NewKairos already covers the new Spanish Organic Law for the good use and governance of AI (BOCG-15-A-97-1).
EU AI Act: high-risk obligations on December 2, 2027

Sovereign AI Governance
for governments
and large organisations

Your data never leaves your infrastructure. The 100% on-premise platform to comply with the EU AI Act, GDPR and ENS: inventory, assessment, monitoring and compliance, with an AI copilot that operates everything by natural language, in one place.

Request a demoExplore the platform

European company · European infrastructure · Full data sovereignty · On-premise

EU AI ActGDPR / RGPDENSNIS2ISO 42001
su-dominio.gob.es/dashboard

Executive dashboard

Last 14 days · Updated 5 min ago

Export
14 días ▾
AI Systems+3 this month
24
High Risk-1 vs previous
3
Compliance+4pp
76%
LLM Cost-12% savings
€847
Recent activity
PeticionesCumplimiento

54

Integrated modules

11

Regulations covered

90+

Mapped requirements

100%

On-premise

Why act now

Regulation, operational risk and sovereignty are now part of the same conversation.

December 2027

The Digital Omnibus postponed the high-risk obligations (Annex III) from August 2026 to December 2, 2027, and product-safety AI to August 2028. More room to do it right, not to wait: identifying and registering high-risk systems remains an obligation, and a human reviewer does not automatically take a system out of Annex III scope.

Up to 35M EUR

Fines for non-compliance with the EU AI Act, or 7% of annual global turnover. For the public sector, sanctions include asset liability and disciplinary proceedings.

11 regulations

EU AI Act, GDPR, ENS, NIS2, ISO 42001, ISO 27001, LOPDGDD, NIST AI RMF, AI Liability Directive, DORA and the Spanish Organic Law on AI governance (2026). Kairos covers them all with 90+ mapped requirements.

Built for organisations that cannot afford to fail

Kairos deploys where your data lives. No external clouds, no sovereignty risks, no third-party dependencies for your most sensitive information.

Public Administration

City councils, ministries, regulatory bodies and European agencies

Banking & Insurance

Credit scoring, fraud detection, risk models and AI-powered customer service

Healthcare

Assisted diagnosis, triage, clinical records management and predictive models

Energy & Infrastructure

Predictive maintenance, grid optimisation and demand models

Large Enterprises

Any organisation with more than 10 AI systems in production

Consulting & Audit Firms

Firms advising their clients on AI regulatory compliance

Pharmaceuticals & Life Sciences

Model validation under GxP, pharmacovigilance, drug discovery and clinical trials, with traceability for EMA, FDA and GAMP 5

Six pillars of governance

From registry to explainability. Each pillar covers a critical dimension of AI governance required by the EU AI Act.

Ver módulos
Governance Copilot

Operate the entire platform by talking, with human control

An integrated AI copilot (Cmd+K) that understands Kairos: queries status, recommends what is missing and executes actions by natural language. Every write goes through a human confirmation gate, and the copilot itself is governed by the platform (inventoried, with guardrails and audited).

  • Query, recommendation and execution by natural language in 5 languages
  • Human confirmation on every action that modifies data
  • Operates end to end: inventory, risks, use cases, approvals, lifecycle and controls
  • Answers regulatory queries (EU AI Act, GDPR, ISO 42001) grounded in the regulatory knowledge base
  • The copilot governs itself: registered in the inventory, with guardrails and traced in the audit trail
  • Swappable AI engine, on-premise or sovereign
99
Actions
5
Languages
100%
Human gate
54
Modules
Copiloto KairosCmd+K
¿Qué le falta al caso de uso "Scoring Crediticio" para cumplir?
Revisó la completitud de gobernanza
Le faltan 2 cosas: la FRIA y el nivel de riesgo. ¿Abro la FRIA y propongo riesgo ALTO?
Confirmar acción
Crear FRIA para "Scoring Crediticio"
Aprobar
Rechazar

Experience

Governance that guides you

Not an endless form: a copilot. The platform tells you what is missing, takes you to fix it and shows you how everything connects.

Living governance map

The whole network of use cases, systems, risks and assessments in one interactive graph. What needs attention is visible from afar.

5-dimension health signal

Every entity shows its completeness: definition, risk, compliance, validation and approval. One glance, zero doubts.

AI-guided onboarding

Describe your use case and the AI suggests classification, risks and obligations. The path adapts to the EU AI Act risk level.

Traceable approvals

Visual workflows per risk level: who approved each step, on what date, and what is pending. Audit-ready.

Copilot that acts for you

Ask it in natural language (Cmd+K) to query, recommend or execute. Every change goes through your confirmation, and the copilot itself is governed by the platform.

54 modules. One platform.

Every module is functional, interactive and connected to the rest of the platform.

How Kairos is used in practice

10 real-world scenarios with professional profiles from the public sector and large organisations. From onboarding to AESIA inspection.

Multi-regulation from day one

Complete requirement mapping, impact assessments, EU AI Act conformity assessment and Art. 73 notifications with pre-configured authority directory.

