Public sample report
This page shows the depth and structure of a realistic first-pass report. It is anonymized and shared publicly so teams can evaluate output quality before purchasing.
Overall risk
Medium-High
Findings
6
Estimated effort
2-4 weeks
EU AI Act Article 14
Gap: No clear owner is named for override, escalation, and decision review in high-impact scenarios.
Recommended action: Assign accountable roles, define escalation thresholds, and document override workflows.
EU AI Act Article 9 / Annex IV
Gap: Hazards and mitigations are listed, but not linked to controls, owners, and review cadence.
Recommended action: Introduce a risk register with control IDs, owner mapping, and quarterly review checkpoints.
EU AI Act Article 72
Gap: Monitoring exists for runtime metrics but not for compliance regressions after model updates.
Recommended action: Add compliance drift checks to release pipelines and document incident response timelines.
EU AI Act Article 10 / GDPR Article 5
Gap: The policy describes lawful basis but not retention windows for training and inference artifacts.
Recommended action: Define retention schedules by data category and add deletion controls with audit logs.
EU AI Act Article 50
Gap: Public UI copy does not consistently indicate AI-generated outputs and user-facing limitations.
Recommended action: Standardize AI disclosure notices in product surfaces and add confidence/limitation messaging.
EU AI Act Annex IV
Gap: Architecture docs are available across repositories but not bundled into one audit-ready package.
Recommended action: Publish a single compliance dossier with versioned references to design and control documents.