DEV Community

Damir
Damir

Posted on

I Almost Launched an "Illegal" AI SaaS Today. Here’s How I Fixed It (EU AI Act Guide).

#webdev #ai #saas #programming

Building an AI wrapper or SaaS in 2026 is easy.

Launching it legally in the EU? Not so much.

Today, I was doing final checks before launching my project, ComplianceRadar, a tool that scans websites for GDPR, ePrivacy, and EU AI Act issues.

Everything looked green:

  • clean code
  • Stripe fully integrated
  • security checks (including IDOR protection)
  • production-ready UI

I was ready to ship.

Then I did one last thing.

I ran my own tool… against my own website.

The Result

Score: 65/100

Wait… what?

The Problem

I was missing an AI Transparency Page.

Which means:

I was building a compliance tool… that was technically not compliant.

Specifically, I hadn’t fully addressed transparency expectations for AI deployers under the EU AI Act.

So I did something most developers hate:

Code freeze.

I paused the launch and spent the morning fixing it properly.

The Misconception

A lot of developers think:

“AI transparency means open-sourcing your code or exposing your prompts.”

That’s not true.

You can be compliant without exposing your secret sauce.

Here’s what actually matters.

What You Actually Need to Document

1. Model Architecture & API Usage

Don’t hide what you’re using.

In my case:

  • Google Gemini 2.5 Flash
  • via a secure Enterprise API

Why this matters:

B2B clients want to know you’re not running a random open-source model on an unprotected server.

2. The “Zero Data Retention” Guarantee

This is one of the strongest trust signals you can have.

I explicitly documented that:

  • user inputs (URLs + extracted content) are processed ephemerally
  • no customer data is used to train models

This is possible because of enterprise API guarantees.

3. Prompt Governance (Technical Guardrails)

I didn’t expose my prompts.

But I documented how the system is controlled.

For example:

  • forcing strict application/json outputs
  • limiting free-form responses
  • treating the model as a structured scoring engine

This reduces hallucination risk and improves determinism.

4. Human-in-the-Loop Disclaimer

This one is critical.

AI is not perfect.

So I clearly state:

The system is an assistive co-pilot, not a replacement for professional advice.

This is both:

  • a compliance requirement
  • a liability safeguard

The Result (After Fixing It)

  • ✅ SaaS launched
  • ✅ Transparency implemented
  • ✅ Compliance improved
  • ✅ Trust factor increased significantly

Final Thought

If you’re building AI tools for the European market:

Don’t just build fast, build compliant.

The hardest part isn’t writing code.

It’s understanding what your system is allowed to do.

Want to See It in Production?

I made the transparency page public:

👉 https://www.complianceradar.dev/ai-transparency

You can also scan your own site and see how your system performs.

Top comments (0)