EU AI Act

EU Regulation

2024

Core

GDPR / RGPD

EU Regulation

2016

Core

ENS

Royal Decree

2022

NIS2

EU Directive

2022

ISO 42001

Standard

2023

Core

ISO 27001

Standard

2022

NIST AI RMF

Framework

2023

DORA

EU Regulation

2022

Core

LOPDGDD

Organic Law

2018

AI Liability

EU Directive

2022

Ley Gobernanza IA (ES)

Spanish Organic Law

2026

Core

Art. 73 — Incident notification

Automatic draft with legal deadlines and authority directory: AESIA, AEPD, CNMC, CCN-CERT, INCIBE and the European AI Office.

Kairos vs. other solutions

The best-known AI governance platforms are SaaS, cloud-only and with entry costs exceeding 50,000 EUR/year. Kairos offers a real alternative.

Real on-premise deployment

Your data never leaves your infrastructure. No third-party dependencies for storage.

Included

Cloud only (SaaS)

Integrated LLM Gateway

OpenAI-compatible proxy with PII detection, rate limiting, budgets and automatic fallback.

Included

Not included

Entry cost

Accessible licence for public administrations and mid-sized companies, with no per-user cost.

Included

From 50,000 EUR/year

LLM-as-Judge evaluations

Automated tests for bias, hallucinations, PII and prompt injection using AI as a judge.

Included

Not available

Pre-configured Art. 73

Directory of Spanish and European authorities, automatic drafts and deadline tracking.

Included

Manual setup

Automated Policy-as-Code

Six types of executable policy running every 5 minutes. Evaluates thresholds, drift, conformity and approvals.

Included

Partial

AI BoM + Supply Chain Risk

Bill of Materials with 9 component types and supplier risk assessment across 5 dimensions with sovereignty alerts.

Included

Partial

European company, EU jurisdiction

Kairos is a European company. Its competitors (Credo AI, Holistic AI, IBM) are US companies subject to the CLOUD Act and FISA.

Included

US company (CLOUD Act)

European digital sovereignty
for real

A data centre in Europe is not sovereignty if the company operating it is American. Kairos is a European company, with European jurisdiction, with no legal backdoors.

The problem Europe ignores

And it affects every public administration and large enterprise

CLOUD Act (2018)

Requires any US company to hand over data stored anywhere in the world if requested by a US court or agency — even if the data is on a server in Frankfurt or Madrid.

FISA Section 702

Allows the NSA to access data of non-US citizens without a warrant. Applies to Microsoft, Google, Amazon, Oracle and any cloud provider subject to US jurisdiction.

Schrems II (CJEU, 2020)

The Court of Justice of the EU invalidated the Privacy Shield. It ruled that data transfers to the US do not offer guarantees equivalent to the GDPR. The issue remains unresolved.

“Servers in Europe” is not enough

AWS Frankfurt, Azure Madrid or Google Belgium are still US companies. They are legally required to comply with the CLOUD Act, regardless of where their servers are physically located.

The Kairos answer

European company. European jurisdiction. No exceptions.

European company

Kairos is a company incorporated in the European Union, subject exclusively to European law. No foreign government can demand that we hand over your data.

Sovereign infrastructure

Deployed in your own data centre or on European infrastructure. No dependence on US hyperscalers. Your data never leaves EU jurisdiction.

Native compliance

Designed from day one for the EU AI Act, GDPR, ENS and NIS2. Not a later adaptation of an American product for the European market.

US cloud vs. Kairos

Applicable jurisdiction
×
US law (CLOUD Act, FISA, PATRIOT Act)
EU law exclusively
Government data access
×
US can demand data without notifying the owner
Only with European court order and notification
International transfer
×
Data may be transferred to the US by legal request
Data never leaves your infrastructure
Real GDPR compliance
×
Incompatible per CJEU (Schrems II)
Native — designed for GDPR from the start
Code audit
×
Closed and proprietary code
Full access to code deployed on your infrastructure
Technological independence
×
Vendor lock-in with foreign hyperscaler
No external dependencies, portable, sovereign

Digital sovereignty is not a luxury, it is a strategic necessity. Europe cannot govern its artificial intelligence with tools that are subject to a foreign country's jurisdiction.

— Kairos founding principle

Built for the public sector and large enterprises

On-premise, multi-tenant and secure. Compatible with ENS, GDPR and public procurement regulations.

Fully on-premise

Deployed in your data centre. No external cloud dependencies. Local PostgreSQL. Meets ENS data sovereignty requirements.

Secure multi-tenant

5 roles (Admin, Governance Manager, Model Owner, Auditor, Viewer) with JWT and cross-org superadmin. RLS on all tables.

Full observability

Immutable audit trail protected by PostgreSQL triggers. Real-time PII detection. Alerts and automated cron.

Security by design

Immutable audit trail protected by PostgreSQL triggers
SHA-256 hash for all Gateway API keys
Real-time PII detection: email, national ID, IBAN, credit cards
Jailbreak and harmful content detection in prompts
RBAC with 5 roles and organisation isolation via JWT
Webhooks signed with HMAC-SHA256 and automatic retries
Full data sovereignty — 100% on-premise deployment

Don't wait for the inspection
to start governing your AI

Request a personalised demo and discover how Kairos can prepare your organisation for the EU AI Act in weeks, not months.

Request personalised demoI already have an account

About us

Kairos is a project by David Luquin. Learn more about the author at cv.luquin.com.