Every governance commitment. One record.
The internal infrastructure that turns 'we follow AI governance' into 'here is the audit trail.' Roles, models and policies — all linked, all versioned, all written to an immutable log.
AI Model Register
AI Policy Hub
Immutable Audit Log
The whole organisation, on the record.
Roles, models, policies, literacy and an immutable audit log — each versioned, attributed to a named owner, and linked back to one organisation.
Roles & Responsibilities
A named, accountable owner for every EU AI Act duty.
AI Model Register
Every model you use, build or fine-tune — Article 25 aware.
AI Policy Hub
Template-based policies, fully version-controlled.
AI Literacy Programme
Curriculum, refresh cadence and completion log — Article 4.
Settings & Legal Identity
Captured once, rendered into every generated dossier.
Immutable Audit Log
Every change appended in order — Article 12.
Roles & Responsibilities, on the record.
A formal register of every named EU AI Act role — AI Governance Owner, DPO, AI Literacy Lead, Incident Response Lead and more. Assignment history is preserved, mandatory roles are enforced when high-risk projects exist, and reassignment workflows notify everyone who needs to know.
- Mandatory-role enforcement when a high-risk project is in scope.
- Assignment history with effective dates and reassignment chain.
- Built-in notifications to outgoing and incoming role holders.
- Roles surface as authors and approvers across every dossier.
AI Governance Owner
RequiredOverall organisational accountability for AI. Default MSA correspondent.
AI Literacy Lead
RequiredOwner of the Art. 4 AI literacy programme.
Incident Response Lead
Art. 73 (provider) / Art. 26(5) (deployer).
MSA Cooperation Contact
Art. 21 / Art. 26(12) — single MSA point of contact.
Authorised Representative
Art. 22 — required for non-EU providers.
AI Model Register — Article 25 aware.
A tiered register of every AI model the organisation uses, builds or fine-tunes. The Article 25 'flip' banner surfaces when a deployer becomes a provider through modification, provider attribution is captured at the source, and project-level linkage keeps the model-to-system graph always visible.
- Third-party, fine-tuned and in-house models in one register.
- Article 25 flip detection when modification crosses the provider threshold.
- Provider attribution, version, modality, training-data category, GPAI status.
- Linked to every system using the model — one swap, full lineage.
GPT-4o
ActiveTier 1 · OptionalOpenAI · Third-party API
Linked to 5 projects
Claude Sonnet 4.7
ActiveTier 1 · OptionalAnthropic · Third-party API
Linked to 3 projects
Llama 3.1 70B
ActiveTier 2 · InternalArt. 25 watchMeta · Self-hosted · Fine-tuned
Linked to 2 projects
AI Policy Hub — the program layer.
A central library of AI governance policies built on platform-maintained templates, with full version control: draft, active and superseded states; automatic template-bump detection; notifications to the AI Governance Owner on every change; and policy-publication workflows.
- Templates aligned to Articles 9, 14, 17, 26, 27 and Article 73 obligations.
- Draft → active → superseded lifecycle with field-level diffs.
- Automatic template-bump alerts to the AI Governance Owner.
- Adopted policies link as evidence across the control catalog.
AI Acceptable Use & Prohibited Practices
Defines acceptable, restricted and prohibited AI uses. Implements Arts. 4, 5 and 50.
AI Procurement & Third-Party AI Policy
Maps every procured / fine-tuned AI to provider / deployer / distributor / importer roles. Flags Art. 25 "provider-flip".
Human Oversight Policy
Per-system Oversight Design Records, HOO appointments. Implements Arts. 14 + 26(2).
Professional policy templates
Drafted, cited and ready to brand for your organisation.
Audit-ready by default. Every change, immutable.
Every phase transition, status change and remediation — captured the moment it happens, hash-chained and untouchable. Article 12 logging done for you.
MSA audit export package built
Incident logged
Post-market monitoring review logged
AI system registered
Organisation policy published
“AI Acceptable Use Policy — v2”
The rest of the governance stack, all in one place.
The organisational scaffolding that holds the four keystone modules together — landing pages, legal identity, team management and multi-org isolation.
AI Literacy Programme
Scope, curriculum, refresh cadence, completion log.
Organisation Hub
One landing for every governance surface.
Legal Identity
Captured once, rendered verbatim in every dossier.
Team Management
Access + roles, in the Roles Register.
Multi-Organisation
Super-admin layer with per-org RLS.
Assignment History
Every role change preserved with effective dates.
Mandatory Role Enforcement
Unfilled required roles surface as Risk Cockpit findings.
Explore the other pillars.
Assess your first AI system
with Confir today.
Create your account, add your first AI system, and produce a full EU AI Act assessment with signed conformity documentation — in days, not months.