Platform Overview

From first tool to full compliance.
One platform. Every step.

AI and Shine handles every EU AI Act obligation — inventory, contracts, risk assessment, legal documents, governance, training, and compliance proof. AI generates personalized documents from your real data. You review and approve.

01 AI Inventory02 DPA Analysis03 Risk Assessment04 Documents05 Governance06 AI Literacy07 Compliance Report
01
AI Inventory & Tool Library

200+ pre-enrolled tools. Add yours in 5 minutes.

Before you can comply, you need to know what you have. Search from our library of pre-configured tools across marketing, HR, analytics, CRM, customer service, development, and more. AI prefills vendor details, AI model type, data scope, and initial risk classification.

78% of fields prefilled automatically from our tool database
15 categories: Marketing, HR, CRM, Analytics, AI Assistants, and more
Large library of pre-enrolled tools — global and regional vendors
AI suggests remaining fields after you fill the description
app.aiandshine.com/tools
Tools
High Risk Docs
Actions
Documents
Governance
Reports
AI Literacy
Periodic Review
Tools
Tools compliance overview
+ Add Tool
TOOLS
7
3 HIGH · 1 LTD · 3 MIN
ACTIONS
25/56
31 remaining
PROGRESS
45%
31 to go
MISSING DPA
1
COMPLIANT
0/7
Next steps
WorkdayHIGH risk→ Risk Assessment → FRIA
ClaudeHIGH risk→ FRIA (HIGH risk)
Canva AIDPA missing→ Upload DPA
ToolRiskDPAAssess.ActionsScore
ChatGPT
OpenAI
HIGH1/560%
HubSpot AI
HubSpot
LIMITED2/385%
Greenhouse
GH Inc.
HIGH3/838%
Meta Ads
Meta
LIMITED0/30%
app.aiandshine.com/tools/greenhouse/dpa
Tools
High Risk Docs
Actions
Documents
Governance
Reports
AI Literacy
Periodic Review
Greenhouse DPA Analysis
72
/100
Vendor Risk Score
Based on GDPR + AI Act clause analysis
GDPR Clauses34/40
AI Act Clauses12/30
Data Transfer14/15
Sub-processors7/10
GDPR Art. 28 Clauses
Processing purpose defined
Data categories listed
Security measures
Sub-processor notification
Data return/deletion
Audit rights
AI Act Clauses
AI system transparency
Risk classification support
Human oversight provisions
Incident reporting
Not yet standard in most vendor DPAs
02
Smart DPA Analysis

Your vendor contracts, analyzed in minutes.

Paste text or upload a PDF. AI extracts every clause, checks GDPR Article 28 completeness, flags missing AI Act terms, identifies sub-processors, and maps the data transfer chain. Each vendor gets a Risk Score from 0–100.

GDPR clause completeness check (Art. 28 requirements)
AI Act clause gap analysis — most vendors don't have these yet
Sub-processor identification and AI supply chain mapping
Vendor Risk Score 0–100 with transparent scoring breakdown
Results feed directly into risk assessment — no re-entry
03
Risk Assessment & Classification

AI classifies risk. You confirm.

Every tool is classified against EU AI Act Annex III categories. Full explanation of which articles apply — not just a badge, but why. Art. 5 prohibited practices screening included.

Automatic classification: Minimal → Limited → High risk
Art. 5 Prohibited Practices screening — Tier 1 fines, already enforceable
Clear deployer vs. provider obligation separation
DPA data flows directly into assessment — no manual re-entry
Override option when your use case differs from the default
app.aiandshine.com/tools/greenhouse/risk
Tools
High Risk Docs
Actions
Documents
Governance
Reports
AI Literacy
Periodic Review
Risk Assessment — GreenhouseHIGH RISK
Classification: HIGH risk
Under Art. 6(2), Annex III Category 4(a) — AI-powered candidate screening in employment context
Your obligations
Upload DPA
Complete Risk Assessment
Assign human oversight
Generate Transparency Notice
Complete FRIA
Notify workers
Vendor obligations
7 vendor obligations — Conformity Assessment, EU Database Registration, Quality Management...
app.aiandshine.com/documents
Tools
High Risk Docs
Actions
Documents
Governance
Reports
AI Literacy
Periodic Review
AI Compliance Report
45% complete — 31 actions remaining
View ReportExport PDF
Workplace AI Notice
HIGH risk tools: 3
Total Documents
13
Risk Reports
12
DPA Summaries
0
Finalized
1
FRIA Report — GeminiFinal
Risk Assessment — ChatGPTDraft
Transparency Notice — GreenhouseFinal
DPIA — WorkdayDraft
Worker NotificationDraft
04
Compliance Documents

Every required document. Generated from your data.

FRIA, DPIA, ROPA, Transparency Notices, Worker Notification, Internal AI Policy — all generated from your actual tool data and vendor contracts. Personalized legal documents with one click. You review and approve.

Fundamental Rights Impact Assessment (FRIA) — Art. 27
Data Protection Impact Assessment (DPIA) — GDPR Art. 35
Record of Processing Activities (ROPA) — GDPR Art. 30
Transparency Notices — 3 templates (interaction, decision, general)
Worker Notification — Art. 26(7), auto-generated from HIGH risk tools
Internal AI Use Policy — company-wide, auto-updates as tools change
05
Governance Hub

Manage AI use across your organization.

