runs the analysis against your document collection and emails you when the compliance score changes. It also monitors EUR-Lex, Legifrance, and RIS Austria for legislative changes and triggers an immediate rerun if the law your playbook references is updated.

What happens to my documents?

Your documents are encrypted in transit and at rest. We never use your documents to train AI models. You control retention — delete immediately after analysis or keep for reference. Enterprise customers can specify data sovereignty requirements for EU compliance.

Can teams collaborate on compliance?

Yes. Shared workspaces let compliance teams collaborate on document collections, playbooks, analyses, and remediations. Team members see the same data with role-based access control (owner, admin, member, viewer). The compliance posture dashboard shows the team's regulatory status across all frameworks.

What document types do you support?

PDF, Word (.docx), Excel (.xlsx, .csv), PowerPoint (.pptx), and plain text files. Upload individual files or entire folders. Documents are extracted and analyzed with full context — no page limits on supported plans.

Help & Documentation

Everything you need to know about ComplianceOS

Typical Workflow

Step-by-step from workspace to export

Playbook Guide

Create, customize, and share playbooks

Usage & EVUs

How Evidence Units meter your analyses

Team Administration

Manage users, orgs, and simplified UI

Compliance Checks

DORA, NIS2, GDPR gap analysis

Typical Workflow

From start to finish, here is the standard process for running a compliance or document analysis.

Choose a Workspace

Select the workspace for your project from the sidebar dropdown. Each workspace isolates its collections, playbooks, and analyses.

Create a Collection

Go to Document Collections and click New Collection. Give it a name describing the documents you will analyze.

Upload Documents

Add files (PDF, DOCX, XLSX, PPTX, TXT) by uploading, pasting URLs, or connecting Google Drive. Text is extracted automatically.

Select a Playbook

Open the collection and choose a playbook. Use a built-in template, a custom playbook, or a regulatory playbook.

Run the Analysis

Click Run. The AI processes each question or requirement against your documents. Progress shows in the Active Jobs panel.

Review & Export

Once complete, review findings with evidence citations. You will receive an email notification. Export as PDF, DOCX, Excel, or JSON.

Email: When an analysis completes, the owner receives an email with a direct link to the results. You can also share a read-only link with anyone using the Share button.

Usage & Billing — Evidence Units (EVU)

ComplianceOS meters work in Evidence Units (EVUs): one sealed, verifiable finding equals one EVU, scaled by how the finding was produced. Unlike opaque token billing, every EVU maps to a concrete deliverable — a question answered with citations, a compliance requirement checked, or a panel-consolidated finding — so you can audit exactly what you pay for.

What counts as an EVU

An EVU is recorded each time an analysis seals a finding. All analysis paths are metered: contract Q&A sessions, playbook analyses, regulatory compliance checks, and review-panel workflows. Sealed findings are immutable — once recorded with their timestamp, they can never be altered.

How EVU weights are computed

Base weight — set by the response type: simple yes/no answers weigh 0.6, dates and numbers 0.7, narratives and summaries up to 1.2.
Panel factor — review panels with 3, 5, or 6 personas multiply the weight by 3×, 5×, or 6×, reflecting the parallel expert reviews performed.
Mode factor — adversarial review (a second AI pass that challenges every conclusion) multiplies by 1.6×.
Evidence factor — findings backed by source screenshots multiply by 1.1×.

Where to see your usage

Open Settings → Usage for your personal or workspace dashboard: totals, daily consumption, breakdowns by model and response type, and a per-finding transaction history with the full weight breakdown.

Scopes & access

You always see your own usage. Workspace usage is visible to active workspace members; organization-wide usage is restricted to organization admins.

Plans, allowances & overage

Each plan includes a monthly EVU allowance (e.g. Professional 750, Business 2,500). When you approach it, ComplianceOS warns you at 80% and 95%. What happens at the limit depends on your billing mode: prepaid accounts top up with EVU packs or upgrade; credit accounts (typical for established organizations) continue seamlessly into metered overage at the published per-EVU rate, up to an agreed headroom. Your administrator can arrange credit terms with us.

Top-up packs

Prepaid EVU packs (50, 200 or 1,000 EVUs) are valid for 12 months and are consumed after your monthly allowance, before any overage. Unused monthly allowance does not roll over; unused top-ups do.

Re-runs and resumed analyses are never billed twice — the ledger is idempotent per analysis. Failed findings are never billed. A running analysis that crosses your limit always completes; limits only apply to starting new work.

EVU records are append-only and protected at the database level: sealed findings cannot be updated or deleted, giving you a tamper-evident billing trail.

Open your usage dashboard

Workspaces

Workspaces organize your work. Each workspace has its own collections, playbooks, and analyses. The workspace switcher is in the sidebar.

Individual Workspace

Your personal workspace, created automatically. Only you can see its contents.

Team Workspace

Shared with your organization. Members can collaborate on collections and analyses.

