What does Kortave do?

Kortave is a EU compliance platform that produces fully custom, professionally drafted compliance documentation for European businesses. This includes GDPR Article 30 records, EU AI Act Annex IV technical documentation, NIS2 policies, DORA frameworks, and more. Every document is written from scratch for each client by AI and reviewed by a compliance specialist before delivery.

Does Kortave provide templates?

No. Kortave does not provide templates. Every compliance document is custom-drafted from scratch based on the specific business profile, sector, processing activities, and regulatory obligations of each individual client. Kortave produces submission-ready compliance documentation — not guidance documents or reusable templates.

Is Kortave a regulation tracker or radar tool?

No. Kortave is a compliance delivery platform, not a regulation tracker. The primary service is producing complete, bespoke compliance documentation for businesses. Kortave does include a free regulatory reference tool showing enforcement dates, but this is a secondary feature — the core product is custom compliance documentation and managed compliance services.

What EU regulations does Kortave cover?

Kortave covers nine active EU frameworks: GDPR, EU AI Act (Regulation 2024/1689), NIS2, DORA, Cyber Resilience Act, Data Act, ePrivacy Directive, DGA, and DSA. For each framework, Kortave produces the complete required documentation package — not summaries or templates, but the actual compliance deliverables.

How is Kortave different from compliance template services?

Kortave produces bespoke compliance documentation rather than providing templates for businesses to fill in themselves. Every deliverable is generated specifically for the client's business, reviewed by a qualified compliance specialist, and delivered ready to submit to regulators. No legal knowledge or compliance team is required on the client side.

Kortave – EU Compliance Software | GDPR, AI Act & NIS2 Automation

GDPR, AI Act, NIS2, DORA, CRA, Data Act, ePrivacy, DGA, DSA — automated, documented, and audit-ready from day one.

Check your exposure →

See how it works

< 2 hrsavg response time

€0fines to clients

30 daysGDPR deadline → met

—Nuremberg, DE servers—ISO 27001-aligned—Data stays in EEA—GDPR-native by design

Sample Activity

AI Act

Compliance Inbox

Resolving across the EU in real time.

DELETION

T. Bauer

Meridian Analytics GmbH · DE

Pending

ACCESS

S. Leclerc

Arondis SAS · FR

✓ Resolved

ERASURE

J. van Dijk

Velstra B.V. · NL

Pending

PORTABILITY

A. Ferreira

Lúmino Lda. · PT

✓ Resolved

GDPR Art. 17 · 30-Day Response Window

€0.0B

in EU fines since 2018

< 0h

average setup time

EU frameworks automated

EU member states covered

— The difference —

Nine regulations. Two realities. Scroll to compare.

Without Kortave

Manual. Scattered. Exposed.

0/5

With Kortave

Automated. Unified. Audit-ready.

scroll to reveal

— Client feedback —

The compliance layer your team won't have to touch.

Real teams. Real regulations. Real results across the EU.

🇳🇱

Michiel van den Berg

Head of Legal · Velora B.V.

WehadanopenSARbackloggoingbackoverayear.Ourlegalteamknewitwasaproblembutnobodyhadtimetotouchit.Kortaveprocessedandrespondedtoall31openrequestsinside48hours.Thatbackloghadbeenkeepingmeupatnight.

I was sceptical that an automated service could handle the nuance of GDPR response drafting. The first three responses it generated were better than what our in-house template produced. I stopped second-guessing it after week two.

The AI Act checklist Kortave produced was the first document I have received that actually explains what we need to do rather than what the regulation says. Completely different category of output from what a law firm would send you.

We started using Kortave specifically because a large enterprise client asked for a compliance certificate during procurement. We had three weeks. We passed. That contract was worth more than two years of Kortave fees.

Our DORA readiness was essentially zero when we engaged Kortave. Within six weeks we had a complete gap analysis, an ICT risk framework, and a business continuity plan. The regulatory timeline would have been impossible to meet otherwise.

What I value most is the monthly digest. Our board used to ask vague questions about GDPR exposure that nobody could answer properly. Now I send them the report and there are no questions. It is a clean, auditable record every single month.

We operate across eight EU countries. Before Kortave, a deletion request in Polish would sit in our inbox until someone found time to translate it. Now everything is handled automatically in the original language. Proper responses, proper timelines.

NIS2 looked completely unmanageable until the Kortave scope report told us we were a medium-sized entity in the "important" tier, not essential. That one clarification saved us from over-engineering our entire security programme.

€4.5B in EU fines since 2018 — automated compliance is no longer optional*

* €4.5B figure sourced from GDPR Enforcement Tracker (enforcementtracker.com). Testimonials shown are illustrative scenarios — profiles and experiences may not represent actual clients or verified results.

