The EU AI Act is in force (Regulation (EU) 2024/1689). High-risk AI system obligations apply from August 2026. Organisations without documented compliance posture face fines up to EUR 35M or 7% of global annual turnover.

APEX OS · Pillar 02: Governance

The Question Is Not Whether the Regulation Applies. The Question Is Whether You Are Ready.

APEX Governance OS maps your AI systems to EU AI Act risk classifications, generates Annex IV technical documentation, and keeps your compliance posture current as regulations evolve and your systems change.

Picture the call. Your General Counsel receives an email from a national AI supervisory authority. A complaint has been filed. They want to see your technical documentation for three AI systems deployed in HR and credit processes. You have 30 days to respond. Your compliance team spent the last 18 months on GDPR. No one has mapped your AI systems to the EU AI Act. The Annex IV documentation being requested has never been generated. The one-off audit you commissioned describes systems that your vendors have since updated four times over. The cost of this scenario is not just the fine. It is what it tells investors, customers, and partners about how you run your organisation.
Run a Free Compliance Assessment Book a Compliance Call
EU AI Act 2024/1689 aligned
Annex IV documentation generated
Swiss nDSG compliant
Not legal advice
🇨🇭 TennoTenRyu Inh. Cesarano · Zug, CH
📋 CHE-272.196.618 · nDSG / GDPR
⚖️ Regulation (EU) 2024/1689 aligned
🔒 Continuous compliance monitoring
The Regulatory Reality

EUR 35M Is Not a Warning.
It Is the Fine Schedule in the Regulation Itself.

The EU AI Act is not forthcoming legislation. It is in force now. Enforcement machinery is being assembled across member states. The organisations that will face consequences first are not the ones that tried and failed. They are the ones that never started.

EUR 35M
or 7% global annual turnover

Maximum fine for prohibited AI practice or failure to comply with fundamental rights obligations.

Source: Regulation (EU) 2024/1689, Art. 99(3)
EUR 15M
or 3% global annual turnover

Maximum fine for non-compliance with high-risk AI system obligations including documentation and testing requirements.

Source: Regulation (EU) 2024/1689, Art. 99(3)
EUR 7.5M
or 1.5% global annual turnover

Maximum fine for supplying incorrect, incomplete, or misleading information to market surveillance authorities.

Source: Regulation (EU) 2024/1689, Art. 99(3)

Here is what is happening right now while you are reading this. EU member states are appointing national market surveillance authorities. They are establishing AI supervisory frameworks. They are beginning to collect complaints. The first enforcement actions will not target the largest organisations. They will target the ones with the clearest paper trail showing they knew the regulation applied and did nothing.

The typical mid-market AI deployment spans 4 to 12 distinct AI systems, sourced from 2 to 5 vendors, each of which may have released multiple model updates in the past 12 months. A compliance snapshot taken when you first deployed is not compliance documentation. It is a historical artefact. Compliance is a continuous state, not a one-time audit.

Fine schedule cited from Regulation (EU) 2024/1689, Art. 99(3) — verified against EUR-Lex publication. Deployment statistics are cross-referenced estimates, labeled ESTIMATED per Content Integrity Policy. Not legal advice.
📁

Your Documentation Does Not Reflect Your Current Systems

Vendors update models. Use cases evolve. A compliance document created at deployment goes stale within weeks. Regulators assess current state, not original intent.

🗺

You Have Not Mapped Risk Classifications

The EU AI Act uses a tiered risk framework. Most organisations have not formally mapped each deployed AI system to the correct category. Without that map, you cannot know what your obligations are.

One-Off Audits Are Already Obsolete

The compliance report from last year described your AI environment as it was then. It does not cover vendor updates, new deployments, or regulatory clarifications published since.

The Solution

Compliance That Does Not Sleep.
Because the Regulation Does Not Sleep.

