Documentation

ActLoom Documentation

Everything you need to prepare your organisation’s AI Act alignment evidence. From first sign-up to continuous monitoring and structured evidence for review.

Quick Start

Up and running in 10 minutes

Risk Classification

Understand AI Act categories

Generate Reports

Audit-ready PDF documents

Security

How we protect your data

marketing.docsPage.quickLinks.timeline

marketing.docsPage.quickLinks.timelineDesc

Getting Started

Introduction

ActLoom is a self-service SaaS platform designed for SMEs to achieve EU AI Act compliance quickly and affordably. Instead of 6-month consulting engagements costing EUR 50k–200k, ActLoom enables organisations to classify their AI systems, assess compliance gaps, and generate structured evidence for review in as little as 48 hours.

The platform covers the full compliance lifecycle — from initial risk classification through gap analysis, remediation planning, evidence collection, and continuous monitoring.

ActLoom

Dashboard

AI Systems

Compliance

Documents

Incidents

Team

Settings

Welcome back

Dashboard

+ Add System

Overall Score

72%

AI Systems

High-Risk

Open Gaps

Compliance Score Trend

W1W2W3W4W5W6W7W8

Recruitment AI

High-Risk

45%

Support Chatbot

Limited-Risk

82%

Fraud Detection

High-Risk

61%

Content Recommender

Minimal-Risk

100%

Fig 1. The ActLoom platform — dashboard view showing AI system inventory, compliance scores, and pending actions.

Who is ActLoom for?

CTOs & Engineering Leads

Understand which systems are in scope and what technical controls you need.

Compliance Officers

Build structured evidence packages and track remediation progress.

Legal Teams

Access pre-built documentation templates aligned to AI Act articles.

Founders & CEOs

Get board-ready compliance reporting and stay ahead of enforcement.

Product Feature Inventory

This page now reflects the live product surface rather than only the high-level marketing narrative. The inventory below excludes generic authentication mechanics and groups features into core compliance workflows versus secondary operational capabilities.

For each feature, the goal is to make the landing page useful before a reader clicks into a deeper section: you can see what the feature actually does, where it lives in the product, who typically owns it, and what artifact or operational output it produces.

How to read this inventory

Core features are the workflows that materially produce or maintain compliance outcomes. Secondary features help teams operate, share, automate, or govern those workflows at scale.

Workflow layer	Typical question answered on this docs page	Examples in ActLoom
System understanding	What is this AI system and why is it in scope?	System inventory, classification, triage, framework scope
Compliance execution	What do we need to assess, fix, document, or monitor?	Assessments, scoring, remediation, FRIA, dossiers, incidents, post-market
Evidence and reporting	What proof can we export, share, or defend in an audit?	Evidence vault, reports, locked exports, shared reports, Trust Center
Operations and scale	How does this fit a real team and existing tooling?	Roles, integrations, API keys, webhooks, milestones, SSO, multi-company

