SimpleAct Logo
Easiest way to get through the EU AI Act

Your AI Act Compliance
Made Simple

SimpleAct is the operational AI governance platform for the EU AI Act: capture, assess, and document AI systems – with governance workflows, incident management, runtime monitoring, and integrations for Jira, Teams, or ServiceNow. Everything in one system, audit-ready.

Full documentation
From €159/month (annual billing)
🇩🇪
Made in Germany
Get startedWatch demo

No credit card required · Demo available to watch

app.simpleact.de
Grundinformationen
Name des KI-Systems *
z.B. ChatGPT Integration
Anbieter *
OAIOpenAI
MSMicrosoft
GCGoogle
OTHSonstige
Klassifizierung
Entscheidungsrolle
Unterstützend
Kritisch
Risikostatus
Risikostufe
MINIMAL
Bewertungsdetails
Kein High-Risk- oder Limited-Risk-Trigger erkannt. Standard-Dokumentation gilt.

Documenting AI use is becoming mandatory

The AI Act requires companies to demonstrate where and how AI is used, whether use is permitted, and whether sensitive data is processed – or face significant penalties.

€35M
max. fine

Fines up to €35M avoidable

With proper documentation you stay on the safe side. Without proof, fines of up to 7% of global annual turnover (max. €35M) can be imposed. With SimpleAct you avoid these risks.

...
days remaining

Deadline: 2 August 2026

High-risk AI systems must be fully documented by 2 August 2026. With SimpleAct we support you with documentation so you can avoid these risks.

83%
no transparency

83% have no AI overview

Most companies do not know which AI systems their employees use, whether sensitive data is processed, or whether AI makes decisions itself. With SimpleAct you avoid these risks.

High
time spent

Unstructured capture costs a lot of time

Capturing AI use without a system means: unstructured Excel lists, no systematic risk assessment, no version control. With SimpleAct you avoid these risks.

The clock is ticking: documentation obligation starts in ...

From 2 August 2026, companies must be able to demonstrate on request which AI systems they use, how they are used, and whether use is permitted. Without documentation, audits and fines are at risk.

💡 Acting now means creating transparency and documenting automatically – not panicking when authorities request evidence.

AI Check

Am I affected by the EU AI Act?

Answer 5 short questions in under 1 minute and find out whether your company needs AI documentation.

Question 1 of 5

Does your company use AI systems or AI tools?

e.g. ChatGPT, Microsoft Copilot, recruiting software, CRM with AI, internal AI solutions

⚖️ This check is not legal advice. If in doubt we recommend legal review.

The solution

AI systems centrally captured
and documented in a structured way

SimpleAct provides a central platform for structured capture, rule-based assessment, and auditable documentation of all AI systems under the EU AI Act.

Central AI capture

Capture all AI systems in use centrally: name, provider, description, category (internal/external), role, purposes, affected areas, responsible person, email.

Rule-based risk classification

Each AI system is assessed via a structured questionnaire and automatically classified rule-based under the EU AI Act. You can re-assess any system at any time.

Auditable evidence

Compliance checklists per risk class with EU AI Act article references. Additional documentation for high-risk systems. Structured compliance report exportable with versioning. Changes are recorded.

Structured documentation

The report includes organisation profile, report metadata, and per AI system: master data, last review, risk assessment, compliance checklist (status, open items), documentation entries. Finally the audit history with a chronological list of changes (timestamp, action, entity, user).

Free

Free Tools (Bitkom, TÜV)

  • One-time risk assessment
  • No data storage
  • No versioning
  • No team access
  • No export
  • No updates on changes
  • No proof for authorities
  • No incident management
  • No integrations

SimpleAct Platform

Free tools help with initial assessment. SimpleAct is your permanent compliance solution.

Product modules

SimpleAct does not stop at obligations. It covers the full operational flow

The platform exposes the work already present in the product: from legal logic through governance and audit playbook to incidents, runtime signals, assurance workflows, and API connectivity.

Legal logic

SimpleAct derives role, deployment context, and review cadence per AI system. Teams see early which obligations apply and when a system must be reviewed again.

  • Review owner and cadence
  • Role model per system
  • Traceable obligation profile
Open legal logic

Governance

Owner, reviewer, approver, evidence, and approvals stay inside one governance flow. Critical decisions do not disappear into email or isolated files.

  • Evidence register
  • Review and approval states
  • Finalization gates
Open governance

Audit playbook

The audit playbook turns articles and gaps into concrete actions. Teams see owners, SLAs, due dates, open points, and the direct path to missing evidence.

  • Status per article
  • Quick fix and reopen
  • Action plan with owner
Open audit playbook

Incident management

Incidents are not just logged. SimpleAct keeps status, reassessment triggers, compliance gate, CAPA, and authority-response cases in one place.

  • Incident board and status workflow
  • Reassessment triggers
  • CAPA and compliance gate
Open incident management

Runtime monitoring

Monitoring templates, runtime signals, change register, and observability profiles show what happens after deployment and what follow-up work is required.

