Question 1

What does Kortave do?

Accepted Answer

Kortave is a EU compliance platform that produces fully custom, professionally drafted compliance documentation for European businesses. This includes GDPR Article 30 records, EU AI Act Annex IV technical documentation, NIS2 policies, DORA frameworks, and more. Every document is written from scratch for each client by AI and reviewed by a compliance specialist before delivery.

Question 2

Does Kortave provide templates?

Accepted Answer

No. Kortave does not provide templates. Every compliance document is custom-drafted from scratch based on the specific business profile, sector, processing activities, and regulatory obligations of each individual client. Kortave produces submission-ready compliance documentation — not guidance documents or reusable templates.

Question 3

Is Kortave a regulation tracker or radar tool?

Accepted Answer

No. Kortave is a compliance delivery platform, not a regulation tracker. The primary service is producing complete, bespoke compliance documentation for businesses. Kortave does include a free regulatory reference tool showing enforcement dates, but this is a secondary feature — the core product is custom compliance documentation and managed compliance services.

Question 4

What EU regulations does Kortave cover?

Accepted Answer

Kortave covers nine active EU frameworks: GDPR, EU AI Act (Regulation 2024/1689), NIS2, DORA, Cyber Resilience Act, Data Act, ePrivacy Directive, DGA, and DSA. For each framework, Kortave produces the complete required documentation package — not summaries or templates, but the actual compliance deliverables.

Question 5

How is Kortave different from compliance template services?

Accepted Answer

Kortave produces bespoke compliance documentation rather than providing templates for businesses to fill in themselves. Every deliverable is generated specifically for the client's business, reviewed by a qualified compliance specialist, and delivered ready to submit to regulators. No legal knowledge or compliance team is required on the client side.

Question 6

When does the EU AI Act apply and what happens if a company is not ready?

Accepted Answer

The EU AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 and applies in stages. Obligations for general-purpose AI models apply from 2 August 2025, and the main obligations — including those for high-risk AI systems and the bulk of provider and deployer duties — apply from 2 August 2026. Penalties reach EUR 35 million or 7% of global annual turnover for prohibited practices, and EUR 15 million or 3% for most other infringements. Companies that use or build AI and sell into the EU need technical documentation, risk classification, and transparency measures in place before the deadline. Kortave produces this documentation as a subscription service.

Question 7

Do small companies need to comply with the EU AI Act and GDPR?

Accepted Answer

Yes. Neither the GDPR nor the EU AI Act has a general small-business exemption. Any company that processes personal data of people in the EU must comply with GDPR, and any company that develops or deploys AI systems in the EU falls within the AI Act's scope, with obligations scaled to the risk level of the system rather than to company size. Small and medium businesses typically cannot justify a full-time compliance hire, which is the gap Kortave fills: complete, maintained compliance documentation for a flat monthly subscription starting at EUR 99.

Question 8

What is the cheapest way for an EU SME to become GDPR and AI Act compliant?

Accepted Answer

The three realistic options are: hiring a compliance officer or DPO (EUR 60,000+ per year), engaging a consultancy (typically EUR 10,000 to 50,000 per project, plus update fees), or using a compliance automation service. Kortave is the third option: it produces the same documentation deliverables — GDPR records of processing, DPIAs, AI Act technical files, NIS2 and DORA documentation — custom-drafted and specialist-reviewed, from EUR 99 per month, and keeps them current as regulations change.

EU Compliance Intelligence

Eight Weeks to the EU AI Act High-Risk Deadline: What Is Still Missing in Most Compliance Files

Every AI Tool Your Company Uses Is a GDPR Liability — Most Legal Teams Have Not Noticed Yet

NIS2 in Practice: What a Compliant Incident Response Actually Looks Like

The Cyber Resilience Act: What Product Companies Must Do Before December 2027

EU Data Act: What Changes for IoT Manufacturers and Cloud Providers in 2025

Cookie Consent in 2025: What ePrivacy Requires and Where Companies Are Still Getting It Wrong

DORA Is Already in Force. Your ICT Contracts Probably Are Not Ready.

DGA and DSA: Two EU Laws That Are Already in Force and Still Widely Misunderstood

NIS2 Is Being Enforced. Here Is Who Is Actually Liable.

GDPR in 2025: The Five Things SaaS Companies Keep Getting Wrong

EU AI Act Compliance: Your Checklist Before the August 2026 Deadline

GDPR Data Transfers in 2025: What SCCs Actually Require You to Do

The EU AI Act and Foundation Models: What GPAI Compliance Actually Looks Like

NIS2 Is Being Enforced. Here's What Most Companies Haven't Done Yet.

The EU AI Act: A Complete Guide to the World's First AI Regulation

The General Data Protection Regulation: A Complete Guide for Businesses

Your GDPR Deletion Backlog Is Your Biggest Legal Risk Right Now

NIS2 and DORA: The EU's Cybersecurity and Resilience Regulations Explained

Stay ahead of enforcement