Log in
Sign up

AI GOVERNANCE PLATFORM

AI Governance, made operational across compliance, legal and AI teams.

Map your AI systems to regulatory obligations. Track controls, collect evidence, prove compliance. In one platform. Every control quotes the law. Every piece of evidence is one click from the regulation that demands it.

Start free 14-day trial
Talk to us

EU-hosted · GDPR-compliant

AI Inventory in AI Sigil listing all registered AI systems with risk tier, framework coverage, owner, and status metadata.

Trusted by AI governance teams at:

You ship AI faster than you can govern it.

Your AI ships in days. Your governance ships in quarters. Three things break first:

  • You don't know what you have. No inventory, no classification, no single answer to "what AI do we run?"
  • You don't know what applies. The EU AI Act has 113 articles. Which ones bind which system?
  • You can't prove what you've done. Policies, evidence, and decisions scattered across tools never built for audit.

Know what applies. Prove you comply.​

From AI inventory to audit trail, on one platform. Here is how it works:

AI Sigil inventory flow: add AI systems, classify them, map their models, datasets, actions, interfaces, and use cases.
01
Register

Add your AI systems. Classify them. Map their components: models, datasets, actions, interfaces, use cases.

Learn more
AI Sigil framework activation flow: enable a framework and its controls and obligations populate by risk tier and role
02
Activate

Turn on the frameworks that apply. Controls and obligations populate automatically, scoped to each system’s risk level and your role.

Learn more
AI Sigil control completion flow: answer evaluations, attach evidence, track progress while the audit trail builds itself.
03
Assess

Work through each control. Answer evaluations, attach evidence, track completion. The audit trail builds itself.

Learn more

Supported frameworks and regulations

AI regulations, ported into software.

Framework 1
EU AI Act
  • 113 articles mapped, 62 controls derived directly from the text
  • Provider and deployer roles distinguished
  • Content adapts to risk classification: minimal, limited, high-risk, GPAI, systemic GPAI
  • Legal basis quoted on every control verbatim
  • Obligations computed per AI system based on its profile
Learn more
Framework 2
ISO 42001
  • 10 clauses + 38 Annex A controls mapped, each derived directly from the standard text
  • AI lifecycle roles distinguished (provider, developer, user, customer)
  • Content adapts to your management system scope
  • Standard text quoted on every control
  • Aligned with the EU AI Act control library for shared coverage
Coming Soon
Framework 3
NIST AI RMF
  • 4 functions (Govern, Map, Measure, Manage) and their subcategories mapped from NIST AI 100-1
  • AI actor roles distinguished (deployer, evaluator, third party, end user)
  • Content adapts to your trustworthiness profile and use case context
  • NIST reference quoted on every control
  • Cross-mapped to the EU AI Act and ISO 42001 control libraries for shared coverage
Coming Soon

An approach that evolves with the regulation.

When the EU AI Act gets a delegated act, when ISO 42001 is revised, when a new guideline lands; AI Sigil’s controls, evidence requirements, and evaluation forms are kept current. Your team works the assessment, not the changelog.

Why AI Sigil is different

Three differences that change how compliance, legal and AI development teams work together.

Defensible by construction

AI Sigil puts compliance, legal and AI development teams on one platform:  same regulatory text, same controls, same evidence trail. Every claim ties back to the article that demands it, in two clicks.

The system makes the case for you

Inventory, risk classification, provider/deployer role, control completion, and evidence live in the same workflow. The work you do to govern your AI produces the audit pack as a by-product;  you do not assemble it at the end.

No assessment to design.

For every control, AI Sigil ships the evaluation form already built — questions, evidence requirements, completion logic. Your team answers; the platform tracks completion, files the evidence, and feeds the audit pack underneath.

Customer testimonials

The teams who stopped running AI compliance the hard way.

"Before AI Sigil, I had a 47-tab spreadsheet, three Notion pages, and a shared inbox called ai-compliance-help. Now I have one screen that tells me which of our 23 systems need attention this week, and why. I do not miss the spreadsheet."
David M.

