Removes the headache for a CISO, DPO & CPIO

The AI register your auditor will accept — before 2 August 2026.

NordClaw automatically inventories every AI tool your employees use, classifies the risk, and produces the Art. 12 evidence regulators will ask for. Deploys in a day. No PII data leaves the EU.

Claim a Q3 2026 pilot slotOr ask Signe if you're a fit →
EU-hosted · FrankfurtDeploys in < 1 dayZero workflow change
EU AI Act enforceable in
--
days
--
hours
--
min
--
sec

Combined exposure: up to €35M or 7% of global turnoverunder the AI Act and GDPR — applied in parallel, on the same incident.

The buyer's pain

Three EU AI Act questions every CISO must answer.

Most cannot answer one. By August 2026, regulators expect all three — in writing, with an audit trail.

>50%of EU organisations have no AI inventory. 40% of detected AI systems can't be cleanly classified.

  1. 01

    What AI is being used?

    ChatGPT, Claude, Copilot, embedded vendor AI, shadow API calls — the full inventory, not the part you know about.

  2. 02

    By whom?

    Which employee, in which department — tied to a real identity, not an anonymous API key.

  3. 03

    With what data?

    Which prompts contained personal, customer, financial or health data — and where it ended up.

nordclaw.eu / dashboard
AI usage register
Live inventory · last 24h
142
interactions logged
ToolTeamUserData classRisk
ChatGPTLegala.lindqvistContract draft● High
ClaudeFinancej.bergQ3 forecast● High
CopilotEngineeringm.haugenSource code● Med
GeminiHRs.virtanenCV screening● High
PerplexityMarketingk.olsenPublic research● Low
Audit trail · signed · EU-Central-1Export Art. 12 record →
The product · v1

One screen. Every AI interaction. Signed evidence.

  • Answer the three questions
    Who is using which LLM, with what data — auto-discovered from proxy traffic, not from a form anyone filled in.
  • Art. 26(6) log in one click
    Immutable Postgres on EU soil. Export the audit trail as signed PDF, CSV or JSON your regulator will accept.
  • No code change
    Zero code changes — transparent OpenAI-compatible proxy. Your IT team reroutes traffic in minutes, every tool keeps working.
Integration
Zero code changes
Data residency
Frankfurt
SSO
Entra ID, Google
Export formats
PDF, CSV, JSON
Why NordClaw

Five reasons every other approach falls short.

The EU AI Act and GDPR create obligations most AI tooling can't meet. These are the structural gaps — and how NordClaw closes them.

  1. 01

    Preventive, not reactive

    GDPR Article 17 — the right to erasure — is technically unenforceable once personal data enters an LLM. The EDPB confirmed this in its 2025 guidance. NordClaw keeps personal data out of the model entirely, so erasure becomes a database DELETE.

    EDPB 2025 guidance · data subject rights in AI
  2. 02

    Your employees are already leaking data

    49% of enterprise workers admit to using unapproved AI tools — the real number is higher. Every pasted ticket, contract or performance review is a transfer of personal data. NordClaw redacts at the API layer, so you get a barrier towards wrongdoing by colleagues.

    Enterprise shadow-AI usage · 2024–2025
  3. 03

    A DPA won't stop a CLOUD Act subpoena

    The US CLOUD Act compels US providers to hand over data held anywhere — EU servers included. Contractual protections are unenforceable against a federal subpoena. If personal data never reaches US infrastructure, there is nothing to compel.

    18 U.S.C. § 2713 · CLOUD Act, 2018
  4. 04

    Covers shadow AI, not just sanctioned tools

    Browser extensions and endpoint agents only protect the tools you've configured. NordClaw sits at the API layer — every LLM call, from sanctioned suites to a developer script or Make.com flow, passes through the same redaction.

    Architecture · API-layer interception
  5. 05

    All 24 EU languages, EU-native entities

    Most PII tools are English-first and degrade on German, French, Polish or Romanian. The NordClaw PII masking engine is tuned for EU formats: Personalausweis, NIR, BSN, personnummer, Steuer-ID and the rest.

    NordClaw PII masking engine · EU entity recognisers
How it works

No code changes. Your SSO. EU-hosted from minute one.

  1. 01

    Redirect

    Zero code changes — simply reroute your AI traffic through NordClaw. 100% OpenAI-API compatible. Typical added latency under 50 ms.

  2. 02

    Authenticate

    Plug NordClaw into your existing SSO — Microsoft Entra ID or Google Workspace. Every prompt is now tied to a real person, department and role.

  3. 03

    Govern

    PII is redacted in Frankfurt before prompts leave the EU. Every interaction lands in an immutable Postgres log. The CISO opens the dashboard.

Founding pilot · Q3 2026

Ten pilot slots. Then we close the cohort.

Pilots go live before the 2 August 2026 deadline. Founding customers get direct input on v1.1 and v1.2 — and pricing locked at the pilot rate for 24 months.

  • Founder pricing, locked for 24 months
  • Direct line to the product team
  • Input on the v1.1 risk-tier classifier
  • Onboarding before the 2 Aug 2026 deadline
Claim a slot

Pricing finalised with pilot customers. No public price list yet — by design.

What ships, and when

v1 is deliberately small. The deadline is not.