  • Runtime signals
  • Change register
  • Observability and releases
Open runtime monitoring

Assurance & oversight

For demanding setups, SimpleAct combines dataset register, bias findings, human oversight, validation suites, pipeline gates, registry, and authority packs.

  • Dataset and vendor register
  • Human oversight and validation
  • Authority pack and registry
Open assurance

API & integrations

API keys, webhooks, OpenAPI, ingestion endpoints, and integrations into Jira, Teams, or ServiceNow help connect governance and runtime work from the platform.

  • API keys and webhooks
  • Ingestion for runtime signals
  • Jira, Teams, and ServiceNow
Open API & integrations

Inventory & risk

The base layer remains: AI inventory, structured questions, risk logic, compliance checklists, and exportable evidence. This layer feeds all downstream modules.

  • AI inventory
  • Risk classification
  • Exportable evidence
Open AI documentation

SimpleAct Operating Model

From inventory to incident, everything stays in one system.

That is what separates SimpleAct from checklist-only or register-only tools. The platform connects assessment, control, operations, and evidence into one visible workflow.

Owner, reviewer, approver
Runtime signals and incidents
Bias findings and validation suites
API keys, webhooks, and exports
Connected inside the product

How records become an operational compliance system

SimpleAct connects obligations, tasks, evidence, incidents, runtime signals, and integrations. Teams work inside one connected flow instead of isolated tools.

Operational product flow

How SimpleAct connects obligations, evidence, and follow-up work.

Inside the product, legal logic, governance, audit playbook, incident management, and runtime monitoring work together. That keeps it visible per AI system what has been reviewed, what remains open, and which actions come next.

  • Clear view of status, open points, and responsibilities
  • Evidence, reviews, and approvals stay attached to the system context
  • Incidents, changes, and monitoring signals trigger follow-up work in the same flow
View product modules

Step 1

Inventory and risk classification

Teams capture AI systems, place them into business context, and create the base layer for everything that follows.

Step 2

Legal logic and review cadence

SimpleAct keeps role, recurring review questions, and review ownership visible per system.

Step 3

Governance and audit playbook

Owners, reviewers, open points, missing evidence, and approvals stay visible as one operational workflow.

Step 4

Runtime, incident, and CAPA

After rollout, runtime signals, incidents, changes, and CAPA measures stay attached to the affected system instead of separate ticket silos.

Operational Artifacts

Concrete artifacts teams can maintain inside SimpleAct

More than documentation

Evidence register

Files, links, notes, and approvals per system or topic.

Dataset register

Version, lineage, bias findings, and personal-data relation.

Validation suites

Benchmarks, revalidation triggers, red teaming, and shadow mode.

Observability profiles

Metrics, alert thresholds, sources, dashboard URL, and on-call roles.

Authority packs

Conformity, CE, EU database, contacts, and supporting artifacts.

API & webhooks

Connect governance, incident, and monitoring flows into external systems.

Depth from the app

What teams actually operate in SimpleAct

This content is not based on a theoretical roadmap. It follows modules, forms, and workflows that already exist in the product.

Governance and approvals

Owner, reviewer, approver, minimum approved evidence, and finalization gates per subject.

  • Evidence coverage visibility
  • Review status per object
  • Approval chain for FINAL
Open module

Assurance and high-risk work

Dataset register, bias findings, human oversight, validation suites, pipeline gates, authority pack, and registry.

  • Bias and lineage in dataset context
  • Validation and red teaming
  • Authority cases and CE/conformity state
Open module

Runtime and incident loop

Runtime signals, incident records, reassessment triggers, change register, CAPA, and compliance gate form one operating chain.

  • Runtime signal -> incident
  • Change -> reassessment
  • CAPA with owner and due date
Open module

Integrations and external systems

API keys, webhooks, ingestion endpoints, plus Jira, Teams, and ServiceNow connectivity for enterprise setups.

  • OpenAPI and events
  • Inbound ingestion for monitoring
  • Enterprise procurement material
Open module
Operational flow

How SimpleAct shows that obligations become real follow-up work

Not just inventory and export: the platform connects legal logic, governance, audit playbooks, runtime signals, and incidents into one operating flow.

Onboard a new AI system

A new system moves from classification to approval through one connected product flow.

  • Create inventory and risk context
  • Carry over obligations and review cadence from legal logic
  • Close articles, evidence, and approvals in one flow
Open the flow

Control changes and reassessments

Model changes and runtime signals do not stay isolated. They create review work and actions.

  • Capture the change or signal
  • Make review need and owners visible
  • Approve again only with refreshed evidence
Open runtime & assurance

Close incidents through evidence

Incidents are closed through CAPA, reassessment, and authority packs in the same system.

  • Capture severity and context
  • Trigger CAPA and compliance gate
  • Secure a defensible closure state
Open incident management

The detailed proof belongs on a dedicated page.