Market position

Nothing on themarketcomes close.

Kortave is the only automated compliance platform that covers all nine active EU regulatory frameworks — not as templates, not as guidance documents, but as complete, bespoke, submission-ready deliverables produced in under 48 hours.

Comparable solutions cover one framework. Lawyers charge by the hour. Kortave automates the entire EU compliance stack — once, for less than a single consulting day.

GDPRAI ActNIS2DORACRAData ActDSADGAePrivacy

9EU frameworks covered

1platform for all of them

0comparable alternatives

Each framework requires different documents, different legal bases, different timelines. Kortave handles all of them in one subscription.

* Based on Kortave's assessment of publicly available automated compliance platforms as of Q1 2026. Covers GDPR, AI Act, NIS2, DORA, CRA, Data Act, DSA, DGA, ePrivacy in a single subscription.

— How it works —

Compliant in days, not months.

Step 01

Your obligations mapped

Connect your business profile. Kortave identifies which of the 9 EU frameworks apply — and exactly what you must do.

GDPR, AI Act, NIS2, DORA, CRA, Data Act, ePrivacy, DGA, DSA — mapped to your sector and size in minutes.

Step 02

Documentation generated

Policies, registers, risk assessments, and technical docs are drafted automatically based on your profile.

No templates to fill. No lawyers to brief. Legally framed for your jurisdiction.

Step 03

AI-processed, specialist-approved

Incoming requests are processed and drafted by AI, then personally reviewed and approved by a compliance specialist before every response is issued.

Deadlines tracked. Evidence logged. Specialist sign-off on every response, across 24 official EU languages.

Step 04

Monthly report delivered

A complete compliance status report covers all active frameworks — ready for your board or auditors on the 1st.

Nothing else required from you. Just review and sign off.

< 2 hrs

Time to first documentation

EU frameworks covered

Check your fine exposure →

EU AI Act Art. 50 — Transparency notice: Kortave's compliance deliverables are produced using AI-assisted processing and independently reviewed and approved by qualified compliance specialists before release. Deliverables constitute managed compliance documentation, not legal advice.

[ Full EU coverage ]

Every EU regulation automated.

From GDPR to the Cyber Resilience Act — Kortave covers every major EU compliance obligation, so nothing slips through.

GDPR

Live

Data subject rights, deletion requests, breach notification, and DPA documentation — fully automated.

Read guide → →

EU AI Act

Enforcing

Risk classification, transparency notices, usage policies, and staff training logs for AI systems.

Read guide → →

NIS2 Directive

Live

Cybersecurity gap analysis, incident reporting workflows, and scope determination for essential entities.

Read guide → →

DORA

Live

ICT risk management, operational resilience testing, and third-party risk registers for financial entities.

Read guide → →

Cyber Resilience Act

Enforcing

Product security obligations, vulnerability disclosure, and conformity assessment for digital products.

Read guide → →

EU Data Act

Enforcing

Data sharing obligations, IoT data access rights, and switching provisions for manufacturers and platforms.

Read guide → →

ePrivacy

Pending

Cookie consent management, electronic marketing compliance, and communications confidentiality rules.

Read guide → →

Data Governance Act

Live

Data intermediary registration, altruism frameworks, and public sector data reuse obligations.

Read guide → →

Digital Services Act

Live

Content moderation documentation, algorithmic accountability, and transparency reporting for platforms.

Read guide → →

— Why Kortave —

Built for European businesses. Run from Frankfurt.

Expert-reviewed

AI handles intake, classification, and drafting. Every deliverable is personally reviewed and approved by a compliance specialist before issue.

< 2 hrs average

Median response time across all GDPR request types.

24 EU languages

Auto-detected. No configuration. No translation overhead.

Frankfurt only

Your data never leaves the EEA. ISO 27001 certified infrastructure.

9 EU regulations

GDPR, AI Act, NIS2, DORA, CRA, Data Act, ePrivacy, DGA, and DSA — every active EU mandate, one managed service.

— Fine exposure calculator —

How exposed are you? Find out in 60 seconds.

Annual revenue

Used to calculate max fine ceiling

Industry sector

High-risk sectors face elevated scrutiny

Monthly data subject requests

Volume affects operational risk exposure

Average response time

GDPR Art. 12 requires response within one calendar month

Data Protection Officer status

Mandatory for many organisations under GDPR Art. 37 — its absence is an aggravating factor

Data breach or DPA inquiry in the last 3 years

Supervisory authorities apply substantially higher fines to repeat or previously-sanctioned organisations

Estimate only. Actual fines depend on DPA discretion, cooperation, and specific infringement severity.

