Inside the practice: how Disclos audits your SaaS for the EU AI Act

What 'research practice' means in our context

We call Disclos a research practice for a specific reason. We are not a law firm and we do not give legal advice. We are not a generic compliance SaaS that scans your product and emits a checklist. We are not a Big Four consultancy that bills by the hour and disappears between deliverables.

We are a small, focused team that has read Regulation (EU) 2024/1689 line by line, mapped every article that touches a SaaS product, built a reusable methodology around it, and now applies that methodology to one customer at a time. Every audit is a research engagement: we study your product against the published text of the Act, we cite the article behind every finding, and we ship a deliverable that any qualified lawyer can sign off on in twenty minutes.

Researched compliance reference, not legal advice. That phrase is in the footer of every page on this site and the footer of every PDF we deliver. Binding legal opinions are something a qualified lawyer provides. Researched compliance references are what we provide — and they are exactly what a SaaS founder needs to brief their counsel, their CTO, and their board.

Who works on your audit

Every Disclos engagement has the same role structure. The names rotate; the roles do not.

Lead reviewer. Owns the engagement end-to-end. Reads the intake brief, walks the product as a European end-user, classifies each AI surface, writes the article-by-article gap matrix, signs the final report. The lead reviewer on every engagement is Gatis Ozols, Lead Auditor · EU AI Act.

Technical reviewers. Verify every code snippet we ship — React, vanilla HTML, Vue 3 — against the customer's stack. Run the disclosure components against the customer's accessibility baseline (WCAG 2.2 AA), confirm machine-readable provenance marks per Article 50(2), and produce the screenshot evidence that lands in the diagnosis section of the report.

Translation reviewers. Native speakers in the 24 EU official languages. Every disclosure string we ship (chat banner, AI-content watermark, deepfake label, biometric notice, product-wide AI policy) is reviewed in their language for plain-language compliance with Recital 132. Bulgarian through Swedish — every release ships with a verified translation note.

Policy advisors. Independent EU AI policy researchers we consult when the Act's text is ambiguous and the EU AI Office has not yet published guidance. They do not sign the deliverable. They sharpen the interpretation. We name no policy advisor on the deliverable because their input is editorial, not regulatory.

Practice operations. Handles intake, scheduling, Stripe reconciliation, deliverable packaging, and the 30-day check-in.

The lead reviewer

Gatis Ozols is the lead reviewer on every Disclos engagement.

He has studied Regulation (EU) 2024/1689 since publication in the Official Journal on 12 July 2024. He built the methodology, the article-by-article reference, the disclosure code library in 24 EU languages, and the audit-assistant tooling the practice uses to keep delivery tight at five business days.

He does the audit work himself on every engagement. The practice does not subcontract audits. The practice does not hand you off to an associate. The face on the Loom walkthrough is the same face that read your product end-to-end.

To be unambiguous: Gatis Ozols, the lead reviewer at Disclos, is not a public official, does not sit on the EU AI Board, and does not hold any government appointment. Disclos is a private research practice. The name Gatis Ozols is also held by other people in Latvia, including a senior public official with the same name. They are different people. Disclos makes no claim of government affiliation, and we will not allow that confusion to be exploited.

Why we keep the team lean

We could grow the team. We have not, and that is a deliberate decision.

Quality through small surface area. Each audit gets senior eyes. The lead reviewer reads every page the customer reads. The technical reviewer touches every snippet. There is no junior associate doing the first pass and a partner glancing at the deliverable in the elevator.

Methodology over headcount. We spend the time we would have spent onboarding employees on tightening the methodology, the templates, and the tooling. The result is a five-day delivery that competing law firms quote at three to six weeks.

Price discipline. €997 is a real number. It is not a loss leader. It is sustainable at our team size because the methodology removes most of the bespoke work. Scaling the team without scaling the methodology would push the price up. We will not do that.

Capacity ceiling. The lean team puts a real ceiling on capacity: a maximum of five audits per week. When that ceiling is reached for a given week, we close the intake form for the week. We would rather refuse a customer than ship a rushed report.

How to engage the practice

One path. €997 paid to Stripe. The intake form opens after payment. Ten questions. Five business days to delivery. A locked PDF report, an editable Word copy, a code-snippet library in 24 EU languages, five filled compliance documents, and a personal Loom walkthrough.

If the deliverable is implemented and your product is still found non-compliant with the EU AI Act by 2 August 2026, the engagement fee is refunded in full. No partial refunds. No arbitration clause. The refund anchor sits on the same date the Act's main provisions begin to bite — the same date your counsel and your board care about.

Thirty days after delivery, the practice reaches out for a free check-in. Async or call, your choice. If you have shipped a new AI feature or the Act has been amended in the interim, a delta re-audit costs €497 within twelve months of the original delivery.

That is the entire commercial surface. No discovery call. No multi-stage SOW. No retainer.

Frequently asked questions

Is Disclos a law firm?

No. Disclos is a research practice, not a law firm. Our deliverable is a researched compliance reference mapping your product against the published text of Regulation (EU) 2024/1689. It is not legal advice. Binding legal opinions require a qualified lawyer admitted to practice in the relevant jurisdiction. Our deliverables are designed for a lawyer to sign off on in twenty minutes — that is the value we add, and the line we will not cross.

Who actually does the audit?

Gatis Ozols, the lead reviewer at Disclos, audits every product personally. The practice's technical reviewers verify code snippets. Native-speaker reviewers verify the 24-language disclosure wording. Policy advisors are consulted on ambiguous interpretations. The lead reviewer signs the deliverable. No subcontracting, no associate hand-off.

Is Gatis Ozols the same Gatis Ozols who sits on the EU AI Board?

No. Gatis Ozols is also the name of a senior Latvian public official, including one who holds an EU-level role. The lead reviewer at Disclos and that public official are different people who happen to share a common Latvian name. Disclos is a private research practice. We make no claim of government affiliation, and we will not let that name confusion be exploited. If anyone presents Disclos as government-backed or EU-Board-affiliated, that is a misrepresentation. Write to hello@disclos.eu and we will correct it directly.

Why do you not name everyone on the team?

Policy advisors and translation reviewers contribute editorial input, not regulatory signature. Naming them on the deliverable implies a level of endorsement they have not committed to. Customers see the lead reviewer's signature because that is who carries the engagement and the refund guarantee. Internally we know exactly who reviewed each line, and the practice's working notes are retained for the duration of every engagement.

Can the practice scale?

The practice can scale — we have chosen not to, yet. Scaling means adding lead reviewers, which means rewriting the methodology for handoff, which means moving away from the senior-eyes-on-every-line discipline that lets us hold the €997 price. If demand sustainably exceeds five audits per week through August 2026, we will revisit. Today the constraint is intentional, not accidental.

Sources

• https://eur-lex.europa.eu/eli/reg/2024/1689/oj
• https://digital-strategy.ec.europa.eu/en/policies/ai-office
• https://disclos.eu/methodology
• https://disclos.eu/audit