No tracking. No cookie wall.·100 % EU-hosted on Hetzner
EU-hostedPrivacy policy →
Services

Fixed-scope consulting engagements on top of Ansvar.

When you need the deliverable, not the tool. Ansvar consultants run scoped engagements on the same gateway your team uses — every finding cited, every artefact senior-reviewed. Tell us the scope and we'll come back to you.

AI Act Readiness Assessment

Classify your AI systems against the EU AI Act, then know exactly which obligations apply before they bite.

  • System inventory and risk classification against Article 5, Article 6, and Annex III
  • Obligations mapped to your role: provider, deployer, importer, or distributor
  • Gap register with per-obligation status, evidence, and owner
  • Board-ready readout and a prioritised remediation plan

Threat Model as a Service

A structured threat model for your system, built on STRIDE and LINDDUN and your real architecture.

  • Data-flow and trust-boundary mapping for the system in scope
  • Threat enumeration with STRIDE and LINDDUN
  • Prioritised mitigations, each cited to a source framework
  • Delivered as a structured report

DPIA as a Service

A Data Protection Impact Assessment, done for you and defensible to your regulator.

  • Processing description and a necessity-and-proportionality test
  • Risk assessment from the data subject's perspective
  • Mitigations mapped to GDPR Article 35 and EDPB guidance
  • Auditor-ready cited report

Compliance Gap Analysis

Where you stand against NIS2, DORA, ISO 27001, GDPR, and the EU AI Act — as a cited report, scoped at article and control level.

  • Scoped to your frameworks: ISO 27001, NIS2, DORA, GDPR, the EU AI Act, and sector regulators
  • Cited findings, each tracing to the provision and your own evidence
  • Delivered as PDF, CSV, and GRC-tool import format
  • Senior-reviewed before it ships
How every engagement runs

Same gateway, same citation contract, same refusal discipline.

Three things are true of every Ansvar engagement, regardless of which service you buy.

01

Citation-grounded

Every finding traces to the underlying provision through the Ansvar gateway — same MCP, same citation contract that the public-tier customers use. No LLM-generated citations.

02

Expert-validated

Every finding is fully validated and reviewed by the expert who delivers it — always. Not a separate second pass; the expert stands behind every cited fact before it ships.

03

Refusal discipline

The expert does the research, and only validated information goes into the deliverable. When a regulation isn't in the corpus or a citation can't be verified, the gap is marked visibly — never filled with unvalidated prose.

Compliance metadata included. Every engagement ships with an added package of metadata about the end-to-end delivery — the sources, validation, and provenance behind each finding — built for your own compliance and audit records.

Need a different engagement?

DORA readiness, NIS2 entity classification, audit-evidence packs, custom workflow connectors — if it can be cited, it can be delivered. Tell us the scope and we'll come back within two working days.