I just launched Complizo on Product Hunt — EU AI Act compliance for SMBs (free to try)

Ari Volcoff — Tue, 17 Mar 2026 12:32:29 +0000

I launched Complizo on Product Hunt today and wanted to share what I built — and why — with this community.

The problem I kept running into

Every EU AI Act compliance tool on the market is priced for enterprises with $50K+/year budgets and requires a consultant to implement. Meanwhile, SMBs are staring down an August 2, 2026 enforcement deadline with fines up to €35M and trying to manage it with spreadsheets and PDFs.

That's not sustainable.

What Complizo does

You add your AI systems, and Complizo:

Classifies them by risk level using Annex III criteria (the 8 high-risk categories — employment, biometric, critical infrastructure, etc.)
Auto-generates the required documentation — model cards, data governance records, human oversight protocols, FRIAs for high-risk systems — tailored to your specific system details, not a generic 40-page template
Gives you a compliance score so you know what's done and what isn't
Exports audit-ready PDFs your legal team or regulator can actually use

The AI doc generation is the core differentiator. It references actual EU AI Act article numbers and writes documentation specific to what you've described, not boilerplate.

What I'm still figuring out

A few open questions I'd genuinely love the dev community's input on:

SMB self-serve vs. consultant-led: Will SMBs actually navigate compliance on their own, or will they always want hand-holding? My bet is the August deadline creates enough urgency to force self-serve adoption.
GPAI obligations: General-purpose AI providers have their own obligations (Article 53+), distinct from Annex III. Still refining how Complizo handles these edge cases.
The Omnibus uncertainty: The Digital Omnibus directive may delay high-risk obligations by 16 months. We built the risk classifier to be modular so your documentation doesn't start from scratch if the rules shift.

Free to try

Free tier for up to 3 AI systems — no credit card needed.

Would love feedback, especially from anyone who's actually tried to navigate the Act or is building AI-powered products for EU-market customers.

👉 complizo.com | Product Hunt launch

The EU AI Act Kicks In August 2. Here's What Your AI Product Actually Needs to Do

Ari Volcoff — Tue, 17 Mar 2026 11:30:36 +0000

If you're building AI products that touch European users, August 2, 2026 is a date you need to have in your calendar. That's when the EU AI Act's high-risk AI obligations and GPAI (General Purpose AI) rules become enforceable — with fines up to €35M or 7% of global turnover for non-compliance.

I built Complizo to solve this for SMBs, and in the process learned a lot about what compliance actually requires at a technical level. Here's the practical breakdown.

What the EU AI Act actually requires

The Act introduces a risk-based framework. Most AI systems fall into one of four tiers:

Unacceptable risk — banned outright (e.g. social scoring, real-time biometric surveillance in public spaces)

High risk — the hard one. Defined in Annex III, this covers 8 categories including:

Biometric identification and categorisation
Critical infrastructure management
Education and vocational training
Employment and worker management
Access to essential services (credit scoring, insurance)
Law enforcement
Migration and asylum management
Administration of justice

If your system falls here, you need: a conformity assessment, a risk management system, data governance documentation, technical documentation, human oversight mechanisms, and registration in the EU database.

Limited risk — transparency obligations only. Chatbots must disclose they're AI. Deepfakes must be labelled.

Minimal risk — no obligations. Spam filters, AI in video games, etc.

The Annex III trap most developers fall into

The trickiest part isn't the clear cases — it's the edge ones. A recruitment screening tool that ranks CVs? Likely high-risk (Article 6, employment category). An AI credit scoring component embedded in a larger fintech app? High-risk. A sentiment analysis tool used in hiring decisions? Probably high-risk too.

The language in the Act is intentionally broad, which means you need to actually reason through your system's purpose, deployment context, and whether a human is "meaningfully" in the loop — not just technically present.

What documentation you actually need to produce

For high-risk systems, the minimum viable compliance package looks like this:

AI system inventory — register every AI system you deploy, with purpose, input/output data types, intended users
Risk classification decision — documented reasoning for why you landed at your classification (or why you're not high-risk)
Technical documentation — architecture, training data description, performance metrics, known limitations
Data governance policy — how training and input data is sourced, validated, and monitored for bias
Human oversight protocol — how a human can intervene, override, or stop the system
Conformity assessment — either self-assessed (for most) or third-party (for certain biometric/law enforcement use cases)
Audit-ready export — all of the above in a format you can hand to a regulator

The GPAI rules (relevant if you're building on top of foundation models)

If you're deploying a general-purpose AI model (think: your own fine-tuned LLM or a wrapper around GPT/Claude/Gemini), you have additional obligations:

Publish a technical summary of training data
Implement a copyright compliance policy
Maintain model documentation and make it available to downstream deployers

For GPAI models with "systemic risk" (above a compute threshold — currently 10^25 FLOPs), there are even stricter requirements including adversarial testing and incident reporting.

The Digital Omnibus delay — and why it doesn't mean you can relax

There's been a lot of noise about the Digital Omnibus potentially delaying high-risk obligations by 16 months. Even if that passes, the GPAI rules and general obligations (transparency, prohibited practices) still kick in August 2. And building your compliance foundation now means you're not scrambling in 2027.

What I built

After going through this process for my own AI products, I built Complizo — it walks you through each step with guided forms, auto-generates the documentation you need, scores your compliance readiness, and exports audit-ready PDFs. Free for up to 3 AI systems.

It's not a legal service — it's the engineering scaffolding that gets your docs in shape before you talk to a lawyer (and makes that conversation a lot cheaper).

Happy to answer questions about the Act in the comments — this stuff is genuinely confusing and the official guidance is not developer-friendly.

DEV Community: Ari Volcoff