Workspace Roles

Owner -- Full control, can delete the workspace and manage all members
Admin -- Can manage members, create/delete collections and analyses
Member -- Can create collections, upload documents, run analyses
Viewer -- Read-only access to collections and analysis results

Switching workspaces: Click the workspace name in the sidebar to open the dropdown. Your choice is saved and persists across sessions.

Inviting members: Open Settings → Workspace, paste one or more email addresses (one per line or comma-separated), choose a role, and send. Invitees receive an email link that auto-accepts on first login.

Manage workspace members

Email Inbox

Send documents straight to ComplianceOS by email. Attachments are extracted, classified, and analysed without you opening the app.

Forward documents to [email protected]

Use a normal subject line for context. Add a shortcode (e.g. "DORA") to pick a specific playbook, or rely on your default.

Configure defaults

In Settings → Email Inbox, set the default workspace, default playbook, and default language used when no shortcode is provided.

Shortcodes

Map short keywords (e.g. NIS2, KYC) to playbooks. Mention the keyword in the subject line or body to route the email automatically.

Monitor: The Email Inbox dashboard shows received emails, the playbook that ran, and links straight to the resulting analysis or collection.

Open Email Inbox dashboard Configure inbox settings

Document Collections & Sources

A collection is a group of documents you want to analyze together. You can add documents from multiple sources.

File Upload

Drag and drop or browse to upload files. Supported formats:

PDF

DOCX

XLSX

PPTX

TXT

CSV

HTML

JSON

URLs

Paste any web URL. The page content is fetched, screenshots are captured, and text is extracted for analysis.

Google Drive

Requires Setup

Connect your Google account to import documents directly from Drive.

Configure in Settings

Playbooks

A playbook is a reusable set of questions or requirements that define what to check in your documents. Think of it as an analysis template.

Playbook Types

Built-in Templates -- Pre-made playbooks for common use cases (contract review, due diligence, financial audit). Ready to use.
Custom Playbooks -- Create your own question sets manually or with the AI Builder. Fully editable.
Regulatory Playbooks -- Compliance checks against specific regulations (DORA, NIS2, GDPR). Linked to official legal sources.

Creating a Playbook

Go to Playbooks in the sidebar
Click New Playbook or use the AI Builder
Add question groups -- each group covers a topic area
Add questions within each group
Optionally configure verification settings (adversarial review, multi-model consensus)
Save -- your playbook is now available when running analyses

Groups and Conditional Groups

Questions are organized into groups (also called buckets). Each group has a name, purpose, and optional weight for scoring.

Conditional groups only run when a condition is met. For example, you can create a group that only runs if a previous question was answered "Yes".

Always -- Group always runs (default)
If Answer -- Runs if a gate question matches a specific value
If Not Answer -- Runs if a gate question does NOT match
If Document Type -- Runs only for specific file types
If Score Above/Below -- Runs based on a numeric threshold

Tip: Set conditional group weight to 0 so skipped groups do not affect the overall score. Put gate questions in earlier groups so their answers are available for later conditions.

Import & Export

Import: Upload .md, .json, .docx, .pdf, .xlsx, .pptx, or .txt files
Export: Download playbooks as JSON or Markdown
Copy: Copy a playbook to another workspace

Verification Options

Quote Verification -- Confirms cited evidence exists in your documents
Adversarial Review -- A second AI pass challenges findings
Multi-Model Consensus -- Cross-checks with alternative AI models
Screenshot Capture -- Captures legal source page screenshots

Go to Playbooks

Clause Libraries

Workspace-scoped libraries of approved clauses. Link them to a playbook and the engine will propose compliant replacements whenever it flags a non-compliant finding.

Create a library

Give it a name, description, and default language. Add clauses individually or import them from a master template.

Link to a playbook

Open the playbook editor, scroll to Linked clause libraries, and pick one or more libraries. They activate during the next run.

Language variants

Each clause can hold EN/FR/DE variants. The matcher serves the variant that matches the analysed document's language.

Copy across workspaces

Copy a polished library from one workspace into another to share approved language across teams without losing the originals.

Tip: keep one library per document family (ISDA, NDA, SaaS MSAs…) so suggestions stay precise.

Open Clause Libraries

AI Playbook Builder

Describe what you want to analyze in plain language, and the AI generates a complete playbook with groups, questions, and conditional logic.

Describe Your Need

Type a natural language description of what you want to check

AI Generates Playbook

The AI creates question groups, individual questions, and suggests conditional logic

Review & Edit

Preview the generated playbook. Click Edit to customize in the full editor

Save & Use

Save to your library. The playbook appears in your workspace immediately

Tip: Be specific in your description. Instead of "check contracts", try "Review vendor contracts for data processing clauses, liability caps, termination rights, and SLA commitments".

Open AI Builder

Regulatory Compliance

Run documentation gap analyses against EU and national regulations. The system checks your documents against official legal requirements and cites specific evidence.

