What is AI governance?

AI governance is the set of policies, processes, and accountability structures that ensure AI systems are used responsibly, transparently, and in compliance with applicable regulations such as the EU AI Act and ISO 42001. It covers AI surface mapping, decision accountability, risk classification, and audit readiness.

What does the EU AI Act require from enterprises?

The EU AI Act requires enterprises to classify AI systems by risk level, maintain an AI inventory, implement human oversight for high-risk AI, conduct conformity assessments, and keep technical documentation and audit trails. Complaix provides the infrastructure to meet these requirements operationally.

How does Complaix help with AI compliance?

Complaix provides an AI governance operating system that maps every AI tool in use across your organisation, assigns human accountability to every AI-influenced decision, scores your AI exposure risk, and generates board-ready governance reports aligned to the EU AI Act, ISO 42001, FCA guidance, and UK GDPR.

What is an AI Exposure Score?

An AI Exposure Score is a 0–100 metric that quantifies an organisation’s risk exposure from its current AI usage. It is calculated across five governance dimensions: AI surface visibility, decision accountability, operational governance, regulatory alignment, and accountability maturity. Complaix calculates and tracks this score continuously.

What is the difference between AI governance advisory and a SaaS platform?

AI governance advisory builds your governance infrastructure from scratch — mapping AI usage, assigning accountability, and delivering a board-ready report. The Complaix Platform then keeps that infrastructure operational with live dashboards, continuous decision logging, and regulatory update briefings. The Foundation Engagement bundles both.

Is Complaix aligned to ISO 42001?

Yes. The Complaix System is designed to align with ISO 42001 (AI Management Systems), the EU AI Act, FCA AI guidance, and UK GDPR. Every governance artefact produced by Complaix is mapped to the relevant regulatory requirements.

81dEU AI Act high-risk obligations apply from 2 August 2026. 81 days to demonstrate compliance.EU AI Act deadline: 2 Aug 2026Learn more →

Operational AI Governance

Operational AI Governance for Enterprise.

Complaix is the operational governance infrastructure for enterprise AI. Map every AI system, assign accountability to every decision, and demonstrate audit readiness to regulators - aligned to ISO 42001 and the EU AI Act.

Take the Free Assessment See How It Works

Complaix™ Frameworks

Regulatory Regimes

81d

Until EU AI Act Deadline

The Complaix™ System

AI Surface Mapping

See everything. Know where AI lives.

AI Surface Registry

Decision Accountability

Every AI decision has a human owner.

Accountability Matrix

Operational AI Governance

Structure how AI operates in workflows.

Governance Playbook

AI Exposure Scoring

Quantify your AI risk profile.

Exposure Score /100

Accountability Maturity

Know where you stand. Know where to go.

Maturity Level 1-5

The Complaix™ System

5 Frameworks · Sequential

AI Surface Mapping

See everything. Know where AI lives.

AI Surface Registry

Decision Accountability

Every AI decision has a human owner.

Accountability Matrix

Operational AI Governance

Structure how AI operates in workflows.

Governance Playbook

AI Exposure Scoring

Quantify your AI risk profile.

Exposure Score /100

Accountability Maturity

Know where you stand. Know where to go.

Maturity Level 1-5

Full Accountability Maturity

From zero visibility to audit-ready governance

90%

of enterprises have no documented AI inventory

Source: IBM Institute for Business Value, 2024

18%

have assigned human accountability to AI decisions

Source: Gartner AI Governance Survey, 2024

63%

of boards lack visibility into their AI risk exposure

Source: Deloitte AI Governance Report, 2024

Regulatory frameworks Complaix works across

In Force· Actively enforced

Active· Guidance in effect

Published· Standard available

Enacted· Law passed, enforcement pending

The Problem

AI adoption outpaced governance by years.

The tools are in place. The accountability is not. Every organisation using AI in its operations is carrying governance debt and the regulatory clock is running.

No Visibility

Organisations cannot see where AI is deployed across their operations. Shadow AI tools process sensitive data with no oversight.

Result: ungoverned data processing and undetected regulatory exposure.