Core compliance features

17 features

Feature	What it covers	Where in the app	Primary users	Main outputs	Docs	Starter	Business	Pro
AI system inventory	Central AI system inventory with ownership, role, deployment, and legal context.	Dashboard -> AI Systems	Compliance leads, product owners, legal	AI system record, owner mapping, role context	Open section	Included	Included	Included
Assisted risk assessment & triage	Unified initial risk workflow covering classification pathways and guided triage intake.	AI Systems classification flow and Dashboard -> Compliance	Compliance leads, founders, legal, system owners	Risk category, legal reasoning, applicable obligations, assessment scope	Open section	Included	Included	Included
Compliance scoring	Weighted scoring model with score history and progress tracking over time.	Compliance dashboard and charts	Compliance leads, executives	Score, trend history, readiness baseline	Open section	Included	Included	Included
Gap analysis	Gap analysis with priority, effort estimate, and recommended action per requirement.	Compliance assessment results	Compliance leads, ops, legal	Prioritized gaps, effort, next actions	Open section	Included	Included	Included
AI-powered remediation plans	AI-assisted remediation plans with steps, effort estimates, and task follow-up.	Compliance -> Remediation	Compliance operators, engineering, ops	Plan summary, tasks, due dates, owners	Open section	No	Included	Included
Technical documentation	Technical documentation workflows including Annex IV outputs and risk documentation.	Reports and document generation	Compliance leads, legal, quality	Annex IV docs, risk docs, technical files	Open section	No	Included	Included
FRIA workflows	FRIA generation, scenario editing, approval flow, and deployer evidence support.	Dashboard -> FRIA	Deployers, public-sector teams, legal	FRIA draft, scenarios, approvals, evidence	Open section	No	Included	Included
Conformity dossiers	Conformity dossiers, declarations, CE readiness, and EU registration workflow.	Conformity dossier workflows	Providers, legal, quality managers	Dossier, declaration, CE readiness status	Open section	No	Included	Included
Incident management	Incident lifecycle with seriousness, authority notification, and follow-up evidence.	Dashboard -> Incidents	Compliance, operations, incident responders	Incident log, SLA clock, authority reporting data	Open section	Included	Included	Included
Post-market monitoring	Monitoring plans, event logging, review cadence, and escalation into incidents.	Dashboard -> Post-market	Compliance, QA, product operations	Monitoring plan, events timeline, review schedule	Open section	Included	Included	Included
Governance & ISO 42001	AIMS governance workflows plus ISO 42001 overlap mapping to reuse existing control work.	Dashboard -> Governance and compliance overlap analysis	Governance leads, quality, executives	Audits, objectives, NC register, SoA, reviews, overlap view, reused controls	Open section	No	Included	Included
GPAI & foundation model compliance	GPAI and systemic-risk workflows with model profile, red-team runs, and evidence.	GPAI profile and red-team routes	Model providers, AI safety, legal	Model profile, red-team records, systemic-risk evidence	Open section	Included	Included	Included
AI literacy training	Role-aware AI literacy programme with assignments, quizzes, renewals, and certificates.	Dashboard -> AI Literacy Training	HR, compliance, team leads	Assignments, scores, certificates, renewal dates	Open section	Included	Included	Included
Evidence vault & integrity	Evidence vault with uploads, snapshots, integrity checks, and restoration history.	Evidence and document surfaces	Compliance operators, auditors	Evidence files, snapshots, integrity verification	Open section	Included	Included	Included
Report generation hub	Report generation, monthly board packs, scheduling, locking, download, sharing, and export workflows.	Dashboard -> Reports	Compliance leads, executives, customer-facing teams	Reports, board packs, schedules, locks, exports, shared links	Open section	Included	Included	Included
Release gates & exceptions	Release gate policies, dry runs, exceptions, and auditability for AI changes.	Release-gate API and governance workflows	Engineering leads, product, compliance	Gate decisions, dry-runs, exceptions, audit trail	Open section	upcoming	upcoming	upcoming
Compliance frameworks	Multi-framework coverage beyond the EU AI Act, including overlap and reuse paths.	Company settings and compliance engine	Compliance leads, legal, quality	Framework scope, reusable controls, cross-framework coverage	Open section	EU AI Act	All frameworks	All frameworks

Secondary and operational features

12 features

Feature	What it covers	Where in the app	Primary users	Main outputs	Docs	Starter	Business	Pro
Public & private Trust Center	Public and private Trust Center surfaces for external sharing and controlled diligence reviews.	Settings -> Trust Center and private trust routes	Sales, legal, compliance, founders	Public trust page, private diligence page, badge, reusable trust URL	Open section	Included	Included	Included
Trust badge	Embeddable trust badge for your website, procurement flows, or customer-facing security pages.	Settings -> Trust Center	Sales, founders, legal, security teams	Badge embed and reusable external trust signal	Open section	Included	Included	Included
Team roles & permissions	Workspace collaboration with owner, admin, executive, and member permission lanes.	Dashboard -> Members	Owners, admins, executives	Invites, membership state, role allocation	Open section	Included	Included	Included
Integrations	Jira, ServiceNow, Confluence, and SharePoint integrations across compliance workflows.	Settings -> Integrations/API	Admins, ops, compliance engineers	Connected providers, synced tickets, published pages	Open section	Included	Included	Included
Webhooks	Outbound webhook subscriptions for product, compliance, and billing events.	Settings -> API & Webhooks	Admins, platform engineers	Webhook endpoints, delivery history, subscribed events	Open section	Included	Included	Included
REST API + API keys	Scoped API keys and versioned API surface for systems, assessments, reports, audit, and remediation.	Settings -> API & Webhooks	Admins, backend engineers	Scoped machine credentials and API workflows	Open section	Included	Included	Included
Shared links & public reports	Shared links and public report flows for external reviewers and controlled distribution.	Reports and shared pages	Compliance, sales, external reviewers	Shared report URLs and external review access	Open section	Included	Included	Included
Notifications & activity feed	In-app notifications and activity streams for invites, reviews, incidents, and automation outcomes.	Dashboard header and settings activity	All workspace users	Unread notifications, activity feed, follow-up visibility	Open section	Included	Included	Included
Jira sprint to milestone sync	Jira sprint sync into milestones for release planning and readiness tracking.	Jira sync and milestone tracking	Engineering managers, product, compliance	Milestones linked to sprints and system readiness	Open section	Included	Included	Included
Enterprise SSO	Per-workspace enterprise SSO configuration for OIDC-based sign-in.	Settings -> SSO	Owners, admins, IT	SSO config, managed identity entry point	Open section	No	No	Included
Multi-company management	Multi-workspace operations for teams managing more than one company context.	Workspace switching and dashboard context	Advisors, groups, multi-entity operators	Company switching, isolated workspaces	Open section	No	No	Included
Priority support	Priority support lane for larger or more procurement-heavy rollouts.	Customer operations and enterprise support	Procurement-heavy or enterprise accounts	Faster support path and coordination	Open section	No	No	Included