Anyone who wants the deeper explanation of what defines an AI governance system can open the full positioning and process page there.

How it works

EU AI Act compliance in 5 steps

From capture to auditable evidence – and beyond: governance workflows, runtime monitoring, and incident management as your permanent operating system for your AI stack.

01

Login and setup

Sign up and enter basic company data and the person responsible for your AI compliance management.

  • Quick registration and setup
  • Enter company data
  • Designate responsible person
02

Capture AI systems

Enter all AI tools in use: ChatGPT, VS Code AI, Canva AI, internal applications. Capture takes only 1–2 minutes per system.

  • Simple capture of name, provider, and purpose
  • Document scope of use (internal/external)
  • Capture takes only 1–2 minutes per system
03

Assess risk

Answer guided questions about your AI system. Based on your answers, the system automatically determines the appropriate risk class – no legal expertise required.

  • Guided questions on risk factors and context
  • Automatic classification under EU AI Act
  • Versioning for repeat assessments
  • No legal interpretation required
04

Complete compliance checklist

Depending on risk class, a specific compliance checklist is shown: Minimal Risk (basic documentation), Limited Risk, High Risk. Each checklist includes EU AI Act article references.

  • Minimal Risk: Basic documentation and privacy alignment
  • Limited Risk: Transparency obligations and content labelling
  • High Risk: Full checklist with Art. 9–14 references
  • Additional documentation for high-risk systems possible
05

Operational governance

After setup, the real governance begins: dashboard, audit playbook, incident management with CAPA, runtime monitoring with signals and change register, assurance workflows with bias findings and validation suites – all connected, all audit-ready.

  • Dashboard overview of all AI systems and status
  • Incident management: CAPA, re-assessment triggers, authority responses
  • Runtime monitoring: signals, change register, observability profiles
  • Assurance: bias findings, validation suites, human oversight
  • Integrations: Jira, Teams, ServiceNow, API keys, webhooks
First full documentation in
2–3 hours

Quick onboarding – then governance, monitoring, and incident management run permanently as your AI operating system

Get started
Transparent pricing

Fair pricing, no hidden costs

From €159/month when billed annually, €199/month monthly. A compliance solution that takes you through structured AI documentation. No surprises.

Starter

For small teams

159/monthbilled annually
  • 5 AI systems
  • 3 users
  • PDF export compliance report
  • Documentation
  • Audit log
  • Risk classification & AI asset management
  • Email support (48h response)
  • Own subdomain
Get started
Recommended

Professional

For growing companies

279/monthbilled annually
  • Everything in Starter
  • Unlimited AI systems
  • Unlimited users
  • PDF/DOCX export compliance report
  • 2FA required for admins
  • Additional documentation for high-risk
  • OIDC / Single Sign-On
  • Audit log
  • Risk classification & AI asset management
  • Automated reminders & escalations
  • Legal review cycle
  • Audit playbook action management
  • Exports including annex and compliance sections
  • Priority email support (24h response)
Get started

Enterprise

For large organisations

On request
  • Everything in Professional
  • Custom integrations & APIs
  • White-label option
  • Individual SLAs
  • DPA & AVV
  • Dedicated contact
  • SAML & LDAP integration
Request quote

For a fast product check

Trial

Free
30 days
Full Starter onboarding
Real data and real workflows
30 days of platform access
No setup fee
Best for a realistic product check

You start with the full Starter setup, can create real data, and test the platform under realistic conditions. After 30 days the trial does not silently stop; it transitions into the Starter subscription unless you cancel in time.

Start 30-day trial
Pilot project

Need 30 days for a structured pilot with your team, real processes, and measurable success criteria?

For selected companies we enable a guided pilot mode. This is not an open self-serve plan, but an approved pilot with defined scope, owners, and a clear go/no-go decision at the end.

By request only

Pilot projects are enabled individually and after the period either transition into a regular subscription or end cleanly.

See pilot project

Questions about pricing? See our FAQ

Trust & security

Your data is safe with us

As a German company we take data protection and security seriously. Made in Germany means the highest standards with no compromise.

Security & Infrastructure

GDPR-oriented

European data protection

Made in Germany

German quality

Hetzner Datacenter

Hosting in Germany

Data in Germany

All your data is stored exclusively on German servers in Nuremberg. Backups are held in Falkenstein (Hetzner). No cloud providers outside the EU.

Enterprise-grade security

End-to-end encryption and regular security reviews for the highest data security.

Data protection expertise

Our team has experience in data protection (GDPR) and AI governance.

German quality

Developed and hosted in Germany with a focus on data protection and reliability.

New on the blog

Latest developments around the EU AI Act

Fresh updates on the EU AI Act, AI compliance, and practical implementation guidance.

Yannick Heisler

Yannick Heisler

Vertrieb · Persönliche Beratung

SimpleAct - Official EU AI Act Compliance Platform