Ventures

Aegis AI

The Regulatory Shield, Powered by AI

A full-lifecycle EU regulatory compliance platform that uses Mistral AI and RAG to automate obligation extraction, risk classification, gap analysis, and audit-ready reporting for the EU AI Act and GDPR.

8 Compliance Modules

Mistral AI + RAG

AI Act + GDPR

Full Lifecycle

The Problem

Why regulatory compliance is broken

Exploding Complexity

The EU AI Act alone spans 180+ pages, 113 articles, and 13 annexes. Cross-referencing with GDPR, NIS2, and DORA multiplies the burden exponentially.

Manual Processing

Compliance officers spend weeks extracting obligations from regulatory text, mapping them to business units, and building documentation from scratch.

Fragmented Tooling

Spreadsheets for tracking, Word for documentation, email for collaboration. No single system connects obligations to evidence to audit trails.

Reactive Posture

Organizations discover regulatory changes after deadlines pass. No automated monitoring means compliance is always playing catch-up.

Modules

Core Modules

8 modules covering the full compliance lifecycle

Aegis Monitor

Regulatory horizon scanning via 3 EUR-Lex ATOM feeds (EU AI Act, GDPR, AI General). Parses CELEX numbers, extracts severity (critical/high/low), and triggers Mistral impact analysis against your registered AI systems.

Aegis Classify

AI system inventory with Mistral-powered risk classification. Maps each system to EU AI Act risk tiers with confidence scores, reasoning, and Article references.

Aegis Extract

Automated obligation extraction from regulatory text using RAG. Cross-regulation mapping shows where AI Act and GDPR obligations overlap.

aegis-ai.features.items.gaps.title

aegis-ai.features.items.gaps.description

aegis-ai.features.items.evidence.title

aegis-ai.features.items.evidence.description

aegis-ai.features.items.policies.title

aegis-ai.features.items.policies.description

aegis-ai.features.items.training.title

aegis-ai.features.items.training.description

Aegis Report

Three report types: audit reports for regulators, board reports for executives, and progress reports for tracking improvement over time. PDF export and scheduled delivery.

Performance

Capabilities

What Aegis AI delivers

EU regulations covered

Compliance modules

€35M

Max AI Act fine tier tracked (7% turnover)

<5m

Full regulation processing

40+

Regulation topic categories indexed

100%

Compliance lifecycle coverage

Tech Stack

Built With

Backend

Python 3.12, FastAPI, PostgreSQL (row-level security), Redis, Celery, SQLAlchemy 2.0, Alembic

AI / NLP

Mistral Large (reasoning + classification), Mistral Embed (1024-dim vectors), Qdrant cosine similarity search, per-tenant vector collections

Frontend

Next.js, React, TypeScript, Tailwind CSS, shadcn/ui, Recharts, D3.js (regulation graph)

Data Pipeline

3 EUR-Lex ATOM feeds (AI Act, GDPR, AI General), PyMuPDF, python-docx, 1500-char semantic chunking, Pydantic structured extraction

Infrastructure

Docker Compose, S3/MinIO (encrypted at rest), NextAuth.js, Stripe billing, SSE real-time updates

Testing

Pytest, Playwright E2E, Vitest, integration tests for all API endpoints, RAG evaluation suite

Source Code

Explore the Code

The Aegis AI platform source code is available upon request for evaluation and partnership purposes.

NDA Required

To access the source code, please sign our Non-Disclosure Agreement. This is a standard legal formality.

Related Consulting Services

Beyond Aegis AI, we offer hands-on consulting to help you build and secure AI systems.

EU AI Act Compliance Program

Twelve to twenty-four weeks to risk-classify your AI systems, complete the conformity assessment, produce the Annex IV technical documentation, and stand up post-market monitoring — before an enforcement deadline finds you unprepared

Learn more

Partnership

Interested in Aegis AI?

Whether you need automated regulatory compliance or want to explore a partnership in the RegTech space.

Weekly AI Insights

The 30% Report

70% of AI pilots never reach production. Get the playbook for the 30% that does.

Unsubscribe anytime. No spam, ever.

Architecture

From regulatory text to audit-ready evidence

Three layers: continuous regulatory monitoring, AI-powered obligation extraction, and a tamper-evident audit trail that holds up under regulator review.

Layer 1 — Continuous Monitoring

Three EUR-Lex ATOM feeds (EU AI Act, GDPR, AI General) parse new instruments by CELEX, extract severity (critical/high/low), and trigger Mistral impact analysis against the registered AI-system inventory. No more catching new regulations months late.

Layer 2 — Compliance Engine

Mistral + RAG over a curated corpus of Articles, Annexes, and EDPB guidance. Obligation extraction, cross-regulation overlap mapping (AI Act ↔ GDPR ↔ NIS2), risk classification, and gap analysis — all with confidence scores and Article-level citations.

Layer 3 — Tamper-Evident Audit

Every classification, every gap, every remediation step lives in a SHA-256-chained audit trail with timestamps and reviewer attestations. Export-ready under EU AI Act Articles 12 and 17. The board can see the chain. The regulator can verify it.

EU AI Act coverage

Ten high-impact AI Act articles, mapped to your AI systems

Compliance theatre is a list of articles in a PDF. Compliance practice is each article mapped to a specific AI system, with evidence, owner, and last-review date. Below: the articles Aegis tracks per system, with the obligations it auto-extracts.

ART. 4

AI Literacy

Provider + deployer staff must reach 'sufficient' AI literacy. Aegis tracks completed training per role, generates the literacy quiz (10 scenarios), and produces the deployer-side attestation record.

ART. 5

Prohibited Practices

Subliminal manipulation, social scoring, real-time biometric ID in public spaces, etc. Aegis classifies each registered AI system against the eight prohibited categories with reasoning + Recital references.

ART. 6

High-Risk Classification

Annex III risk-class assessment with Mistral-generated reasoning, confidence score, and a per-Annex obligation tree. Re-runs on registry events (model swap, scope change, training-data update).

ART. 9

Risk Management System

Continuous identification, estimation, evaluation, and treatment of risks. Aegis links each identified risk to its mitigation control and pulls evidence from your CI pipeline (test pass/fail, model card, eval suite).

ART. 10

Data Governance

Training, validation, and testing datasets with representative coverage, bias detection, and lineage. Aegis cross-references your dataset registry against the Annex VIII technical-doc requirements.

ART. 11

Technical Documentation

Annex IV technical file: system purpose, design, training methodology, performance metrics. Aegis generates the doc skeleton, fills in evidence from your registry, and flags missing sections per Annex IV.1–9.

ART. 12

Record-Keeping & Logs

Automatically generated logs covering AI system operation. Aegis defines the required event schema per system class, validates the pipeline produces them, and chains the audit trail SHA-256.

ART. 13

Transparency

Instructions for use, including intended purpose, accuracy, robustness, foreseeable misuse, and human-oversight measures. Aegis generates the deployer-facing transparency notice with Article-13 checklist coverage.

ART. 14

Human Oversight

Effective oversight measures designed into the system. Aegis evaluates your oversight design against the four Article-14 capabilities (understand, monitor, override, disable) and produces gap analysis.

ART. 15

Accuracy, Robustness, Cybersecurity

Performance metrics, robustness to errors, faults, inconsistencies; cybersecurity against adversarial attacks. Aegis pulls eval-suite results, red-team reports, and SBOM into the Annex IV evidence block.