3 cores coded in depth. 12 frameworks under construction. 13 AI jurisdictions. 1 independently verifiable crypto audit trail.
Not an ISO 42001 cross-mapping rebranded as AI Act: articles 5, 27, 50 + GPAI obligations + FRIA art. 27 are hardcoded in our engine, alongside GDPR (every article mapped, DPIA generated) and ISO 42001 (AIMS structured). Consolidated post-Digital Omnibus timeline (enforcement live August 2, 2026, standalone Annex III deferred to December 2, 2027, regulated products Annex I August 2, 2028). 12 transverse frameworks (DORA, NIS2, ISO 27001/27701, LGPD, etc.) under construction over 2026-2027 with estimated dates + 13 AI jurisdictions (UK, US-Fed/CO/CA/NY, CA, BR, CH, JP, CN, KR, AU, IN) mapped and usable today. RIN-compatible Lawyer Console (48h). Independently verifiable Ed25519 audit chain, downloadable signed PDF export, qualified RFC 3161 timestamping via Universign (PSCE ANSSI) as an option. EU sovereign hosting in Frankfurt (fra1).
3 cores in depth (GDPR, AI Act, ISO 42001) · 12 frameworks under construction · 13 AI jurisdictions · 13 UI languages
What you get
Auto inventory
SSO scan, browsers, SaaS connectors. Shadow AI detection. Auto dedup.
AI Act classification
Multi-jurisdiction deterministic engine (EU, UK, US, CA, BR, CH, JP).
Auto-generated docs
AI policy, DPIA, Art. 49 register, transparency notices — in 30 min.
Crypto audit trail
SHA-256 hash chain + Ed25519 signature. Admissible as written evidence to regulators.
Three capabilities, one standard of rigour
From automatic discovery of tools to cryptographic proof of every action — every layer is built to hold up under regulatory scrutiny.
Automatic inventory of 240+ detectable AI tools
No more chasing teams to know what is deployed. The platform scans your environment on demand and keeps the registry up to date.
- Google Workspace and Microsoft 365 SSO connectors: retrieve enabled apps
- Enterprise browser probes: detect tools opened via web
- Reference base of 240+ detectable AI tools (82 browser domains + 46 known SaaS apps + 114 AI-BOM libraries): ChatGPT, Claude, Gemini, Mistral, Copilot, internal agents, custom RAGs — registry expanded continuously
- Auto-dedup and instance merging for a clean registry
- Shadow AI tagging: an undeclared tool surfaces within 24 hours
GDPR Art. 6, 9 and 49 documentation prepared for your team
AI policy, DPIA, Art. 49 register, transparency notices: generated from your inventory, scoped to the right jurisdiction, in under 30 minutes.
- Coverage of Art. 6 (lawful basis), Art. 9 (special categories), Art. 49 (non-EU transfers)
- Lawyer-vetted ACF Standard templates that take CNIL and EDPB guidance into account
- PDF and DOCX export, integrated e-signature
- Versioning: every change is tracked and timestamped
- Multi-jurisdiction: automatic adaptation EU / UK / US / CA / BR / CH / JP
Ed25519 audit chain, admissible in audits
Every event (classification, approval, edit, export) is hashed and signed. The cryptographic chain is verifiable independently — your #1 moat.
- SHA-256 hash chain: integrity of the event sequence
- Per-event Ed25519 signature: private key encrypted with AES-256-GCM (32-byte hex master key, recommended by ANSSI RGS Annex B1)
- Qualified RFC 3161 timestamping via Universign (PSCE certified ANSSI, eIDAS art. 42) as an Enterprise option
- Standalone verification: a third party can validate the chain with your organisation's public key, without the platform
- Certified signed PDF export downloadable from the dashboard. W3C Verifiable Credentials JSON-LD wrapping planned for Q3 2026
In 4 steps
- 01
Connect
Google/Microsoft SSO + SaaS connectors + REST API. Setup in under 30 min.