[ Pricing ]

One price. Every EU regulation.

Less than one hour of legal counsel. Every single month.

Monthly

Annual

⬤ GDPR First

Starter

Start compliant. Expand when ready.

€99/mo

No contract. Cancel anytime.

{exclVat}

Full GDPR automation from day one. Every data subject request handled end-to-end — deletion, access, portability, rectification.

Four-point GDPR request classification engine
Responses drafted per Art. 12, 15, 17 & 20 GDPR
Art. 30 Record of Processing Activities — auto-maintained
Identity verification on every request
30-day statutory deadline tracking
Up to 24 EU official languages, auto-detected
Regulation Radar access — 72h enforcement alerts

Start with GDPR →

The 4 highest-enforcement frameworks

Professional

€269/mo

No contract. Cancel anytime.

{exclVat}

GDPR + EU AI Act + NIS2 + DORA. The core four EU frameworks automated in a single managed service — no manual tracking needed.

Everything in Starter
AI Act — Annex III risk classification, usage policy & staff training records
NIS2 — Art. 21 security measures documentation & incident reporting workflows
DORA — ICT risk register, governance policy & Art. 5 framework documentation
GDPR Art. 33–34 breach notification to DPA & data subjects, end-to-end
Art. 35 DPIA on request — ready for supervisory authority submission
Priority support — 4h response SLA

Get full coverage →

Ultimate

Every EU regulation. One platform.

€729/mo

No contract. Cancel anytime.

{exclVat}

All nine EU frameworks — GDPR, AI Act, NIS2, DORA, CRA, Data Act, ePrivacy, DGA, DSA. Complete automated compliance, nothing left uncovered.

All Professional features
CRA — Art. 13 essential requirements, conformity documentation & vulnerability disclosure policy
Data Act — data sharing agreements, Art. 4 access obligations & switching right notices
ePrivacy — Art. 5(3) cookie consent workflows & electronic marketing compliance records
DGA — data intermediary registration documentation & altruism framework
DSA — Art. 15 transparency reports, content moderation log & algorithmic accountability
Dedicated compliance analyst — yours personally
White-label reports & board-ready documentation
Multi-entity & cross-border coverage

Get ultimate coverage →

[ Build your own ]

Only pay for what you need.

Start with GDPR. Add frameworks as your business grows. Live price shown instantly.

Your monthly total€99/mo{exclVat}

GDPR BaseFull GDPR automation included in every plan.

€99/mo

Add frameworks

Build my plan →

48 hrs

Setup to fully live. No IT required.

24 languages

All official EU languages, detected automatically.

Nuremberg

EU servers only. Data never leaves the EEA.

Cancel anytime

No contracts. No penalties. No friction.

View GDPR reportSee a complete Article 30 Record of Processing Activities and Art. 13/14 privacy notice — exactly what a DPA would request in an audit.View AI Act assessmentSee a complete Annex IV Technical Documentation package with Art. 9 risk management system for a High-Risk AI system — one of the most demanding EU deliverables.Not sure yet? Book a callNot sure where to start? In 30 minutes we map which frameworks apply to your business and what your first step is.

Human specialist assigned to your account4h escalation SLA on compliance questionsNo ticket queues · No bots · Direct access

[ Frequently asked ]

The questions your legal team would ask

— Know what's coming —

EU regulation moves fast. Stay informed.

Regulation Radar→

EU AI Act

Full enforcement Aug 2 2026

High-risk AI systems in HR, critical infrastructure, and biometrics must be compliant or face market withdrawal.

CRA

Cyber Resilience Act — Aug 2027

Every product with a digital element sold in the EU must meet mandatory cybersecurity requirements and carry CE marking.

Data Act

Active since Sep 2025

IoT manufacturers and connected-product vendors must share generated data with users on request — new B2B portability rules apply.

ePrivacy

Council negotiations ongoing

The replacement for the Cookie Directive is stalled but advancing — stricter consent for tracking and electronic communications.

View all 10 regulations on Regulation Radar →

[ Who we are ]

Compliance infrastructure, not a consultancy.

Kortave is built by people who spent years watching EU fines hit companies that simply didn't have the systems in place. We automated what lawyers charge by the hour for — so you never have to choose between compliance and growth.

Meet the team →

— From the compliance desk —

Read all articles →

Eight Weeks to the EU AI Act High-Risk Deadline: What Is Still Missing in Most Compliance Files Every AI Tool Your Company Uses Is a GDPR Liability — Most Legal Teams Have Not Noticed Yet NIS2 in Practice: What a Compliant Incident Response Actually Looks Like

[ The clock is ticking ]