Governed, resident AI for GTM operators. Built for the EU regulatory reality.
Same governed Claude agents. Same ~$45K pilot. Architected for GDPR, the EU AI Act, DORA, and NIS2 from day one — not bolted on in security review.
US AI tools gate EU data residency behind enterprise tiers.
Claude's DPA is Enterprise/API-only — not available for Pro or Max subscribers. OpenAI's EU data residency requires a sales contract to even get the option. GitHub Copilot residency only kicks in at Business/Enterprise tiers. An EU operator who wants governed, resident AI cannot just hand a rep a $20/mo ChatGPT seat. They need the enterprise tier, the residency configuration, and the governance scaffolding — and most mid-market EU teams don't have the procurement bandwidth to navigate that alone.
Claude has a DPA, but only for Enterprise/API customers — not for Pro or Max subscribers.
That's the gap we fill. We execute the Anthropic Enterprise/API DPA as part of the engagement. We pin processing to the EU/EEA. We deliver the AI-Act risk-classified agent inventory your DPO needs. And your operators get the same 90-second context assembly as any US team — on a compliant footing.
The regulatory reality. Not scary. Just real.
We don't sell a GRC product. We sell governed operator workflows that map onto the frameworks your DPO already tracks. Your DPO gets the audit trail, the AI-Act risk classification, and the residency architecture. Your operators get the 90-second context assembly.
GDPR
The baseline. Data residency, lawful basis for processing, Data Processing Agreement. We execute the DPA at the Anthropic Enterprise/API tier and pin processing to the EU/EEA. Your customer data stays resident.
EU AI Act
High-risk enforcement begins August 2, 2026. Penalties up to 3% of global annual turnover. Obligations: classify every AI agent by risk level, maintain tamper-proof audit trails, prove human oversight, explain automated decisions (Art. 22). We deliver a risk-classified agent inventory and the audit trail infrastructure. Your DPO gets the documentation. Your operators get the governed workflow.
DORA
Digital Operational Resilience Act. Applies to financial entities and their critical ICT third-party providers. Requirements: ICT risk management, incident reporting, operational resilience testing, third-party risk management. Our governance layer — audit trails, approval gates, hooks — maps onto DORA's operational resilience requirements.
NIS2
Network and Information Security Directive. Applies to essential and important entities across energy, transport, health, digital infrastructure, and more. Requirements: risk management, incident notification, supply chain security. Same governance layer. Same audit trail. Same mapping.
Same pilot. EMEA-specific additions.
The pilot structure is identical to the US/Global engagement: ~$45K, fixed scope, 10 reps, 4 weeks. The EMEA additions are built in from day one, not bolted on in security review.
- Anthropic Enterprise/API DPA
- Executed as part of the engagement. Your legal team reviews it. We handle the procurement.
- EU/EEA region pinning
- Processing within EU/EEA boundaries. Documented. Demonstrable.
- AI-Act risk-classified agent inventory
- Every agent classified by risk level. Delivered to your DPO before go-live.
- Audit trail export
- Full audit trail exportable in standard formats for regulatory review. Every prompt, every action, every approval.
- Entra ID / Purview integration
- Where applicable. Your existing identity and DLP posture, extended to governed agents.
- DPO review support
- Data-flow diagram, sub-processor list, AI-Act classification documentation. Everything your DPO needs to sign off — in writing, before anything reads production data.
Why a $25/mo DIY agent is a compliance liability in the EU.
A ChatGPT workspace agent on customer data in the EU is a double violation. It's a GDPR breach — customer data processed without a DPA, without residency guarantees, without documented lawful basis. And it's an unclassified AI system under the AI Act — no risk classification, no audit trail, no human oversight documentation, no Art. 22 explainability.
The cheap option isn't cheaper. It's a compliance liability your DPO will catch — or your auditor will. And when they do, the cost isn't $25/mo. It's the remediation, the notification, and the regulatory exposure.
Already paying for enterprise AI? We'll make it land.
Many EU teams already pay for enterprise-tier AI — OpenAI, Copilot, or Claude — purely for the DPA and residency. They signed the contract. They got the compliance checkbox. But they never built governed workflows on top of it. The operators are still swivel-chairing. The enterprise license is an expensive compliance artifact, not a productivity tool.
We deploy the governed skills on the compliant footing you already paid for. You bought the enterprise tier for residency. We make it do what your operators actually need.
What EU operators are saying.
Startup skalieren, muss NIS2, GDPR und DORA in den Griff kriegen — first Financial Services client onboarded, can't defer compliance anymore. External auditor came in and handed us a list of gaps.
Most teams I talk to are still in 'we'll deal with it later' mode. But the deadline for high-risk AI systems is August 2, 2026.
Got tired of digging through EUR-Lex PDFs for DORA and NIS2 requirements. Built an open-source tool just to query 37 EU regulations.
Is Mistral AI the only GDPR compliant AI coding provider right now? Claude has a DPA, but only for Enterprise/API customers.
Start an EMEA pilot.
~$45K. Fixed scope. Ten reps. Four weeks. DPA executed. EU/EEA region pinning. AI-Act risk classification delivered to your DPO. Same governed agents, architected for the EU regulatory reality from day one.