Removes the headache for a CISO, DPO & CPIO

The AI register your auditor will accept — before 2 August 2026.

NordClaw automatically inventories every AI tool your employees use, classifies the risk, and produces the Art. 12 evidence regulators will ask for. Deploys in a day. No PII data leaves the EU.

EU-hosted · Frankfurt Deploys in < 1 day Zero workflow change
EU AI Act enforceable in
--
days
--
hours
--
min
--
sec

Combined exposure: up to €35M or 7% of global turnover under the AI Act and GDPR — applied in parallel, on the same incident.

The buyer's pain

Three EU AI Act questions every CISO must answer.

Most cannot answer one. By August 2026, regulators expect all three — in writing, with an audit trail.

>50% of EU organisations have no AI inventory. 40% of detected AI systems can't be cleanly classified.

  1. 01

    What AI is being used?

    ChatGPT, Claude, Copilot, embedded vendor AI, shadow API calls — the full inventory, not the part you know about.

  2. 02

    By whom?

    Which employee, in which department — tied to a real identity, not an anonymous API key.

  3. 03

    With what data?

    Which prompts contained personal, customer, financial or health data — and where it ended up.

nordclaw.eu / dashboard
AI usage register
Live inventory · last 24h
142
interactions logged
ToolTeamUserData classRisk
ChatGPTLegala.lindqvistContract draftHigh
ClaudeFinancej.bergQ3 forecastHigh
CopilotEngineeringm.haugenSource codeMed
GeminiHRs.virtanenCV screeningHigh
PerplexityMarketingk.olsenPublic researchLow
Audit trail · signed · EU-Central-1Export Art. 12 record →
The product · v1

One screen. Every AI interaction. Signed evidence.

  • Answer the three questions
    Who is using which LLM, with what data — auto-discovered from proxy traffic, not from a form anyone filled in.
  • Art. 26(6) log in one click
    Immutable Postgres on EU soil. Export the audit trail as signed PDF, CSV or JSON your regulator will accept.
  • No code change
    Zero code changes — transparent OpenAI-compatible proxy. Your IT team reroutes traffic in minutes, every tool keeps working.
Integration
Zero code changes
Data residency
Frankfurt
SSO
Entra ID, Google
Export formats
PDF, CSV, JSON
Why NordClaw

Five reasons every other approach falls short.

The EU AI Act and GDPR create obligations most AI tooling can't meet. These are the structural gaps — and how NordClaw closes them.

  1. 01

    Preventive, not reactive

    GDPR Article 17 — the right to erasure — is technically unenforceable once personal data enters an LLM. The EDPB confirmed this in its 2025 guidance. NordClaw keeps personal data out of the model entirely, so erasure becomes a database DELETE.

    EDPB 2025 guidance · data subject rights in AI
  2. 02

    Your employees are already leaking data

    49% of enterprise workers admit to using unapproved AI tools — the real number is higher. Every pasted ticket, contract or performance review is a transfer of personal data. NordClaw redacts at the API layer, so you get a barrier towards wrongdoing by colleagues.

    Enterprise shadow-AI usage · 2024–2025
  3. 03

    A DPA won't stop a CLOUD Act subpoena

    The US CLOUD Act compels US providers to hand over data held anywhere — EU servers included. Contractual protections are unenforceable against a federal subpoena. If personal data never reaches US infrastructure, there is nothing to compel.

    18 U.S.C. § 2713 · CLOUD Act, 2018
  4. 04

    Covers shadow AI, not just sanctioned tools

    Browser extensions and endpoint agents only protect the tools you've configured. NordClaw sits at the API layer — every LLM call, from sanctioned suites to a developer script or Make.com flow, passes through the same redaction.

    Architecture · API-layer interception
  5. 05

    All 24 EU languages, EU-native entities

    Most PII tools are English-first and degrade on German, French, Polish or Romanian. The NordClaw PII masking engine is tuned for EU formats: Personalausweis, NIR, BSN, personnummer, Steuer-ID and the rest.

    NordClaw PII masking engine · EU entity recognisers
How it works

No code changes. Your SSO. EU-hosted from minute one.

  1. 01

    Redirect

    Zero code changes — simply reroute your AI traffic through NordClaw. 100% OpenAI-API compatible. Typical added latency under 50 ms.

  2. 02

    Authenticate

    Plug NordClaw into your existing SSO — Microsoft Entra ID or Google Workspace. Every prompt is now tied to a real person, department and role.

  3. 03

    Govern

    PII is redacted in Frankfurt before prompts leave the EU. Every interaction lands in an immutable Postgres log. The CISO opens the dashboard.

Founding pilot · Q3 2026

Ten pilot slots. Then we close the cohort.

Pilots go live before the 2 August 2026 deadline. Founding customers get direct input on v1.1 and v1.2 — and pricing locked at the pilot rate for 24 months.

  • Founder pricing, locked for 24 months
  • Direct line to the product team
  • Input on the v1.1 risk-tier classifier
  • Onboarding before the 2 Aug 2026 deadline
Claim a slot

Pricing finalised with pilot customers. No public price list yet — by design.

What ships, and when

v1 is deliberately small. The deadline is not.

  1. v1 · Q4 2026
    Automated AI register
    Discovery, classification, per-user Art. 12 evidence.
  2. v1.1 · Q1 2027
    Risk-tier classifier
    Every system mapped to the AI Act's four risk tiers.
  3. v1.2 · Q2 2027
    GDPR cross-walk
    AI events joined to Art. 30 records of processing.
  4. later
    Policy enforcement
    Block, redact, or approve at the browser and gateway layer.
The cost of doing nothingApplied in parallel
EU AI Act
Art. 99
€15M
or 3% global turnover
GDPR
Art. 83
€20M
or 4% global turnover
One incident
Both regulations

Combined exposure up to €35M — or 7% of global turnover.

Frequently asked

EU AI Act, Shadow AI & PII redaction — answered.

The questions every CISO, DPO and CPIO asks before a pilot. Short answers here — the full 77-question reference lives on a dedicated page.

See all 77 questions →

Claim your slot

Join the Q3 2026 EU AI Act pilot waiting list.

Drop your work email. We'll reach out personally as soon as we can with the EU AI Act compliance checklist.

  • Checklist in your inbox — all 13 obligations mapped to articles
  • Receive updates on the pilot
  • Secure your route to be AI Act compliant
  • Stored on EU infrastructure. No newsletter, no drip.

Not ready to join the pilot waiting list? Ask Signe a question first →

Pilot enquiry

Sign up and be prepared for the AI Act

Stored on EU infrastructure. We only reach out about a pilot fit — no newsletter, no drip.

Talk to our AI consultant

Signe will explain you the details

Signe knows the AI Act, GDPR, and NordClaw's roadmap inside out. Ask about your stack, your deadline, your risk tier — or whether a pilot makes sense.

No sign-up. The conversation stays in your browser until you refresh.

S
Signe
AI consultant · online
Hej — I'm Signe, NordClaw's in-house AI consultant. Tell me about your stack, your deadline pressure, or whether a Q3 2026 pilot makes sense for you. I'll give you a straight answer.