No Accountability

AI-influenced decisions lack clear human ownership. When outcomes are challenged, no one can demonstrate who was responsible.

Result: legal and regulatory liability with no defensible audit trail.

No Governance

AI usage is unstructured and undocumented. Audit trails are impossible. Regulatory compliance cannot be demonstrated.

Result: non-compliance with EU AI Act, FCA, and ISO 42001 obligations.

No Risk Measurement

Exposure to AI-related risk is unmeasured. Organisations cannot prioritise, mitigate, or report on what they cannot quantify.

Result: boards and regulators cannot be given a credible risk position.

Grounded in Regulation

Built on the frameworks regulators already require

Every element of the Complaix methodology maps directly to published regulatory requirements and international standards. This is not a proprietary framework invented in isolation: it is the operational layer that turns regulatory text into auditable practice.

European Union · In Force

EU AI Act

Arts. 9, 13, 14, 17, 26, 29

High-risk AI systems must have documented risk management, human oversight, transparency, and post-market monitoring. Providers and deployers must maintain technical documentation and audit logs.

AI Surface Registry, Exposure Scoring, and Governance Playbook directly satisfy these articles.

United Kingdom · Active

UK FCA Guidance

PS22/3, DP5/22, SS1/23

Firms must be able to explain AI-influenced decisions, demonstrate human accountability, and show that model governance is embedded in their risk frameworks.

Decision Accountability framework creates the human ownership chain the FCA requires for every AI-influenced outcome.

Global Standard · Published

ISO 42001:2023

Clauses 4, 6, 8, 9, 10

Organisations must establish an AI management system with defined scope, risk assessment, operational controls, performance evaluation, and continual improvement.

Accountability Maturity framework maps directly to ISO 42001 clauses, producing a certification-ready management system.

Global Standard · Published

ISO 27001:2022

Annex A Controls 5-8

Information security management must cover AI-processed data, access controls, supplier relationships, and incident response for AI systems handling personal or sensitive data.

Operational AI Governance framework documents data flows, access controls, and incident protocols for every AI tool in the registry.

The Complaix methodology is reviewed against regulatory updates as they are published. When the FCA issues new AI guidance or the EU AI Act implementing acts are adopted, the platform reflects those changes.

View all regulatory frameworks

Who We Serve

AI governance is a horizontal problem.

The accountability gap does not belong to one industry. It exists wherever AI is embedded in decisions that carry regulatory, reputational, or operational weight. Complaix works across sectors because the governance problem is the same regardless of what the AI is doing.

Financial Services

EU AI Act · FCA · OCC / CFPB

Credit scoring, fraud detection, customer service automation, and investment advice tools are all subject to explainability and accountability requirements under the EU AI Act and FCA guidance. Financial services firms using AI in any decision that affects a customer's financial position need a documented accountability chain and an auditable governance record, which is what Complaix builds.

HR & People Operations

EU AI Act Annex III · NYC Local Law 144 · Colorado SB 205

Hiring tools, performance management systems, and workforce planning AI are explicitly classified as high-risk under EU AI Act Annex III. NYC Local Law 144 already requires bias audits for automated employment decision tools. Organisations using AI in hiring or performance decisions need documented governance, bias testing, and human oversight protocols that stand up to regulatory scrutiny.

Legal Services

EU AI Act · SRA Guidance · ISO 42001

Contract analysis, due diligence, and legal research AI tools are being adopted rapidly across law firms and in-house legal teams. The professional accountability obligations that apply to legal advice do not disappear when AI generates the first draft. Firms need governance frameworks that document AI usage, assign human responsibility for outputs, and maintain audit trails for client work.

Operations & Enterprise

EU AI Act · ISO 42001 · Sector-specific guidance

Supply chain optimisation, logistics routing, process automation, and customer service AI are embedded in the operational core of most large organisations. When these systems fail or produce biased outputs, the consequences are operational and reputational. Organisations operating AI at scale need governance infrastructure that maps every AI system, assigns accountability, and produces board-ready reporting, not optional at this level of dependency.