Documentation Gap Analysis: Compliance analysis checks whether your documentation addresses regulatory requirements. It does not verify that technical controls are actually implemented. Results should be reviewed by a qualified compliance professional.

DORA

NIS2

GDPR

Austrian DSG

French AML/KYC

Austrian Banking (BWG)

Custom Regulations

How It Works

Go to Compliance in the sidebar to see your posture dashboard
Choose a regulation or browse all compliance playbooks
Select a document collection and start the analysis
The engine checks each requirement against your documents in parallel
Review findings with evidence quotes, confidence scores, and recommendations
Click Track on findings to create remediation items
Export the full report as PDF, DOCX, Excel, or JSON

Key Features

Compliance Posture Dashboard -- Overall scores per regulation with trend indicators
Remediation Tracking -- Track gaps as items to resolve
Legislative Source Monitoring -- Legal text auto-refreshed from EUR-Lex, Legifrance, RIS
Source Screenshots -- Screenshots of legal source pages captured and included in results
Quote Verification -- Confirms evidence actually exists in your documents
Adversarial Review -- Skeptical second-pass review that challenges findings
Reviewer Personas -- CISO, DPO, or Compliance Officer perspectives

Compliance Dashboard

Deal Analyzer

Automated data room analysis for M&A, investments, and vendor assessments. Upload a folder of documents and the AI classifies, organizes, and analyzes them.

Create a Deal

Name your project

Upload Documents

Upload the entire data room

AI Classification

Documents are automatically classified by type

Confirm Mappings

Review and adjust the AI's document classifications

Run Analysis

The system runs a comprehensive analysis using matched playbooks

Review Results

Get a structured report with contract database, executive summary, and findings

Go to Deal Analyzer

Review Panels (multi-AI workflows)

Run several AI reviewers on the same documents in parallel and surface where they agree, disagree, or only partially overlap. Useful for high-stakes reviews where a single verdict isn't enough.

Consensus

All reviewers agree on the finding. Highest confidence — safe to action.

Conflict

Reviewers disagree. Open the panel to see each reviewer's reasoning and decide.

Partial

Some reviewers found the issue, others didn't. Often a phrasing or scope difference worth a human look.

Best for: M&A diligence, regulator-facing audits, and any review where you want a second (or third) opinion before signing off.

Open Review Panels

Execution Queue

A live view of every analysis that's running, queued, paused, or failed for you (or your workspace, if you're an admin).

Statuses you'll see

Running -- Currently processing. Progress bar shows percent complete.
Queued -- Waiting for a worker to pick it up — typically seconds.
Paused -- Manually paused; resume from the deal/analysis page.
Failed -- Hit an error. Use Retry to resume from the last checkpoint without re-running completed steps.

Retry resumes from the most recent checkpoint, so you don't lose work already done.

Open Execution Queue

MCP Connections (external data sources)

Connect external services like Google Workspace and Microsoft 365 so analyses can pull live data — calendars, mailboxes, drives — into their reasoning.

How it works

Pick a provider on the MCP page, authorise via OAuth, and the connection becomes available to playbooks that opt in to MCP context.

Providers

Google Workspace (Drive, Calendar, Gmail), Microsoft 365 (OneDrive, Outlook, Teams), plus any MCP server published in the registry.

OAuth scopes are read-only by default. You can revoke a connection any time from the MCP page or your provider's account settings.

Open MCP Connections

Export & Notifications

Export analysis results in multiple formats. Email notifications are sent automatically when analyses complete.

Export Formats

PDF -- Professional compliance report with verification badges, adversarial review notes, and screenshot links
DOCX -- Word document with verification info and source screenshot links
XLSX -- Multi-sheet spreadsheet for data analysis
JSON -- Structured data for integration with other tools

Notifications & Sharing

Email notifications -- Sent to analysis owner on completion
Share links -- Generate read-only links to share results with anyone
Webhooks -- Send analysis results to external systems
Active Jobs panel -- Track running analyses on the dashboard

Interface Modes

ComplianceOS supports two interface modes. Your organization admin chooses which one your team uses.

Complete Interface

Full access to all features. This is the default for all users and admins.

All sidebar navigation items visible
Full playbook editor with groups, conditions, verification settings
Compliance dashboard, deal analyzer, settings
Choose any playbook, persona, and model
Custom analysis options (verification, screenshots, language)

Simplified Interface

Streamlined for team members who just need to run analyses. Configured by org admins.

Only essential sidebar items (Dashboard, Collections, Playbooks)
Pre-configured playbook presets with one-click run
Hidden complexity: no persona selector, no verification toggles
Admin-chosen defaults for model, verification, and screenshots
Clean, focused experience for non-technical users

If your interface looks different from this guide, your organization may have the simplified mode enabled. Contact your org admin to switch modes or adjust visible features.

Keyboard Shortcuts

Quick SearchCtrl+K

New AnalysisCtrl+N

New ProjectCtrl+P

Close DialogEsc