SimpleAct Logo
Features in detail

How SimpleAct actually works

Step by step through all features — from capturing systems, through risk assessment, to the finished audit report.

How it worksAll modulesOperational flowReal-world examples
How it works

EU AI Act compliance in 5 steps

From capture to auditable evidence – and beyond: governance workflows, runtime monitoring, and incident management as your permanent operating system for your AI stack.

01

Login and setup

Sign up and enter basic company data and the person responsible for your AI compliance management.

  • Quick registration and setup
  • Enter company data
  • Designate responsible person
02

Capture AI systems

Enter all AI tools in use: ChatGPT, VS Code AI, Canva AI, internal applications. Capture takes only 1–2 minutes per system.

  • Simple capture of name, provider, and purpose
  • Document scope of use (internal/external)
  • Capture takes only 1–2 minutes per system
03

Assess risk

Answer guided questions about your AI system. Based on your answers, the system automatically determines the appropriate risk class – no legal expertise required.

  • Guided questions on risk factors and context
  • Automatic classification under EU AI Act
  • Versioning for repeat assessments
  • No legal interpretation required
04

Complete compliance checklist

Depending on risk class, a specific compliance checklist is shown: Minimal Risk (basic documentation), Limited Risk, High Risk. Each checklist includes EU AI Act article references.

  • Minimal Risk: Basic documentation and privacy alignment
  • Limited Risk: Transparency obligations and content labelling
  • High Risk: Full checklist with Art. 9–14 references
  • Additional documentation for high-risk systems possible
05

Operational governance

After setup, the real governance begins: dashboard, audit playbook, incident management with CAPA, runtime monitoring with signals and change register, assurance workflows with bias findings and validation suites – all connected, all audit-ready.

  • Dashboard overview of all AI systems and status
  • Incident management: CAPA, re-assessment triggers, authority responses
  • Runtime monitoring: signals, change register, observability profiles
  • Assurance: bias findings, validation suites, human oversight
  • Integrations: Jira, Teams, ServiceNow, API keys, webhooks
First full documentation in
2–3 hours

Quick onboarding – then governance, monitoring, and incident management run permanently as your AI operating system

Get started
This is what a passed audit looks like

From chaos to compliance — in one report

SimpleAct automatically generates the official EU AI Act Compliance Report with all the evidence that regulators and internal audits require.

PDF export at the push of a button Timestamps & audit trail For regulators and internal audits
Sample GmbHEU AI ACT 2026

EU AI Act
Compliance Report

System inventory, high-risk documentation overview and audit trail

Created: 2026-04-18 · Report-Version: v12 · All systems · Sample GmbH

5
Total systems
0
High risk
1
Limited risk
4
Minimal risk
5
Go-live ready
0
Open points
1

Executive Summary

Organisation is AI Act compliant
  • 5 of 5 systems are go-live ready.
  • 0 open governance points.
  • All Annex IV requirements fulfilled.
  • Complete audit trail documentation available.
4

System Inventory

01
GPT-4 AssistantOpenAI
MINIMAL RISKGo-live ready
02
Document AnalysisMicrosoft
MINIMAL RISKGo-live ready
03
Candidate MatchingInternal
HIGH RISKGo-live ready
Compliance Checklist · 6/6 Done100% complete
Art. 9Risk management system
Art. 10Data governance
Art. 11Technical documentation
Art. 12Logging
Art. 13Transparency and user info
Art. 14Human oversight

Example report · In the app with your organization's real data

Create your own report
Product modules

SimpleAct does not stop at obligations. It covers the full operational flow

The platform exposes the work already present in the product: from legal logic through governance and audit playbook to incidents, runtime signals, assurance workflows, and API connectivity.

Legal logic

SimpleAct derives role, deployment context, and review cadence per AI system. Teams see early which obligations apply and when a system must be reviewed again.

Open legal logic

Key capabilities

  • Review owner and cadence
  • Role model per system
  • Traceable obligation profile

SimpleAct Operating Model

From inventory to incident, everything stays in one system.