What the core layer produces

System records, legal classification, assessments, scores, remediation plans, FRIA outputs, conformity dossiers, incidents, monitoring plans, governance records, and evidence-backed reports.

What the secondary layer enables

Team coordination, external sharing, enterprise access control, machine workflows, downstream integrations, and reuse of compliance outputs in procurement or audit contexts.

Fast reading path

Start with AI Systems and Compliance Assessment, then move to Documents, Incidents, Post-Market, Governance, and finally Integrations/API or Trust Center depending on your rollout model.

Start By Persona

Most teams do not read product documentation linearly. The fastest path is usually to start from the role you play in the company, then jump to the workflows that matter to that role.

Founder / CEO

Start with

Dashboard, Documents, Trust Center, AI Act Reference

Understand current posture, risks, deadlines, and external proof assets.

Compliance Lead

Start with

AI Systems, Compliance, Governance, Documents, Incidents

Own the system inventory, score, remediation backlog, and audit-ready evidence.

Legal / Privacy

Start with

AI Systems, Compliance, Conformity, AI Act Reference, GPAI

Validate role mapping, obligations, notices, and conformity pathways.

Engineering / ML

Start with

AI Systems, Post-Market, Incidents, Integrations/API, Security

Keep technical facts current, connect tooling, and maintain operational control after launch.

Start By Use Case

If you are not role-driven, start from the concrete problem you are trying to solve. The same workspace can support onboarding, remediation, audit response, procurement diligence, and live monitoring, but the best entry point changes with the objective.

Situation	Best first section	Then go to
We just launched or added a new AI feature	AI Systems	Compliance Assessment -> Documents -> Post-Market
We need to prepare for an audit or customer diligence review	Documents	Trust Center -> Security -> AI Act Reference
We know we have gaps and need a plan	Compliance Assessment	Governance -> Documents -> Dashboard
We need to handle a failure or reportable event	Incident Management	Post-Market -> Documents -> Governance
We want to operationalize long-term governance	Governance	AI Literacy -> Team -> Integrations/API
We want to automate or connect our stack	Integrations/API	Security -> Reports -> AI Systems

Artifact Map

Many readers care less about the internal workflow than about the artifact they need to produce. This map links common outputs to the product modules that generate or maintain them.

Artifact or output	Primary source in ActLoom	Supporting modules
AI system record and classification rationale	AI Systems	AI Act Reference, Compliance
Compliance score, gap list, remediation backlog	Compliance Assessment	Governance, Dashboard
Technical documentation, FRIA, and assessment exports	Documents	Conformity, AI Systems, Compliance
Conformity dossier and declaration readiness	Conformity	Documents, AI Systems, Governance
Incident record and authority packet	Incident Management	Post-Market, Documents, Integrations/API
Monitoring plan and event timeline	Post-Market	Incident Management, Documents
AIMS evidence, SoA, reviews, audit trail	Governance	Documents, Team
Public trust page or controlled trust share	Trust Center	Documents, AI Systems, Dashboard

API Surface By Domain

The product exposes several operational surfaces. Human admin flows generally live under settings and dashboard session routes, while machine-to-machine automation uses the versioned API and integration-specific endpoints.

