About Conformly
One product, one regulation, done properly. Here is exactly what we are and what we are not.
Conformly is EU AI Act compliance software for B2B SaaS teams. It classifies your AI systems into the risk tiers of Regulation (EU) 2024/1689, generates the obligations that follow from that classification, monitors them continuously, and produces the documentation an auditor or a market surveillance authority will ask for — including a Fundamental Rights Impact Assessment, a Declaration of Conformity, a post-market monitoring plan and the Annex IV technical file.
We deliberately do one regulation rather than thirty frameworks. The AI Act is new, it is structural, and a checkbox borrowed from a security questionnaire does not survive contact with it. Where our customers also need SOC 2, ISO 27001, GDPR or HIPAA context, we provide honest crosswalks for the AI-relevant controls instead of pretending to be a full security-compliance platform.
Classification is fully deterministic and rule-based. The same answers always produce the same risk tier, and every result traces back to specific articles and annexes of the Act. No language model decides your risk class.
This is not a technical preference, it is the whole point: a probabilistic classifier cannot be defended to a regulator. You cannot tell an authority that a model was 80% confident you were not high-risk. Our optional AI assistant explains obligations and drafts prose — it never classifies.
- Deterministic EU AI Act risk classification (prohibited / high-risk / limited / minimal)
- Automatic obligation generation per classified system
- Continuous compliance monitoring with scheduled control checks
- Automatic evidence capture for every check result
- Fundamental Rights Impact Assessment (FRIA) generation
- Declaration of Conformity generation
- Post-market monitoring plan generation
- GPAI (general-purpose AI) technical documentation
- Crosswalks to SOC 2, ISO 27001, GDPR and HIPAA for AI-relevant controls
- Audit-ready PDF export
- Public trust centre pages
- Vendor AI assessments
This list is what is built and running — not a roadmap. See product updates for what changed and when.
Conformly is hosted in the EU and can be self-hosted on your own infrastructure, so your compliance record — which is, by definition, a record of your regulatory exposure — never has to leave your control. Details are in the Privacy Policy.
We are a small, independent team — which is why the product is built to be self-service and the pricing is on the website instead of behind a sales call. Reach us at support@getconformly.com.
We are not a law firm and this is not legal advice. Conformly automates the organisational and documentation work of compliance — the register, the classification logic, the obligations, the evidence and the paperwork. Whether your specific deployment is lawful is a question for a qualified lawyer in your jurisdiction, and we will tell you that rather than sell you a certainty we cannot give.