Understand your AI Act obligations.
Prove compliance.
Keep it aligned as AI evolves.

A practical compliance platform for companies deploying AI in the EU and the consultants who support them. Built around real deployments, not abstract models.

Join 300+ professionals already exploring AI Act compliance with Aigolex

The real AI Act problem

Companies don't know if they are AI providers, deployers, or both.

Obligations depend on how AI is used, not on the model itself.

Documentation becomes outdated as soon as systems or vendors change.

Audits, enterprise customers, and boards expect immediate answers.

AI Act compliance is not a one-time exercise.
It's an operational problem.

Compliance attaches to deployments, not to AI models

That's why the platform mirrors the structure of the AI Act itself

Company

the legal entity ultimately responsible for compliance

Workspaces

distinct operational perimeters where AI is developed, tested, or used

AI assets

the underlying AI systems or models, independent from any single feature

Deployments

how those AI assets are actually used in practice, by whom, and for what purpose

Under the AI Act, obligations, risk classification, and roles attach to deployments not to AI models in isolation. This ensures compliance decisions reflect real-world AI use, not theoretical system descriptions.

Scope

Define where AI exists, how it's used, and who is responsible.

•Maps AI usage across companies and workspaces
•Identifies AI assets and their concrete deployments
•Determines your role under the AI Act (provider, deployer, or both)

Misclassifying your role means misapplying every obligation that follows.

Obligations

Know exactly what the AI Act requires, per deployment.

•Assigns regulatory requirements at the deployment level
•Based on role, risk classification, and usage context
•Generates clear, trackable checklists
•Separates applicable obligations from irrelevant ones

The AI Act is obligation-driven. Guessing is not a strategy.

Evidence

Always-ready documentation to prove compliance.

•Centralizes compliance documentation per workspace and deployment
•Includes system descriptions and risk assessments
•Tracks human oversight measures and monitoring controls

Static documents fail the moment reality changes.

Continuity

Stay compliant as AI systems, vendors, and uses change.

•Monitors changes to AI assets, deployments, and operational perimeters
•Flags when obligations or risk levels must be updated
•Alerts when documentation needs to be refreshed

Most compliance failures happen after the first assessment.

AI Act compliance readiness assessment

Identify your AI Act obligations, classify risk exposure, and uncover compliance gaps — with a guided interactive assessment.

Built for teams that can't ignore regulation

EU-based or EU-operating

Active AI deployments

Exposure to audits

Legal & compliance leaders

Risk & trust teams

Engineering leaders accountable for AI systems

Built by people who've done this before

Experience in legaltech and regulated environments

Built with legal and technical teams

Not Big-4 complexity

Prepare now. Don't scramble later.

Compliance

How does a company determine if they are a deployer?

Aigolex Team16 January 2026

Under the EU AI Act, a company determines if it is a "deployer" by assessing whether it meets the regulatory definition based on its actual use of AI.

Specifically, a company is classified as a deployer if it is a legal person, public authority, agency, or other body that uses an AI system under its authority. The only exception to this definition is when an AI system is used by a natural person for purely personal, non-professional activities.

Practical determination

To practically determine this role, a company must evaluate its deployments — meaning how its AI assets are actually used in practice, by whom, and for what purpose, rather than just evaluating abstract AI models in isolation. By mapping where AI exists within its operational perimeters (workspaces) and how it is utilized, a company can pinpoint whether it is acting as a deployer, a provider, or both.

Important caveat on shifting roles

A company must be careful when determining its status, because a company that initially acts as a deployer will legally become a provider (and assume all the stricter obligations of a provider) if it does any of the following:

•Puts its own name or trademark on a high-risk AI system that is already on the market or in service.
•Makes a substantial modification to a high-risk AI system.
•Modifies the intended purpose of an existing AI system in a way that causes the system to become classified as high-risk.

This means that the line between deployer and provider is not always fixed — companies must continuously reassess their role as their use of AI evolves, ensuring they comply with the appropriate set of obligations at all times.

Understand your AI Act obligations.Prove compliance.Keep it aligned as AI evolves.