DISCLOS / METHODOLOGY
HOW WE AUDIT.
Six stages. Every audit follows the same framework. Nothing is templated — the findings are yours, specific to your product. The process is documented here in full.
PRODUCT INTAKE
We review your brief: product URL, AI feature list, target audience geography, current compliance status. We flag any immediate red flags before the full audit begins.
FEATURE DISCOVERY
We click through your product as a European end-user would. Every AI touchpoint is catalogued: chat, autocomplete, image generation, classification, scoring, voice, recommendation, content moderation.
RISK CLASSIFICATION
Each feature is classified against the EU AI Act risk framework: Prohibited (Art. 5), High-Risk (Art. 6 + Annex III), Transparency-Obligated (Art. 50), GPAI-Deployed (Art. 52), or General Use (low obligation).
GAP ANALYSIS
For each transparency-obligated or high-risk feature, we map current state against the Act's specific requirements: disclosure placement, language, timing, format, and technical implementation.
REMEDIATION DRAFTING
We write the fix. Code components, document templates, and policy wording — specific to your product, not boilerplate. Every disclosure is reviewed against Art. 50's plain-language and timing requirements.
REPORT PACKAGING
Everything is packaged into a single shared folder: PDF report, code pack, template documents, and a personal Loom walkthrough. One link. Forward to anyone who needs to act.
The intake brief covers ten questions. They establish scope, identify risk categories, and tell us where to focus the audit. No call required — the brief is async.
- 01 Does the product have any user-facing AI features? List all of them.
- 02 Is any AI output presented as if it were human-generated?
- 03 Does the product use biometric data, emotion inference, or behavioural classification?
- 04 Is the product used in employment, credit, education, healthcare, or law enforcement contexts?
- 05 Which EU member states have the largest share of your user base?
- 06 What model providers does the product rely on? (OpenAI, Anthropic, Google, Mistral, etc.)
- 07 Does the product currently display any AI disclosure to end users? If so, where and when?
- 08 Is there a Data Processing Agreement in place with model providers?
- 09 Is there a current Privacy Policy that references AI or automated decision-making?
- 10 When is the next planned product release that adds or modifies AI features?
RISK CLASSIFICATION LOGIC
PROHIBITED — Art. 5 practices. Immediate removal required.
HIGH-RISK — Annex III use cases. Full conformity required.
ART. 50 — Transparency obligations. Disclosure + documentation required.
GENERAL — Low obligation. Basic documentation recommended.
NOT A LAW FIRM
We do not provide legal advice. Our report is a researched compliance checklist. It is designed to make a lawyer's review faster, not to replace it.
NOT A SAAS TOOL
There is no dashboard, no AI scanner, no automated assessment. Every audit is done by a human who reads the Act and reads your product.
NOT A SOC 2 PLATFORM
We cover EU AI Act obligations specifically. We do not cover ISO 27001, SOC 2, GDPR (separately), or general information security.
SOURCES + REFERENCES
Disclos is not a law firm. We deliver researched compliance checklists mapping your product against the published EU AI Act. This is not legal advice. Binding legal opinions require a qualified lawyer.