Master subscription service information
Products, Services, Usage Guides and Policies
C.O.M.P.A.S.S. provides organisation-level AI compliance tooling for EU AI Act workflows, portfolio governance, evidence management, audit preparation and subscription-based team access. The service is organised around Bronze, Silver and Gold tiers so each organisation can match its compliance maturity, team size and reporting needs.
Subscription tiers
How the tiers connect to the services
Each tier includes the same core assessment foundation, then expands capacity, evidence handling and reporting depth as your organisation moves from exploration to operational control and portfolio oversight.
Bronze
Initial compliance explorationFor small teams validating whether structured AI governance fits their organisation.
- Up to 3 AI systems
- 1 fixed seat
- Role assessment across the AI value chain
- Risk assessment per system or use case
- Obligations mapping and compliance snapshot preview
- Compliance actions are viewable, not editable
Silver
Operational compliance maturityFor organisations actively managing controls and evidence for deployed or planned AI systems.
- Up to 10 AI systems
- 2 included seats, up to 3 seats total
- Create and manage compliance actions
- System-level evidence uploads
- System audit package export as ZIP
- Seat add-on available within the Silver cap at EUR 15.00/mo
Gold
Portfolio governance and oversightFor organisations needing full portfolio visibility, broader teams and audit-ready reporting.
- Unlimited AI systems
- 5 included seats with additional seats available at EUR 20.00/mo
- System and portfolio-level evidence uploads
- System audit package export
- Portfolio audit report as PDF
- Evidence appendices included in reporting
Products and services
What the subscription includes
The application combines assessment workflows, evidence collection, team governance and subscription administration into one control surface. Availability depends on the organisation's active plan.
AI system portfolio management
Register AI systems and use cases, maintain ownership context, classify usage and track portfolio-level risk coverage.
EU AI Act assessment workflows
Run role and risk assessments, document rationale, identify value-chain responsibilities and map outputs to obligations.
Compliance action tracking
Assign controls, monitor status, manage ownership, set deadlines and keep operational work tied to assessment outcomes.
Audit and reporting support
Generate system audit packages, portfolio snapshots and reports for governance reviews and external assurance work.
Team and access management
Manage organisation users, seats, role-based permissions, MFA state, reviewer boundaries and invite lifecycle.
Subscription and billing services
Use plan-based access, billing portal hand-off, seat changes, upgrade, downgrade, cancellation and reactivation controls.
Usage guides and policies
Operating expectations
These guides describe how customers should operate the service. They are intended to support reliable subscription use, clean evidence handling and responsible governance workflows.
Account and organisation use
Users must keep credentials private, enable MFA where required and use organisation workspaces only for authorised business purposes. Administrators should remove access when a user changes role or leaves the organisation.
Data and evidence handling
Uploaded evidence should be relevant to compliance work, lawful to process, accurate, version-aware and free from unnecessary sensitive or personal data. Gold users should reserve portfolio-level evidence for material organisation-wide documents.
Assessment guidance
Assessment outputs support governance decisions but do not replace legal, regulatory or domain-specific professional advice. Users should review answers whenever AI system use cases, providers or deployment contexts change.
Subscription administration
Organisation administrators are responsible for plan selection, billing portal changes, seat allocation and downgrade impact review. Downgrades may reduce capacity, evidence access and reporting availability after the current period.
Security and acceptable use
The service may not be used to probe, disrupt, reverse engineer, overload, scrape or bypass access controls, rate limits or tenant boundaries. Suspected security issues should be reported with enough detail to reproduce safely.
Support readiness
Support requests should include the organisation, active tier, affected workflow, expected outcome, observed behaviour, relevant timestamps and screenshots or export references where appropriate.
Recommended workflow
How to use the service by maturity stage
- Start with inventory. Add known AI systems and use cases, then identify the responsible organisation owner.
- Complete assessments. Run the role and risk assessments before assigning control work so the obligations reflect the real use case.
- Move to controls. Silver and Gold organisations should assign compliance actions, deadlines and evidence responsibilities.
- Prepare audit material. Use Silver exports for system-level reviews and Gold portfolio reports when leadership or external assurance needs a full overview.
- Review subscription fit. Upgrade when AI system count, seat needs, evidence scope or reporting expectations exceed the current tier.