CarveTrace

EU AI Act · Article 12 + 14 evidence

Evidence your auditor can re-verify — without trusting us.

CarveTrace is the only EU AI Act evidence layer whose verdict survives the vendor. Every AI decision and the human oversight that reviewed it are bound at write-time as a single signed atom. Your auditor opens verify.carvetrace.com, drops your bundle, and gets VERIFIED in seconds — open-source verifier, no account, no CarveTrace involvement.

Open the verifier (free, no signup) See the demo Talk to us
CarveTrace AI Evidence Coverage Report — PARTIAL verdict, executive layer, decisions reviewed with verbatim reviewer rationale
The audit report a regulator opens — walk the dossier ↗

Two deadlines moving 2026 AI compliance budget

Aug 2, 2026

EU AI Act high-risk bind

Article 12 (record-keeping) and Article 14 (human oversight) enforceable. Fines up to €35M / 7% global turnover.

Dec 9, 2026

PLD applies to AI

Product Liability Directive 2024/2853 extends strict liability + defect presumption to AI. The burden of disclosure shifts to the producer.

The problem

Most evidence dies with the vendor

Every AI governance platform — CredoAI, OneTrust, IBM watsonx.governance, Holistic AI — stores your evidence in their database and shows it to your auditor via their dashboard. If they go bankrupt, get subpoenaed, or suffer a tenant breach, your AI Act compliance defense goes with them.

The wedge

Cryptographic binding, your custody

CarveTrace is the only EU AI Act tool whose verifier runs in the auditor's browser, Apache 2.0, no account, no API key. The Article 12 record and the Article 14 oversight event are bound by cryptographic hash at write-time — a single signed atom. Read the comparison ↗

The control

Self-hosted, EU-domiciled, your keys

CarveTrace runs on your infrastructure across every tier. We never see your data. Aryamind SARL is a French company — native EU residency, signed DPA + SCCs Module 2 + EU sub-processors. Your producer signing keys stay with you. The cryptography is the trust, not us.

Priced by the unit the regulation regulates

Per high-risk AI system × decision volume. Self-hosted across every tier. EUR, excluding VAT.

The public verifier stays free, forever — try it now ↗

Starter

€15K/year

  • 1 high-risk AI system
  • ≤500K decisions / year
  • Email support
Most fit for AI Act program leads

Growth

€45K/year

  • Up to 5 high-risk AI systems
  • ≤5M decisions / year
  • SSO + DPA + EU residency
  • Schema-authoring help for Article 12 mapping

Enterprise

From €90K

  • Unlimited systems
  • ISO 42001 attestation pack
  • Dedicated CSM + DORA fit
See pricing detail Read the 10-slide pitch

Everything procurement asks for, pre-published

Trust center →

Security, status, privacy, terms, DPA, license matrix, vendor questionnaires.

DPA pre-signed →

SCCs Module 2 incorporated. 48-hour breach notice. Sub-processor list.

30+ docs →

Architecture, AI Act mapping, threat model, deployment guides — versioned with the code.

Long reads →

Article 12 line-by-line. Article 14 evidence gaps. PLD burden-shift in 2026.