About Conformly

One product, one regulation, done properly. Here is exactly what we are and what we are not.

What Conformly is

Conformly is EU AI Act compliance software for B2B SaaS teams. It classifies your AI systems into the risk tiers of Regulation (EU) 2024/1689, generates the obligations that follow from that classification, monitors them continuously, and produces the documentation an auditor or a market surveillance authority will ask for — including a Fundamental Rights Impact Assessment, a Declaration of Conformity, a post-market monitoring plan and the Annex IV technical file.

We deliberately do one regulation rather than thirty frameworks. The AI Act is new, it is structural, and a checkbox borrowed from a security questionnaire does not survive contact with it. Where our customers also need SOC 2, ISO 27001, GDPR or HIPAA context, we provide honest crosswalks for the AI-relevant controls instead of pretending to be a full security-compliance platform.

How the classification works

Classification is fully deterministic and rule-based. The same answers always produce the same risk tier, and every result traces back to specific articles and annexes of the Act. No language model decides your risk class.

This is not a technical preference, it is the whole point: a probabilistic classifier cannot be defended to a regulator. You cannot tell an authority that a model was 80% confident you were not high-risk. Our optional AI assistant explains obligations and drafts prose — it never classifies.

What it does today
  • Deterministic EU AI Act risk classification (prohibited / high-risk / limited / minimal)
  • Automatic obligation generation per classified system
  • Continuous compliance monitoring with scheduled control checks
  • Automatic evidence capture for every check result
  • Fundamental Rights Impact Assessment (FRIA) generation
  • Declaration of Conformity generation
  • Post-market monitoring plan generation
  • GPAI (general-purpose AI) technical documentation
  • Crosswalks to SOC 2, ISO 27001, GDPR and HIPAA for AI-relevant controls
  • Audit-ready PDF export
  • Public trust centre pages
  • Vendor AI assessments

This list is what is built and running — not a roadmap. See product updates for what changed and when.

Where your data lives

Conformly is hosted in the EU and can be self-hosted on your own infrastructure, so your compliance record — which is, by definition, a record of your regulatory exposure — never has to leave your control. Details are in the Privacy Policy.

Who operates Conformly
Berat Engin Büyükada
Trading as Conformly
İvedik OSB Mah. 1456. Cad. No: 4, Yenimahalle, Ankara, Türkiye
Türkiye

We are a small, independent team — which is why the product is built to be self-service and the pricing is on the website instead of behind a sales call. Reach us at support@getconformly.com.

What Conformly is not

We are not a law firm and this is not legal advice. Conformly automates the organisational and documentation work of compliance — the register, the classification logic, the obligations, the evidence and the paperwork. Whether your specific deployment is lawful is a question for a qualified lawyer in your jurisdiction, and we will tell you that rather than sell you a certainty we cannot give.