- 02
Inventory
Auto AI systems scan, multi-jurisdiction AI Act classification, compliance score computed.
- 03
Document
AI policy + DPIA + Art. 49 register generated in 30 min. Cryptographically signed.
- 04
Maintain
Real-time drift alerts, quarterly Board Reports, independently verifiable audit trail available 24/7.
Plugs into your existing stack
11 native connectors out of the box. Enterprise SSO, continuous scanning, bidirectional webhooks (Slack and Teams live; Jira pending Marketplace review). No migration, no major IT project.
Microsoft 365
Entra ID SSO + Graph API
Google Workspace
OAuth SSO + Admin SDK
Slack
Webhook + OAuth App
Salesforce
REST API + Connected App
Notion
REST API + OAuth integration
HubSpot
REST API + webhooks
Jira
REST API + ticket webhook
Asana
REST API + OAuth
GitHub
OAuth App + AI repo scan
Linear
GraphQL API + AI integration detection
ServiceNow
REST API + Service Catalog + CMDB
Using a tool not listed here? Our REST API and webhooks let you integrate in a few hours.
Who is it for?
DPO / Data Protection Officer
The problem
Drowning in DPIAs, Art. 49 registers, business team requests. No time to do it all manually.
ACF solves it
ACF generates your docs in 30 min, automates classification, lets you focus on judgment calls.
CISO / IT Security
The problem
Shadow AI everywhere, unrecorded AI agents across your systems, high incident risk.
ACF solves it
Continuous scanning + drift alerts + kill switch on critical agents. You regain control.
Compliance / Risk Officer
The problem
Must justify AI compliance to the Board and regulators. Without admissible cryptographic proof.
ACF solves it
Quarterly signed Board Reports, independently verifiable audit trail, live maturity score. Defensible record.
Why trust us
Hosted in France (OVH sovereign target)
AES-256 at rest, TLS 1.3 in transit
GDPR compliant + Art. 28 processor
Ed25519 cryptographic audit chain
Your data ownership guaranteed, full export anytime
Signed DPA on request
ACF vs. other AI compliance approaches
Why an AI Act-native SaaS beats ISO 42001 cross-mappings and historic GDPR specialists.
| Criterion | ACF Compliance | US compliance leaders | French GDPR specialists | Consulting + Excel |
|---|---|---|---|---|
| AI Act art. 5/27/50 + GPAI + FRIA hardcoded | Cross-mapping | Cross-mapping | Manual | |
| Automated AI inventory | Cross-mapping | |||
| Art. 6 / 9 / 49 documentation generated | Cross-mapping | Cross-mapping | Manual | |
| Independently verifiable Ed25519 crypto audit trail | ||||
| Integrated RIN-compatible law firm network | Cross-mapping | |||
| Continuous regulatory watch | Cross-mapping | Cross-mapping | Billed | |
| AI jurisdictions covered (EU, UK, US, BR, JP, CA, AU…) | 14 | 3 – 5 | 1 – 3 | Billed |
| Full UI languages | 14 | 1 – 3 | 1 – 9 | |
| EU sovereign hosting (no CLOUD Act) | Cross-mapping | |||
| Typical annual cost | EUR 3K – 30K | USD 12K – 100K | EUR 3K – 18K | EUR 50K – 200K |
| Time to first value | < 30 min | 2 – 6 weeks | 2 – 6 weeks | 4 – 12 weeks |
Three plans. Clear choice. AI Act-native everywhere.
Pro from EUR 349/month — Business EUR 890/month — Enterprise on quote. AI Act articles 5/27/50 + GPAI + FRIA included in every plan. No long-term lock-in.
Common B2B questions
Precise answers for DPOs, CISOs and Compliance leaders. No fluff.
AI Act-native. Not an ISO 42001 cross-mapping.
Setup in under 30 min. First full audit in 4 weeks. Ed25519-signed audit trail. RIN-compatible Lawyer Console. No long-term lock-in.