That is what separates SimpleAct from checklist-only or register-only tools. The platform connects assessment, control, operations, and evidence into one visible workflow.

Owner, reviewer, approverRuntime signals and incidentsBias findings and validation suitesAPI keys, webhooks, and exports
Connected inside the product

How records become an operational compliance system

SimpleAct connects obligations, tasks, evidence, incidents, runtime signals, and integrations. Teams work inside one connected flow instead of isolated tools.

Operational product flow

How SimpleAct connects obligations, evidence, and follow-up work.

Inside the product, legal logic, governance, audit playbook, incident management, and runtime monitoring work together. That keeps it visible per AI system what has been reviewed, what remains open, and which actions come next.

  • Clear view of status, open points, and responsibilities
  • Evidence, reviews, and approvals stay attached to the system context
  • Incidents, changes, and monitoring signals trigger follow-up work in the same flow

Step 1

Inventory and risk classification

Teams capture AI systems, place them into business context, and create the base layer for everything that follows.

Step 2

Legal logic and review cadence

SimpleAct keeps role, recurring review questions, and review ownership visible per system.

Step 3

Governance and audit playbook

Owners, reviewers, open points, missing evidence, and approvals stay visible as one operational workflow.

Step 4

Runtime, incident, and CAPA

After rollout, runtime signals, incidents, changes, and CAPA measures stay attached to the affected system instead of separate ticket silos.

Operational Artifacts

Concrete artifacts teams can maintain inside SimpleAct

More than documentation

Evidence register

Files, links, notes, and approvals per system or topic.

Dataset register

Version, lineage, bias findings, and personal-data relation.

Validation suites

Benchmarks, revalidation triggers, red teaming, and shadow mode.

Observability profiles

Metrics, alert thresholds, sources, dashboard URL, and on-call roles.

Authority packs

Conformity, CE, EU database, contacts, and supporting artifacts.

API & webhooks

Connect governance, incident, and monitoring flows into external systems.

Depth from the app

What teams actually operate in SimpleAct

This content is not based on a theoretical roadmap. It follows modules, forms, and workflows that already exist in the product.

Governance and approvals

Owner, reviewer, approver, minimum approved evidence, and finalization gates per subject.

  • Evidence coverage visibility
  • Review status per object
  • Approval chain for FINAL

Assurance and high-risk work

Dataset register, bias findings, human oversight, validation suites, pipeline gates, authority pack, and registry.

  • Bias and lineage in dataset context
  • Validation and red teaming
  • Authority cases and CE/conformity state

Runtime and incident loop

Runtime signals, incident records, reassessment triggers, change register, CAPA, and compliance gate form one operating chain.

  • Runtime signal -> incident
  • Change -> reassessment
  • CAPA with owner and due date

Integrations and external systems

API keys, webhooks, ingestion endpoints, plus Jira, Teams, and ServiceNow connectivity for enterprise setups.

  • OpenAPI and events
  • Inbound ingestion for monitoring
  • Enterprise procurement material
Operational flow

How SimpleAct shows that obligations become real follow-up work

Not just inventory and export: the platform connects legal logic, governance, audit playbooks, runtime signals, and incidents into one operating flow.

Onboard a new AI system

A new system moves from classification to approval through one connected product flow.

  • Create inventory and risk context
  • Carry over obligations and review cadence from legal logic
  • Close articles, evidence, and approvals in one flow

Control changes and reassessments

Model changes and runtime signals do not stay isolated. They create review work and actions.

  • Capture the change or signal
  • Make review need and owners visible
  • Approve again only with refreshed evidence

Close incidents through evidence

Incidents are closed through CAPA, reassessment, and authority packs in the same system.

  • Capture severity and context
  • Trigger CAPA and compliance gate
  • Secure a defensible closure state

The detailed proof belongs on a dedicated page.

Anyone who wants the deeper explanation of what defines an AI governance system can open the full positioning and process page there.

Funktionen – EU AI Act Compliance Software | SimpleAct