80 days · EU AI Act deployer deadline

Four regulations.
One evidence record.

EU AI Act: high-risk AI systems from Dec 2, 2027. NIS2: in force since January 2026. DORA: in force since January 2025. GDPR: in force since May 2018. One structured tool to document what you decided, who approved it, and why, across all four.

EU AI Act assessment NIS2 assessment DORA assessment
No account needed
Free evidence record
GDPR · EU data only
EU AI Act · Dec 2, 2027 · Act now
NIS2 · Art.21 · Live
GDPR Art.28 DPA · Included
DORA · Art.5(4) · Live
Permanent evidence record
60-second exposure check

How exposed is your company?

Enter your URL. We read your public footprint and tell you where you stand under the EU AI Act. No form, no login.

Scan now →
01The evidence layer

Decisions don't survive change.
Evidence does.

Regulators don't ask what you planned. They ask what you decided, who approved it, and why. IRP Compliance is built around that evidence primitive, structured to meet four EU regulations from a single record.

Step 01

Select your regulation

Pick the regulation relevant to your organisation. Answer structured questions scoped to your exact obligations. Takes under 10 minutes.

Step 02

Know your exposure in euros

Instant compliance score, fine exposure calculated against the regulation's penalty ceiling, and a gap analysis by domain or article.

Step 03

Build the evidence record

Every answer, every decision, every remediation step, logged with date, context, and approval. The record regulators and auditors actually ask for.

02Regulatory coverage

Your obligations,
ranked by urgency.

GDPR, EU AI Act, NIS2, and DORA each demand documented proof, what you decided, who approved it, and why. Start with the most urgent obligation and build one evidence record that covers all four.

EU AI Act

Art.26, Art.27, Art.12, Art.13, Art.72, deployer transparency, human oversight documentation, and post-market monitoring records. Enforcement begins Dec 2, 2027. Fines from €7.5M up to €35M or 1–7% of global annual turnover.

Dec 2, 2027
NIS2

Art.21 risk management measures across 10 domains, entity classification (Essential / Important), fine exposure up to €10M or €7M, and a prioritised 30/60/90-day remediation plan. In force since January 2023. Active enforcement.

Live
GDPR

Art.5(2) accountability principle, Art.24 controller responsibility, Art.30 records of processing. Documented compliance decisions, the same proof GDPR auditors ask for. A GDPR Art.28 DPA is included as standard.

Included
DORA

6-domain ICT resilience assessment: governance, risk management, incident reporting, resilience testing, third-party risk (incl. CLOUD Act concentration risk), and board reporting. In force since January 2025. Art.5(4) management sign-off included. Start DORA assessment →

Live
03What you get

PDF briefs the board.
The evidence record defends you.

Two outputs. Two audiences. Both from a single assessment, whichever regulation you start with.

Free · Included

Live evidence record

A structured, append-only evidence record that shows what changed, who approved it, and why, the format regulators and auditors can actually use.

  • IRP-format decision ledger
  • Versioned remediation decisions over time
  • Excel export for remediation tracking
  • Data Processing Agreement (Art.28 GDPR)
  • EU data storage · 30-day retention
Start free assessment →
€299 ex VAT · One-time

Board-ready PDF report

A clean, dated PDF your board can act on, plus a one-pager and fine exposure calculation.

  • Dated PDF report, board-ready
  • Executive board one-pager
  • Fine exposure calculation (Art.99)
Start assessment to unlock →
04EU AI Act scope

The Dec 2, 2027 deadline.
What it covers.

Digital Omnibus (May 2026) deferred high-risk AI deployer obligations to December 2, 2027. Draft classification guidelines published May 19, 2026. Three articles define the core compliance risk, all assessable today.

Art.26 + Art.27

Deployer obligations

Human oversight, transparency to affected persons, fundamental rights impact assessment, and instruction compliance for high-risk AI systems.

Art.12 + Art.13

Logging and transparency

Automatic logging of events over the lifecycle of deployed AI systems. Transparent information to users. Both required from December 2, 2027.

Art.72 + Art.99

Post-market monitoring and penalties

Ongoing monitoring of AI system performance in real conditions. Non-compliance fines: €7.5M to €35M, or 1–7% of global annual turnover.

05Pricing

Free assessment and evidence record.
€299 for the full board-ready PDF.

No subscription. No account required for the free assessment. Extended assessments and white-label licensing available for partners and resellers.

Assessment + Compliance record

Free

EU AI Act and NIS2 assessments, know your obligations before regulators do.

After each assessment you'll know:

  • Whether you fall under the regulation, and at what level
  • Your potential fine exposure, in euros
  • A prioritised action plan by domain

What's included:

  • EU AI Act assessment (20 questions)
  • NIS2 assessment (30 questions)
  • DORA assessment (18 questions)
  • Fine exposure and prioritised action plan
  • Permanent compliance record, every decision savedi
  • 30-day access to your results
Start free assessment

PDF Report

€299 ex VAT

A dated, board-ready PDF your leadership can act on, generated after your assessment.

Everything in Free, plus:

  • Dated PDF report, board-ready
  • Executive board one-pager
  • Fine exposure calculation (Art.99)
  • One-time payment · No subscription
Get your report

Enterprise or partner pricing · info@irp-compliance.xyz

Countdown · 80 days remaining

One record.
Start with the urgent one.

EU AI Act: Dec 2027. NIS2: live now. DORA: live now. Free. No account.

EU AI Act assessment NIS2 assessment DORA assessment