VP Operations

"Every control links back to the article it comes from. I can read the source text in two clicks. The first time I saw that, I knew we could finally have a real conversation with our auditors instead of a translation exercise."
Alice V.

Compliance Director

Less time to compliance. Less money in legal fees. More AI systems covered.

50 days

From signup to audit-ready EU AI Act compliance for your first AI system.

120 K$

Annual spend on outside counsel and consultants that AI Sigil replaces for a typical mid-sized portfolio.

100%

Of your AI systems inventoried, classified, and mapped to obligations.

Start with a 14-day free trial.

No credit card · EU-hosted · Cancel anytime
Start free trial
See our plans

Start today on a secure-by-design platform.

EU-hosted & GDPR-compliant

Row Level Isolation & Encryption

Single Sign-On Available

FAQs

What is AI governance software?

AI governance software is a platform that helps organizations document, evaluate, and prove compliance for the AI systems they build or deploy. It typically combines an AI system inventory, risk classification, control management, and evidence collection in one place. AI Sigil is purpose-built for this: it maps each AI system to the regulations that apply to it (EU AI Act, ISO 42001, NIST AI RMF), then turns the day-to-day work into a defensible audit trail.

AI governance is the broader practice of deciding how your organization will build, deploy, and oversee AI: who owns each system, what risks are acceptable, what is auditable. AI compliance is one dimension of governance, focused on meeting specific legal or contractual obligations like the EU AI Act or ISO 42001. AI Sigil supports both: governance through inventory and risk classification, compliance through control mapping and evidence collection.

Generic GRC tools were built for SOC 2, ISO 27001, and HIPAA, then adapted to AI. AI Sigil is the opposite: built from AI regulations first. Controls are derived directly from the EU AI Act and ISO 42001, scoped per AI system based on risk tier and your role (provider or deployer), with evaluation forms ready out of the box. Your team spends time answering questions, not designing the framework.

Yes, both are first-class frameworks in AI Sigil. The EU AI Act library covers 113 articles and 62 derived controls, with content scoped per risk tier (minimal, limited, high-risk, GPAI, systemic GPAI) and role (provider, deployer). The ISO 42001 library covers the 10 clauses plus 38 Annex A controls and is aligned with the EU AI Act library, so an evaluation made in one inherits the relevant work in the other.

AI Sigil is built for three teams to work in parallel on the same platform. Compliance and risk teams own framework activation and control validation. Legal teams document the regulatory basis for each decision. AI development teams register their systems, classify components, and attach evidence. The shared workflow makes the work each team does available to the others without translation between tools.

From signup to a working compliance program: 14 days for your first AI system, no implementation consultant required. The platform ships with the EU AI Act and ISO 42001 libraries pre-loaded, evaluation forms pre-built for every control, and risk classification logic ready. Typical adoption: day 1 register systems, day 3 activate frameworks, day 7 start completing controls, day 14 first audit-ready evidence pack.

AI Sigil keeps a complete audit trail of the work done on every control: who answered which evaluation, when, with what supporting evidence attached. Form submissions are snapshotted, answer history is preserved, and the link between regulation text, control, evaluation answer, and evidence file is one click. The platform does not scrape your systems for you, but it structures every artifact your team uploads so nothing gets lost.

Yes. For every AI system, AI Sigil produces a defensible record: the risk classification, the applicable controls (per framework and role), the evaluation answers, the attached evidence, and the regulatory references behind each decision. This record is the foundation of the EU AI Act technical documentation (Article 11), the ISO 42001 management system record, and the audit pack you bring to an external assessor.

AI Sigil exposes your workspace via an authenticated REST API so you can pull or push records from your existing GRC, ticketing, or governance tools. Native integrations and webhooks are added based on customer demand. If a specific connection matters for you (Jira, ServiceNow, Slack, a model registry), raise it during your trial: integrations are prioritized against real usage, not a generic roadmap.

When the EU AI Act adds a delegated act, when ISO 42001 publishes a revision, when a new guideline lands from the AI Office or NIST, AI Sigil updates the affected controls, evidence requirements, and evaluation forms. Customers see the changes propagated to their workspace with a clear audit log of what changed and why. Your team works the assessment, not the changelog.