Compliance isn't a one-time project. Manage requests, incidents, monitoring, and oversight without it becoming a second job.

Tool Requests & Approvals

Employees request new tools via simple form. Automatic risk pre-screening. Admins approve or reject with full audit trail.

Incident Reporting (Art. 73)

Report AI incidents in 3 clicks. AI suggests severity — conservative by default. Serious incidents trigger authority notifications.

Art. 73

Periodic Review & Monitoring

Automated 6-month reminders. Smart questionnaire — if nothing changed, confirmation takes 2 minutes.

Art. 26(5)

Log Retention Tracking

Track log storage per high-risk tool. Alerts before 6-month retention expires. Verification records for audit.

Art. 26(6)

Smart Reminders

DPA expiration, review dates, vendor changes, training deadlines, log retention warnings. Platform tracks so you don't.

Human Oversight (Art. 26.2)

Assign oversight persons per high-risk tool with documented authority to intervene. Auditable evidence, not just a checkbox.

Art. 26(2)
06
AI Literacy Training

AI competence training for your entire organization.

AI Literacy is required for ALL organizations since February 2, 2025 (Art. 4). AI and Shine provides ready-to-use training courses with a 3-layer curriculum — from general AI awareness to specialized oversight training. Your team completes the course, the platform tracks everything.

Ready-to-use 3-layer curriculum: general awareness → tool-specific → oversight training
Available for your entire organization — no external trainers needed
Completion tracking and evidence management (attendance, certificates)
Automated reminders for new employees and periodic refreshers
Enforceable since February 2025 — this is already a legal obligation
app.aiandshine.com/literacy
Tools
High Risk Docs
Actions
Documents
Governance
Reports
AI Literacy
Periodic Review
AI Literacy Training
Required for ALL organizations · Art. 4 · Since Feb 2, 2025
Layer 1
General AI Awareness
All employees · 45 ppl
Conducted
Jan 20, 2026
Layer 2
AI Tools for Marketing
Marketing · 12 ppl
Scheduled
Apr 15, 2026
Layer 3
Human Oversight Training
Supervisors · 3 ppl
Not conducted
07
Compliance Report & Audit Trail

When the authority asks, you open this.

Everything feeds into one living document — auto-generated, always current. Your complete compliance proof.

Living Compliance Report

Auto-compiled from all platform data: inventory, assessments, documents, training, incidents. Formatted for Market Surveillance Authorities. You never write it manually.

AI inventory with risk levels
DPA analysis summaries
All compliance documents
Training & oversight evidence
Incident history
Complete audit trail

Document Library

Every document generated — DPIAs, FRIAs, notices, policies — organized, versioned, and downloadable. Filter by tool, type, or status.

Full Audit Trail

Who added which tool, approved which request, completed which assessment, when. Timestamped, attributed, authority-ready.

Everything you need for EU AI Act compliance —
in one connected platform

AI and Shine unifies inventory, analysis, documentation, governance, and training into a single system. Stop stitching spreadsheets together and start managing compliance with confidence.

AI Inventory & Tool Library

200+ pre-enrolled tools, AI prefill

Smart DPA Analysis

GDPR + AI Act clause check, risk score

Risk Assessment & Classification

Annex III classification, Art. 5 screening

Compliance Documents

FRIA, DPIA, ROPA, notices, policies

Governance Hub

Requests, incidents, monitoring, oversight

AI Literacy Training

3-layer curriculum, evidence tracking

Compliance Report

Living document, always audit-ready

See the Platform →Book a Demo

Data flows between every step. Zero duplicated work.

Upload a DPA → risk assessment prefills. Risk classified → documents auto-generate. Any change → compliance report updates.

DPA → Risk prefillsRisk → Docs generateIncident → Authority notifiedChange → Report updates

Time savings

What takes a lawyer 2 weeks takes your team 3–4 hours.

TaskWithoutWith AI and Shine×
Add a new tool2–3 hours5 minutes30×
Analyze a vendor DPA4–8 hours10 minutes30×
Risk assessment1–2 days20–30 min10×
Generate FRIA2–3 days30–45 min
Transparency notice2–4 hours2 minutes60×
Monthly review2–3 days15 minutes20×

Available in 26 languages

Platform and generated documents localized for all EU member states.

🇬🇧 English🇵🇱 Polish🇫🇷 French🇩🇪 German🇪🇸 Spanish🇮🇹 Italian🇳🇱 Dutch🇵🇹 Portuguese🇸🇪 Swedish🇩🇰 Danish🇫🇮 Finnish🇨🇿 Czech🇷🇴 Romanian🇭🇺 Hungarian🇧🇬 Bulgarian🇭🇷 Croatian🇸🇰 Slovak🇸🇮 Slovenian🇱🇹 Lithuanian🇱🇻 Latvian🇪🇪 Estonian🇬🇷 Greek🇮🇪 Irish🇲🇹 Maltese

See it with your real tools

Book a 30-minute demo. Tell us which tools you use — we'll analyze them live.

Book a Demo →Free Readiness Check