DISCLOS / METHODOLOGY

HOW WE AUDIT.

Six stages. Every audit follows the same framework. Nothing is templated — the findings are yours, specific to your product. The process is documented here in full.

PRODUCT INTAKE

We review your brief: product URL, AI feature list, target audience geography, current compliance status. We flag any immediate red flags before the full audit begins.

FEATURE DISCOVERY

We click through your product as a European end-user would. Every AI touchpoint is catalogued: chat, autocomplete, image generation, classification, scoring, voice, recommendation, content moderation.

RISK CLASSIFICATION

Each feature is classified against the EU AI Act risk framework: Prohibited (Art. 5), High-Risk (Art. 6 + Annex III), Transparency-Obligated (Art. 50), GPAI-Deployed (Art. 52), or General Use (low obligation).

GAP ANALYSIS

For each transparency-obligated or high-risk feature, we map current state against the Act's specific requirements: disclosure placement, language, timing, format, and technical implementation.

REMEDIATION DRAFTING

We write the fix. Code components, document templates, and policy wording — specific to your product, not boilerplate. Every disclosure is reviewed against Art. 50's plain-language and timing requirements.

REPORT PACKAGING

Everything is packaged into a single shared folder: PDF report, code pack, template documents, and a personal Loom walkthrough. One link. Forward to anyone who needs to act.

The intake brief covers ten questions. They establish scope, identify risk categories, and tell us where to focus the audit. No call required — the brief is async.

RISK CLASSIFICATION LOGIC

PROHIBITED — Art. 5 practices. Immediate removal required.

HIGH-RISK — Annex III use cases. Full conformity required.

ART. 50 — Transparency obligations. Disclosure + documentation required.

GENERAL — Low obligation. Basic documentation recommended.

NOT A LAW FIRM

We do not provide legal advice. Our report is a researched compliance checklist. It is designed to make a lawyer's review faster, not to replace it.

NOT A SAAS TOOL

There is no dashboard, no AI scanner, no automated assessment. Every audit is done by a human who reads the Act and reads your product.

NOT A SOC 2 PLATFORM

We cover EU AI Act obligations specifically. We do not cover ISO 27001, SOC 2, GDPR (separately), or general information security.

SOURCES + REFERENCES

Disclos is not a law firm. We deliver researched compliance checklists mapping your product against the published EU AI Act. This is not legal advice. Binding legal opinions require a qualified lawyer.