Compass and the EU AI Act.
The EU AI Act is the most comprehensive framework for AI regulation in the world. As a European platform serving regulated industries, Compass is built to comply with it. This page explains how — and how we adapt to the framework's continuing evolution.
Last updated: [TO BE VALIDATED — date]. The EU AI Act timeline has been amended by the Digital Omnibus on AI proposal (May 2026 provisional agreement). Some compliance deadlines for high-risk AI systems have been deferred. This page reflects our understanding of the framework as of the last update.
Compass is an AI system. So we operate within the AI Act framework.
Compass is not just AI-adjacent. The platform's core capabilities — Deal Scoring Engine, Signal Fusion, AI Copilot, Autonomous Agents — are AI systems under the EU AI Act's definition. That means Compass operates under the Act's obligations as both a provider (of AI capabilities) and, in some deployments, a deployer (when Compass is integrated into customer workflows).
Our approach is not minimum compliance. It's structural alignment with the Act's principles: risk-based design, human oversight by default, transparency about AI decisions, data governance built into the architecture, and explainable outputs at every step.
This page describes our current posture. It does not provide legal advice for our customers. If you're deploying Compass in your organization, your specific obligations under the AI Act depend on how you use it. We support you with documentation, but compliance is a shared responsibility.
Where Compass capabilities sit on the EU AI Act risk pyramid.
The AI Act classifies AI systems into four risk tiers: prohibited, high-risk, limited-risk (transparency obligations), and minimal-risk. Here is how Compass capabilities are classified.
| Compass capability | AI Act risk tier | Notes |
|---|---|---|
| Deal Scoring Engine | Limited-risk / Minimal-risk by default | Used as decision-support, not as automated decision-making about persons. [TO BE VALIDATED — case-by-case for customer deployments] |
| Signal Fusion | Minimal-risk | Data processing pipeline, not a decision system |
| OSINT Engine | Minimal-risk | Public data aggregation and structuring |
| HUMINT Layer | Limited-risk | Transparency obligations apply (users informed conversations may be analyzed) |
| AI Copilot | Limited-risk | Generative AI; transparency obligations apply (Article 50) |
| AI Agents | Limited-risk | Autonomous agents acting on signals; oversight maintained |
| Org Chart Intelligence | Limited-risk / case-by-case | Profiling-adjacent; review per deployment |
| Forecasting Engine | Minimal-risk | Aggregate forecasting, not individual decision-making |
No Compass capability falls under the AI Act's prohibited category (Article 5). Customer deployments may shift specific capabilities into the high-risk tier depending on how they're integrated into the customer's decisions — for example, if Compass scoring becomes the sole determinant of a credit decision affecting a natural person. In those cases, we provide the documentation, transparency, and human-oversight tooling required to support compliance with high-risk obligations.
Five principles. Five operational practices.
The AI Act establishes core principles for AI systems. Here is how each is implemented in Compass.
Practice 1 — Human oversight (Articles 14, 26)
AI outputs in Compass are designed as decision-support, not decision-replacement. Every score, every recommendation, every agent action is reviewable, overridable, and traceable. Customers can configure human-in-the-loop checkpoints at any workflow stage.
Practice 2 — Transparency (Article 50)
Compass clearly indicates AI-generated content to users (briefings, drafts, recommendations). HUMINT structuring from meetings includes explicit disclosure that conversations may be transcribed and analyzed. AI Copilot outputs are labeled.
Practice 3 — Explainability (Articles 13, 86)
Every AI output in Compass is explainable. Deal scores break down into ranked factors. Forecasts attribute changes to specific signals. Agent decisions log their reasoning chain. No black-box outputs.
Practice 4 — Data governance (Article 10)
Training and operational data is governed under documented processes: provenance tracking, quality controls, bias monitoring, periodic review. Customer-specific fine-tuning happens within customer tenants only — never against pooled customer data.
Practice 5 — Risk management (Article 9)
Compass operates a continuous AI risk management process: pre-deployment risk assessment of new capabilities, post-deployment monitoring of model behavior, incident response procedures, and periodic re-evaluation. Risk management documentation is available to enterprise customers on engagement.
AI Act compliance is a moving target. We track it actively.
The AI Act came into force in August 2024. Key milestones since then: prohibitions on unacceptable-risk systems became effective February 2025; general-purpose AI obligations and governance infrastructure entered force August 2025; high-risk system obligations were scheduled for August 2026.
In May 2026, the EU institutions reached a provisional agreement on the Digital Omnibus on AI, deferring high-risk obligations to December 2027 (for Annex III systems) and August 2028 (for Annex I systems). This reflects the practical reality that supporting standards and conformity assessment tools were not ready in time.
Compass tracks these developments and adapts. We do not wait for enforcement deadlines to implement principles — most of what the Act requires is already structural in our platform. [TO BE VALIDATED — date of last regulatory review and next planned review]
Five things you can expect from Compass on AI Act compliance.
When you deploy Compass, here is what we provide to support your own compliance obligations.
- Documentation pack. Technical documentation of each AI capability, its risk classification, its training data provenance, its evaluation methodology.
- Transparency notices. Pre-built notice templates for end users and data subjects, configurable to your deployment.
- Human-in-the-loop tooling. Built-in review workflows, override mechanisms, and audit trails to support human oversight obligations.
- Conformity assessment support. When your deployment of Compass falls into a high-risk category, we provide the technical evidence and documentation needed for your conformity assessment.
- Regulatory updates. When the regulatory landscape evolves (Digital Omnibus amendments, new harmonized standards, sector-specific guidance), we communicate impact and adjust the platform.
Talk to our compliance team.
For procurement reviews, DPIA support, conformity assessment preparation, or AI governance discussions: contact our compliance team. We respond to AI Act questions within 5 business days.