APEX Governance OS is not a one-time audit. It is a continuously operating compliance system that monitors your AI systems, maintains current Annex IV documentation, tracks regulatory updates, and keeps your audit package ready before the auditor calls, not after.

The benefit goes beyond regulatory protection. When your Board, your investors, or a supervisory authority asks about your AI governance posture, you have a clear, current, evidenced answer ready. That kind of certainty changes how fast you can deploy, how you position AI to clients, and how you attract investment from partners who care about governance.

  • EU AI Act risk classification mapping for every deployed AI system
  • Automated Annex IV technical documentation generation and maintenance
  • Continuous monitoring with drift detection when systems change
  • Weekly compliance posture reports with gap identification
  • Regulatory update tracking as guidance evolves across member states
  • Audit-ready package generated on demand for regulatory responses
System: HR Screening Model v2.1
Risk Classification: HIGH RISK (Annex III, 1.a). Annex IV documentation: current. Last vendor update: 14 days ago. Documentation sync: required.
REVIEW NEEDED
System: Credit Risk Scoring Engine
Risk Classification: HIGH RISK (Annex III, 5.b). Technical documentation: complete. Conformity assessment: in progress. Last audit: March 2026.
COMPLIANT
System: Customer Churn Predictor
Risk Classification: LIMITED RISK. Transparency obligations: met. GPAI disclosure: pending for embedded model component.
GAP DETECTED
Coverage

What APEX Governance OS Covers

A full-spectrum governance operating system, not a point solution for one regulation.

⚖️

EU AI Act Risk Classification

System-by-system mapping to Unacceptable, High, Limited, and Minimal risk categories per Annexes I, II, and III.

📋

Annex IV Documentation

Automated generation and continuous maintenance of the technical documentation required for high-risk AI systems under Article 11.

🔍

Conformity Assessment Preparation

Pre-assessment checklists, evidence collection, and gap analysis to prepare for conformity assessment under Articles 43 and 44.

🔔

Regulatory Update Monitoring

Continuous tracking of EU AI Act implementing acts, EU AI Office guidance, and national supervisory authority publications across DACH markets.

🛡

Swiss nDSG Integration

Cross-referenced compliance mapping for Swiss data protection law, specifically relevant for Swiss-headquartered organisations processing EU resident data.

📊

Weekly Posture Reporting

Governance health score, open gaps, documentation freshness, and priority actions. Board-ready format. Delivered every Monday.

How It Works

From System Inventory to Audit-Ready Package

You describe your AI systems. APEX Governance OS handles the documentation, monitoring, and compliance maintenance continuously from there.

01

AI System Inventory

Submit your AI system list with use case descriptions. APEX maps each system to EU AI Act risk categories in the first session.

02

Documentation Generation

Annex IV technical documentation generated for each high-risk system. Gap analysis identifies what still needs to be collected or confirmed.

03

Continuous Monitoring

Drift detection runs continuously. When vendor models update or use cases expand, documentation is flagged before gaps accumulate.

04

Audit Package On Demand

When an auditor or authority requests documentation, your current, structured compliance package is ready to submit immediately.

Use Cases

Who Uses APEX Governance OS

Mid-market and enterprise organisations deploying AI in regulated contexts across DACH and EU markets.

Financial Services
Credit scoring, fraud detection, and churn prediction are all potentially high-risk under Annex III.
APEX Governance OS classifies each system, generates required documentation, and maintains compliance as models update. Specifically relevant for Swiss and EU-regulated financial institutions operating under both nDSG and GDPR.
HR and Recruitment
AI-assisted CV screening, candidate ranking, and workforce management tools are explicitly listed as high-risk in Annex III.
Many HR technology procurement decisions include embedded AI the buyer may not know is in scope. APEX identifies, classifies, and documents these systems proactively before an auditor does it for you.
Manufacturing and Infrastructure
Predictive maintenance, safety monitoring, and operational AI deployed in critical infrastructure sectors carry specific compliance obligations.
Annex II lists specific regulated sectors where AI obligations apply regardless of direct risk classification. APEX maps these intersections and maintains documentation for the full system portfolio.
Professional Services
Law firms, accountancies, and consultancies deploying AI for research, analysis, or intelligence need to understand their obligations as AI deployers, not just users.
The EU AI Act creates obligations for deployers of high-risk systems, not only developers. APEX Governance OS positions your firm correctly in that chain of responsibility and documents it formally.
Pricing

Continuous Compliance Costs Less Than One Fine.

