Beta · Methodology v2.0 · Engine v1.1-MAY26

Defensible AI Act and GDPR exposure assessment — built for the people who have to sign it.

A structured, version-stamped working paper covering your system's exposure across 23 EU and international frameworks. Designed to stand up to review by your own board, your auditors, and your legal team.

For compliance teams Start an assessment → For advisors Use Navigator with your clients →

Independent methodology. No customer data used for training. Built in Rotterdam by AIGP-certified AI governance practitioners.

What you receive

A confidential report — not a dashboard, not a score. The artifact is structured the way a serious internal reviewer, auditor, or outside counsel expects to read one: explicit scoping, explicit method, explicit version, explicit limits.

  • An explicit scoping conclusion.

    Which of 23 frameworks apply to your specific system, which do not, and why — each scoping decision stamped with a persistent rule reference.

  • Two independent risk readings.

    Your EU AI Act tier and your GDPR enforcement risk computed separately, never collapsed.

  • A prioritised remediation roadmap.

    Assignable, sequenced, ready for a steering committee — with the legal anchor named on every action.

  • A Documentary Evidence Score.

    An honest indicator of how well your documentation supports your answers. Explicitly not a legal-compliance verdict.

The methodology version is printed on every cover. If we revise it, you know.

How we get to the answer

One design principle: screen broadly, assess proportionately.

Panel 1

Screen broadly

Every assessment runs against the full set of 23 frameworks. No framework is silently skipped. Out-of-scope frameworks appear in the report with the rule that screened them out.

Panel 2

Assess proportionately

A five-person consultancy and a 12,000-person bank use the same methodology, calibrated to different depth, evidence expectations, and language. We never pretend a SME needs enterprise-grade artefacts.

Panel 3

Disclose scoping

Every applicable framework, every scoped-out framework, every reporting state — version-stamped, citation-anchored, traceable. The methodology is publicly summarised and internally maintained as a version-controlled specification.

Read the full methodology summary →

Built for two audiences. Same engine. Different fit.

For compliance teams

When you are the one who has to defend the answer.

If you are a DPO, in-house counsel, AI governance lead, or board secretary, Navigator gives you a structured first read — fast enough to use, defensible enough to stand behind. The artifact is the working paper a reasonable assessor would write if they had a week.

  • Run the assessment in a single working session with the people who know the system
  • Walk into your next steering committee with a board-ready document
  • Keep a methodology-disclosed record of due diligence in your file
Start an assessment →

€297 per confidential report (beta). Locked at this price for 24 months for founding customers.

For advisors

When your client asks "do we need to worry about the AI Act?"

Law firms, Big 4 practices, and boutique advisories use Navigator as the structured front end of a client engagement. Your associates run the questionnaire with the client; you add the legal opinion layer. What used to be a 20-hour scoping memo becomes a fixed-fee, fixed-turnaround entry product.

  • Fixed-fee scoping product you can quote without a long intake
  • Defensible methodology artifact your client can keep in their file
  • Co-branding and partner attribution available by agreement
Talk to us about partner terms →

Partner pricing: pilot from €2,500, per-report from €200. Partner terms available by conversation.

23 frameworks. Three honest tiers.

We do not claim to "cover" frameworks we cannot assess in depth. Every framework in the registry sits in one of three tiers, and the tier is printed in your report.

Tier 1 · 3 frameworks

Core — actively assessed

Full framework-specific rules, dedicated findings, scoped compliance score.

EU AI Act · GDPR · ISO/IEC 42001

Tier 2 · 7 frameworks

Targeted — rule and overlap coverage

Assessed via targeted rules and cross-framework control overlap.

ISO/IEC 27001 · NIS2 · DORA · CSRD · ePrivacy · EU Data Act · NIST AI RMF

Tier 3 · 13 frameworks

Covered — mapped and cited

Mapped, cited, and surfaced in the report's Source Transparency Panel.

DSA · DMA · CRA · MDR · LED · eIDAS 2.0 · AI Liability Directive · Product Liability Directive (2024) · Whistleblower Directive · ISO/IEC 23894 · ISO/IEC 5338 · ISO/IEC 42005 · EDPB DPIA Template 2026

A framework in the Covered tier is surfaced, cited, and scoped, but not scored.

Read the full methodology summary →

Three commitments to early customers.

Each commitment links to the matching section of our public Disclosures page, where the underlying language and scope is fixed.

Your data does not train anything.

We do not use submitted content to train, fine-tune, or improve models. Our current LLM provider's paid API terms state that paid API content is not used for training.

See Disclosures §2.1 →

Version-stamped, every report.

Methodology v2.0, engine v1.1-MAY26. A report produced today reads the same way next year. The artifact does not silently mutate server-side.

See Disclosures §2.2 →

Free reassessment on material methodology change.

If a methodology revision within 12 months changes a finding in your top-five actions, you get one free reassessment per report.

See Disclosures §2.3 →

Built and maintained under AIGP-certified oversight.

Navigator is built by Novo Horizonte Consultancy, based in Rotterdam, the Netherlands. The methodology is maintained under AIGP-certified AI governance oversight, with advisory work provided separately from the software.

The consultancy holds professional expertise in EU AI Act, GDPR, NIS2, and DORA engagements. Methodology materials are available for review under NDA — see Methodology §9.

Novo Horizonte Consultancy
Rotterdam, the Netherlands

Beta pricing. Founding-customer terms.

Single assessment
€297

Per confidential report (beta). One-time payment. No subscription.

  • Full structured report
  • Version-stamped methodology and engine
  • Free re-run guarantee for 12 months
Start an assessment →
Advisor / partner
From €2,500

90-day pilot. Partner terms available by conversation.

  • 12 assessments included
  • Co-branding and partner attribution available
  • Direct line to the methodology team
Talk to us →

Founding customers — first 20 SMEs and first 5 enterprise pilots — have current beta pricing locked for 24 months after general availability.

For procurement

Need a DPA for procurement? A v0.1 draft is available on request, currently under outside-counsel review.

Request via legal@novohorizonteconsultancy.com with the subject “DPA request.”

Honest answers to the questions we get most.

You are in beta. What does that mean for me?
Methodology is documented, version-stamped, and tested at CI before each release. We are in beta because we are still calibrating against real-use cases — which is why early customers get protected pricing and a free re-run guarantee if anything material changes.
Is this legal advice?
No. Navigator is a decision-support platform. Its output is designed to inform and accelerate professional judgement, not replace it. Material findings should be reviewed by your own legal advisor — internal or external — before action.
Where does my data go?
Inputs are processed to generate your assessment and report. They are not used for training. Full data flow is on the Disclosures page .
Which LLM is used?
Google Gemini, accessed via the paid Developer API. Citations are restricted to a verified internal registry; LLM-generated narrative passes structural validation before rendering.
Why should I trust the methodology?
Because it is documented, externally readable, and version-stamped on every report. Read the Methodology summary , and ask your own advisor to read it.
Can my firm white-label the report?
Co-branding and partner attribution are available by conversation under partner terms.
What's the legal package for procurement?
Legal Notice, Disclosures, Methodology summary, and a v0.1 DPA draft. All are available now; counsel review of the DPA is in progress.