Normiq EU AI Act compliance
Navigate the EU AI Act with precision — from risk classification to audit-ready documentation packages. Built for startups, scaleups, and SMEs without a dedicated legal or compliance team.
Normiq is a regulatory compliance platform that helps European companies meet the requirements of the EU AI Act. It combines AI-driven risk classification with source-referenced documentation — producing audit-ready compliance packages in hours instead of months. Built by Abiton Ventures AB in Sweden, Normiq is hosted entirely in Europe with no data leaving European borders.
Built for EU AI Act compliance and beyond
EU AI Act Compliance
Automatically classify AI systems by risk level. Get plain-language summaries of prohibited, high-risk, limited and minimal risk obligations.
Audit-Ready Documentation
Generate regulation-compliant documentation with source-referenced assessments. Every conclusion traces back to specific regulatory clauses.
AI-Driven Analysis
Our compliance engine reads regulatory text and translates it into actionable controls tailored to your systems.
GDPR, NIS2 & CRA — Coming Soon
A unified view across the full European regulatory stack is on our roadmap. GDPR, NIS2 and the Cyber Resilience Act follow the same source-referenced, audit-ready methodology.
“Providers of high-risk AI systems shall put a quality management system in place that ensures compliance with this Regulation. The quality management system shall be documented in a systematic and orderly manner in the form of written policies, procedures and instructions.”
Dense regulatory text like this is exactly what Normiq translates into clear, actionable steps — with a reference to the exact clause that requires each control.
Every AI system you use classified, justified, and audit-ready
-
AI-Led Interview
Plain-language questions. No regulatory vocabulary required. Your product manager can run this — reserve your lawyer for the cases that need one.
-
Risk Classification with Honest Gaps
When the AI isn’t sure, it says so. That’s what auditors trust, and what most AI tools quietly hide.
-
Human-Accepted Determinations
Every AI suggestion becomes a draft. A human on your team accepts it, with their name and timestamp. Accountability stays where the law says it must — with you. Normiq cuts the work down to hours.
-
PDF/A-1b Audit Dossier
One click. Archival-quality. Ready for a regulator.
-
Evidence Vault
Stop hunting through Notion, Drive and Slack the day before the audit. Everything in one place.
-
AI Literacy Training
Article 4 says your staff must have AI literacy. Most teams don’t know this exists. Normiq includes the training.
A chatbot here. An AI screening tool there. Now someone asks: “Is any of this high-risk under the AI Act?” Normiq answers that — for every system, with reasoning, in minutes.
Describe your AI system in plain language. Normiq maps it against every risk category in the regulation, flags what applies, and tells you exactly why — citing the specific articles behind each determination. No guesswork, no billable hours, no waiting for a consultant to get back to you.
European data sovereignty your data stays in Europe, always
Hosted Entirely in Europe
Data sovereignty guaranteed. All processing stays within European borders, always.
GDPR-Native Architecture
Built from the ground up for data minimisation, purpose limitation and data subject rights.
No Vendor Lock-In
Export your entire documentation bank in audit-ready formats at any time.
Multilingual Platform
Available in English and Swedish today. German, French, Spanish and Italian coming soon.
Answers for startups, scaleups, and SMEs
Does the EU AI Act apply to startups and SMEs?
Yes. The EU AI Act applies by your role (provider or deployer) and your system’s risk tier — not by company size. A ten-person startup deploying a high-risk AI system carries the same core obligations as a large enterprise. There is no blanket SME exemption, though some duties are lighter and fines are capped for smaller companies. Normiq helps you find out exactly which tier each of your systems falls into.
Do I need a legal team to comply with the EU AI Act?
No. Normiq is built for startups, scaleups, and SMEs that don’t have a dedicated legal or compliance team. It runs a plain-language interview, drafts a risk classification with specific article references, and generates audit-ready documentation. A named person on your team accepts each determination — accountability stays with you, but the heavy lifting does not.
When are the EU AI Act deadlines?
Prohibited practices have applied since February 2025 and general-purpose AI model obligations since August 2025. In May 2026 the EU agreed — through the Digital Omnibus — to postpone the high-risk obligations (Annex III, including EU database registration) from August 2026 to 2 December 2027, and the rules for AI in regulated products to 2 August 2028. That delay is politically agreed but still pending formal adoption, so classify your systems now to know which obligations will apply to you.
Is my company data kept in the EU?
Yes. Normiq is hosted entirely in Europe. All processing, storage, and delivery stays within European borders, and we use European-headquartered service providers only — no US-headquartered cloud services touch your data. This is a core architectural decision, not a configuration option.
Auditors don’t want claims. They want evidence.
Documents, timestamps, and a human signature. That’s what Normiq produces. Go from risk classification to a complete audit package in hours, not months.
Hosted in Europe · GDPR-compliant