Not sure which applies to you? The Assessment works the same way across industries, start there.

Take the Free Assessment

Why Now

The governance window is closing.

Three converging forces are making operational AI governance urgent - not optional - for every enterprise using AI in its operations.

Regulatory enforcement begins August 2026

The EU AI Act's full obligations for high-risk AI systems apply from August 2026. Organisations without documented governance, accountability chains, and audit trails face fines of up to €35M or 7% of global turnover.

EU AI Act

Boards are asking questions AI teams cannot answer

Regulators, auditors, and boards are now asking: where is AI deployed, who is accountable, and what happens when it goes wrong? Most organisations cannot answer these questions. That gap is now a governance and reputational risk.

Board Accountability

Shadow AI is already inside your operations

The average enterprise uses 14+ AI tools across departments, most adopted without central oversight. Every ungoverned AI tool is an unmanaged risk - regulatory, operational, and reputational. The inventory has to come first.

Shadow AI

Take the Free Assessment

The Regulatory Wave

The EU AI Act is in force. August 2026 is the compliance deadline.

Full obligations for high-risk AI systems apply from August 2026. Organisations that cannot demonstrate accountability, documentation, and human oversight face fines of up to €35M or 7% of global turnover.

EU AI Act Guide

AI Act

Aug 2026

In Force

FCA Guidance

Ongoing

Active

OCC / CFPB

Ongoing

Active

Global

ISO 42001

Voluntary

Published

Live Intelligence

AI Governance & Regulatory Intelligence

Real-time updates on EU AI Act, FCA guidance, and ISO 42001 compliance.

How to Get Started

Three ways to work with Complaix

From a structured 90-day engagement to a full enterprise platform. Every path starts with a free assessment.

Why organisations choose Complaix over traditional alternatives

Generic GRC platforms, Big 4 advisory engagements, and point-solution compliance tools all leave the same gap: they document risk but do not govern it operationally. Complaix is built differently.

Operational, not just documentary

Most tools produce compliance documents. Complaix embeds governance into how AI is actually used - assigning human accountability to every AI-influenced decision, not just recording that AI was used.

Generic GRC tools generate reports. Complaix creates accountability chains.

Built for the deployer, not the developer

Enterprise AI governance platforms are designed for AI developers building models. Complaix is designed for the organisations deploying AI tools they did not build - which is 95% of the market.

Developer-focused platforms miss the deployer obligation entirely.

Advisory and platform, not one or the other

Advisory firms deliver a report and leave. SaaS tools require you to self-govern. Complaix combines structured advisory methodology with an operational platform - so governance is built correctly and maintained continuously.

No competitor combines advisory delivery with a client-facing OS platform.

See the full competitor comparison

Framework Resource

Download the Complaix™ Methodology Brief

A structured overview of the five-framework methodology - how each framework operates, what it produces, and how it maps to the regulatory requirements already in force. 10 pages. Suitable for board-level review.

Download the Framework PDF Explore the full methodology

Complaix™ Methodology Brief

PDF · 10 pages · Board-ready

Five-framework governance methodology

Regulatory alignment: EU AI Act, FCA, ISO 42001

Governance lifecycle from discovery to audit readiness

Accountability Maturity Model (Level 1–5)

Suitable for board and executive review

REQUEST A DEMO

See Complaix OS in action

Book a personalised walkthrough with a Complaix advisor. We will show you how to map your AI surface, assign accountability, and demonstrate compliance — in under 30 minutes.

01Live demo of the AI Governance OS dashboard
02Tailored to your industry and regulatory exposure
03No obligation — just clarity on your AI risk posture

Get Started

Build your AI governance infrastructure in 90 days.

Start with the free AI Accountability Assessment. Get your AI Exposure Score, see your governance gaps, and understand exactly what operational AI governance infrastructure your organisation needs before regulators find the gaps first.

Take the Free Assessment Book a Discovery Call

Not ready to start? Read the methodology first.

Download the Complaix™ Methodology Brief (PDF)

No commitment. Results delivered immediately.