Domain	Typical endpoints	What they support
AI systems	/api/ai-systems, /api/ai-systems/classify, /api/v1/ai-systems	Inventory, classification, batch onboarding, import/export
Assessments and remediation	/api/compliance/assessments, /api/compliance/remediation, /api/v1/assessments, /api/v1/remediation/*	Requirement updates, scoring, gap closure, remediation workflows
Reports and evidence	/api/reports/, /api/evidence/, /api/v1/reports/, /api/v1//export	Generate, schedule, lock, share, download, export, and manage evidence
Incidents and monitoring	/api/incidents/, /api/post-market/, /api/v1/incidents/*	Incident lifecycle, event logging, escalations, authority-ready records
Governance and AIMS	/api/compliance/aims/*	SoA, documents, audits, reviews, non-conformities, objectives, parties
Settings and integrations	/api/settings/, /api/integrations/, /api/sso/*	API keys, webhooks, provider connections, SSO configuration, activity history

Practical reading order for technical teams

If you are integrating ActLoom into another system, start with Integrations/API, then Security, then the feature section for the domain you are automating such as AI Systems, Assessments, Reports, Incidents, or Governance.

Quick Start Guide

Follow these four steps to go from zero to your first compliance assessment in under 30 minutes.

End-to-end onboarding flow

1. Sign Up

Create your account via email or Google OAuth.

2. Set Up Company

Provide company profile, industry, size & EU exposure.

3. Add AI System

4. Get Results

Receive risk classification, compliance score & gap analysis.

14-day free trial

Start with a 14-day free trial — no credit card required. Complete a full AI system classification and basic assessment. Upgrade when you need more systems, reports, and team collaboration.

Create Your Account

ActLoom supports two authentication methods:

Email & Password — Create a traditional account with a secure password. Passwords must be at least 8 characters.
Google OAuth — Single-click sign-in with your Google Workspace or personal Google account. No separate password needed.

ActLoom

Create your account

Start your AI Act compliance journey

Full name

Thomas Durand

thomas@company.eu

Password

••••••••••

Create account

Already have an account? Log in

Fig 2. Account creation — choose between email/password or Google OAuth.

One account per email

Each email address can only be associated with one ActLoom account. If you previously signed up with Google, use the same method to log in.

Company Onboarding

After sign-up, you are guided through a quick company onboarding form. This information is used to tailor your compliance experience and determine applicable obligations.

Field	Description	Required
Company Name	Your legal or trading entity name	Yes
Industry	Primary business sector (SaaS, FinTech, HR Tech, E-commerce, etc.)	Yes
Company Size	Number of employees (1–50, 51–200, 201–500, 501–1000, 1000+)	Yes
Location	Country where the company is established	Yes
EU Customers	Whether you serve customers in the European Union	Yes
Company Logo	Upload your company logo for branded reports	No

Step 1 of 1

Set up your company

This helps us tailor your compliance experience.

Company name

TechCorp Solutions

Industry

SaaS / Software

Company size

51–200 employees

Location

France

Do you have EU customers?

Yes

Don't know

Upload company logo

Optional · PNG, SVG up to 2MB

Continue →

Fig 3. One-page company onboarding — dropdown selections minimise manual input.

Extraterritorial scope

Even if your company is based outside the EU, the AI Act applies if your AI systems are used in the EU or their outputs affect EU persons. Marking "EU Customers: Yes" ensures the correct obligation scope.

Ready to get started?

Join hundreds of companies using ActLoom to simplify AI Act compliance. Start your free assessment today — no credit card required.

Start Free Assessment View Pricing

Questions? Contact us at support@actloom.com

Workflow layer

Typical question answered on this docs page

Examples in ActLoom

System understanding

What is this AI system and why is it in scope?

System inventory, classification, triage, framework scope

Compliance execution

What do we need to assess, fix, document, or monitor?

Assessments, scoring, remediation, FRIA, dossiers, incidents, post-market

Evidence and reporting

What proof can we export, share, or defend in an audit?

Evidence vault, reports, locked exports, shared reports, Trust Center

Operations and scale

How does this fit a real team and existing tooling?

Roles, integrations, API keys, webhooks, milestones, SSO, multi-company

Feature

What it covers

Where in the app

Primary users

Main outputs

Docs

Starter

Business

Pro

AI system inventory

Central AI system inventory with ownership, role, deployment, and legal context.

Dashboard -> AI Systems

Compliance leads, product owners, legal

AI system record, owner mapping, role context