Every plan includes system mapping, documentation generation, and continuous monitoring.

Foundation
CHF 4,997
per month
  • Up to 5 AI systems covered
  • EU AI Act risk classification mapping
  • Annex IV documentation generation
  • Weekly compliance posture report
  • Regulatory update monitoring
  • Email support
MOST POPULAR
Enterprise
CHF 14,997
per month
  • Up to 20 AI systems covered
  • All Foundation features
  • Conformity assessment preparation
  • Audit-ready package on demand
  • Dedicated compliance officer contact
  • Board-ready governance reports
  • Regulatory authority response support
Sovereign
CHF 24,997
per month
  • Unlimited AI systems
  • All Enterprise features
  • Dedicated compliance team
  • Custom regulatory frameworks
  • Multi-jurisdiction mapping
  • Regulatory authority liaison support
  • On-site engagement available
FAQ

Frequently Asked Questions

Common questions from organisations starting their EU AI Act compliance journey.

Under Article 99(3) of Regulation (EU) 2024/1689: prohibited AI practices carry fines up to EUR 35M or 7% of global annual turnover. Non-compliance with high-risk AI system obligations carries fines up to EUR 15M or 3% of global turnover. Supplying incorrect information to supervisory authorities carries fines up to EUR 7.5M or 1.5% of turnover. These are maximum figures per the published regulation, not estimates.
No. APEX Governance OS provides compliance infrastructure, documentation automation, risk classification tooling, and posture monitoring. It is designed to support your legal team with current, structured documentation, not replace legal judgment. For binding legal determinations, engage qualified legal counsel. All APEX outputs are labeled as compliance assistance, not legal advice.
The EU AI Act entered into force on 1 August 2024. Prohibitions on unacceptable-risk AI practices applied from February 2025. Obligations for high-risk AI systems under Annexes I and III apply from August 2026. General-purpose AI model obligations applied from August 2025. Organisations deploying high-risk AI systems need compliant documentation by August 2026 at the latest.
Annex IV of the EU AI Act specifies the mandatory technical documentation required for high-risk AI systems. It includes the system purpose, risk assessment, training data characteristics, testing and validation methodology, performance metrics, human oversight measures, and post-market monitoring plan. This documentation must be maintained and updated throughout the system lifecycle and be available to market surveillance authorities on request.
Drift is detected when vendor model versions change, when use case descriptions are updated, when new AI systems are deployed, or when regulatory guidance is published that affects existing classifications. When drift is detected, affected documentation is flagged for review before the gap becomes a compliance risk. Foundation plan subscribers receive weekly drift reports. Enterprise subscribers receive alerts for high-risk system changes.
Yes. For Swiss-headquartered organisations or those processing Swiss resident data, APEX Governance OS cross-references the Swiss nDSG (in force September 2023) alongside EU AI Act obligations. Switzerland is not an EU member state, but Swiss organisations processing EU resident data must comply with the EU AI Act when deploying AI systems in the EU market.

Your Compliance Window Is Closing.
Start the Assessment While It Is Free.

Run a free AI system compliance assessment. Find out which of your systems are in scope, what your documentation gaps are, and what you need to address before August 2026.

Run Free Assessment Now Book a Compliance Call
Free Compliance Assessment

Assess Your AI Governance Posture

3 free assessments · No credit card · Not legal advice

3 free assessments per organisation · Compliance assistance only, not legal advice
All outputs labeled with evidential basis per Content Integrity Policy

    Priority Actions