Understand your AI Act obligations.
Prove compliance.
Keep it aligned as AI evolves.

A practical compliance platform for companies deploying AI in the EU and the consultants who support them. Built around real deployments, not abstract models.

Join 300+ professionals already exploring AI Act compliance with Aigolex

The real AI Act problem

Companies don't know if they are AI providers, deployers, or both.

Obligations depend on how AI is used, not on the model itself.

Documentation becomes outdated as soon as systems or vendors change.

Audits, enterprise customers, and boards expect immediate answers.

AI Act compliance is not a one-time exercise.
It's an operational problem.

Compliance attaches to deployments, not to AI models

That's why the platform mirrors the structure of the AI Act itself

Company

the legal entity ultimately responsible for compliance

Workspaces

distinct operational perimeters where AI is developed, tested, or used

AI assets

the underlying AI systems or models, independent from any single feature

Deployments

how those AI assets are actually used in practice, by whom, and for what purpose

Under the AI Act, obligations, risk classification, and roles attach to deployments not to AI models in isolation. This ensures compliance decisions reflect real-world AI use, not theoretical system descriptions.

Scope

Define where AI exists, how it's used, and who is responsible.

•Maps AI usage across companies and workspaces
•Identifies AI assets and their concrete deployments
•Determines your role under the AI Act (provider, deployer, or both)

Misclassifying your role means misapplying every obligation that follows.

Obligations

Know exactly what the AI Act requires, per deployment.

•Assigns regulatory requirements at the deployment level
•Based on role, risk classification, and usage context
•Generates clear, trackable checklists
•Separates applicable obligations from irrelevant ones

The AI Act is obligation-driven. Guessing is not a strategy.

Evidence

Always-ready documentation to prove compliance.

•Centralizes compliance documentation per workspace and deployment
•Includes system descriptions and risk assessments
•Tracks human oversight measures and monitoring controls

Static documents fail the moment reality changes.

Continuity

Stay compliant as AI systems, vendors, and uses change.

•Monitors changes to AI assets, deployments, and operational perimeters
•Flags when obligations or risk levels must be updated
•Alerts when documentation needs to be refreshed

Most compliance failures happen after the first assessment.

AI Act compliance readiness assessment

Identify your AI Act obligations, classify risk exposure, and uncover compliance gaps — with a guided interactive assessment.

Built for teams that can't ignore regulation

EU-based or EU-operating

Active AI deployments

Exposure to audits

Legal & compliance leaders

Risk & trust teams

Engineering leaders accountable for AI systems

Built by people who've done this before

Experience in legaltech and regulated environments

Built with legal and technical teams

Not Big-4 complexity

Prepare now. Don't scramble later.

Compliance

How do companies maintain compliance evidence over ten years?

Aigolex Team20 February 2026

Under the EU AI Act, companies are legally required to retain specific compliance documentation for 10 years after a high-risk AI system or a general-purpose AI model is placed on the market or put into service.

Depending on the company's specific role in the AI value chain, the evidence that must be kept for this 10-year period includes:

•Providers: the system's technical documentation, documentation concerning the quality management system, records of changes approved by notified bodies, certificates/decisions issued by notified bodies, and the EU declaration of conformity.
•Importers: a copy of the certificate issued by the notified body, the instructions for use, and the EU declaration of conformity.
•Authorised representatives: the EU declaration of conformity, the technical documentation, and applicable certificates.

How companies practically maintain this evidence

Because documentation naturally becomes outdated as soon as AI systems, vendors, or use cases evolve, companies cannot treat this 10-year retention as a one-time static filing exercise. As noted by compliance platforms like Aigolex, "static documents fail the moment reality changes".

To ensure that their compliance evidence remains accurate and "always-ready" over a decade, companies implement structured, continuous operational processes that:

•Centralize evidence by deployment: documentation is mapped and centralized according to specific operational "workspaces" and real-world "deployments" (how the AI is actually used, by whom, and for what purpose), rather than just keeping files on abstract AI models. This repository includes system descriptions, risk assessments, and logs tracking human oversight and monitoring controls.
•Continuously monitor for changes: companies must actively monitor their AI assets, their vendors, and their operational perimeters for any changes over time.
•Utilize alerts and flags: to prevent compliance failures after the initial assessment, companies rely on systems that flag when a change in the AI's usage dictates that risk levels or regulatory obligations must be updated, and issue alerts when the underlying compliance documentation needs to be refreshed.

Understand your AI Act obligations.Prove compliance.Keep it aligned as AI evolves.