  1. v1 · Q4 2026
    Automated AI register
    Discovery, classification, per-user Art. 12 evidence.
  2. v1.1 · Q1 2027
    Risk-tier classifier
    Every system mapped to the AI Act's four risk tiers.
  3. v1.2 · Q2 2027
    GDPR cross-walk
    AI events joined to Art. 30 records of processing.
  4. later
    Policy enforcement
    Block, redact, or approve at the browser and gateway layer.
The cost of doing nothingApplied in parallel
EU AI Act
Art. 99
€15M
or 3% global turnover
GDPR
Art. 83
€20M
or 4% global turnover
One incident
Both regulations

Combined exposure up to €35M — or 7% of global turnover.

Frequently asked

EU AI Act, Shadow AI & PII redaction — answered.

The questions every CISO, DPO and CPIO asks before a pilot. Short answers here — the full 77-question reference lives on a dedicated page.

See all 77 questions →
01 What is NordClaw in one sentence?

NordClaw is a transparent proxy interceptor that sits between your organization and AI models to automatically redact personal data, build an immutable audit trail, and provide real-time visibility into all AI usage across the entire organization.

Read full answer →
02 How do you solve the "Shadow AI" crisis?

Instead of relying on inaccurate employee surveys, NordClaw's proxy automatically discovers every distinct AI model being called across your network from live traffic. It surfaces tools IT may not even know are in use—including consumer-tier ChatGPT, Claude, and Gemini accounts, as well as AI features embedded overnight into approved SaaS platforms. Without this, classification is impossible; without classification, every other compliance obligation is unaddressable.

Read full answer →
03 Why not use a US-based AI governance platform?

US platforms are subject to the US CLOUD Act, which means US government authorities can compel access to data stored on US infrastructure regardless of contractual protections. This creates direct GDPR Article 44 exposure for EU customers. NordClaw is hosted entirely on Hetzner Frankfurt, ensuring complete EU data sovereignty. Additionally, US platforms do not provide the specific compliance outputs required by the EU AI Act—Article 26(6) log exports, FRIA templates, EU database registration support, and 24-language PII detection.

Read full answer →
04 How does NordClaw handle the "Schrems II" and US CLOUD Act risks?

NordClaw is structurally EU-native, hosted entirely on Hetzner Frankfurt infrastructure. Because all PII is redacted before it leaves this EU perimeter, your data remains outside the jurisdictional reach of the US CLOUD Act. The EU data residency guarantee is technical, not contractual—a critical distinction that contractual Standard Contractual Clauses (SCCs) alone cannot provide.

Read full answer →
05 How do you satisfy Article 26(6) logging requirements?

NordClaw maintains an immutable, append-only PostgreSQL log for at least six months. Unlike provider "receipts" that show only aggregate token counts per API key, these logs map every request to a named human and department via SSO, capturing: timestamp, user identity, department, model called, token counts, PII entities detected, policy applied, latency, and a SHA-256 request hash. A CISO can export the complete Article 26 audit trail in one click as CSV or PDF.

Read full answer →
06 How does NordClaw compare to EU governance documentation platforms (Modulos, Daiki, Whisperly, ComplyCloud, EQS)?

These platforms help organizations manage, classify, and document AI systems. They produce compliance evidence. They do not sit in the traffic path. If an employee pastes customer data into ChatGPT, none of these tools stop it, redact it, or log it. NordClaw provides the technical enforcement layer that these platforms lack, and can integrate with them as a complementary layer.

Read full answer →
07 How long does a full deployment take?

The core interceptor can be activated and providing organizational visibility in under an hour by changing a single environment variable (BASE_URL=api.nordclaw.eu). Most organizations achieve full compliance maturity within the 90-Day Compliance Readiness Sprint.

Read full answer →
08 What are NordClaw's pricing tiers?

Tier Price Users Key Features --- --- --- --- Starter €299/month Up to 5 users Core interceptor, AI inventory, audit log, dashboard Professional €799/month Up to 25 users + PII redaction, DPIA/FRIA templates, vendor DPA register Enterprise Custom Unlimited + Walled Garden Manifest, self-hosted option, SLA, priority support

Read full answer →
09 What is the latency impact?

The interception and redaction process typically adds less than 50ms of latency, making the security layer entirely invisible to end users and applications.

Read full answer →
10 Can developers still use their favorite tools?

Yes. NordClaw is 100% OpenAI API-compatible. Developers can govern their internal scripts and tools simply by changing a single BASE_URL environment variable to api.nordclaw.eu. No code rewrites, no new SDKs, no disruption to existing workflows.

Read full answer →

Try it live

See PII redaction in action

Paste any text containing personal data below. NordClaw detects and redacts it before the text ever touches an AI model — in real time, on our own hardware.

S
Signe
PII redaction demo

Paste a message containing personal data — an email address, phone number, or credit card — and see how NordClaw redacts it before the text ever reaches an AI model.

Claim your slot

Join the Q3 2026 EU AI Act pilot waiting list.

Drop your work email. We'll reach out personally as soon as we can with the EU AI Act compliance checklist.

  • Checklist in your inbox — all 13 obligations mapped to articles
  • Receive updates on the pilot
  • Secure your route to be AI Act compliant
  • Stored on EU infrastructure. No newsletter, no drip.

Not ready to join the pilot waiting list? Ask Signe a question first →

Pilot enquiry

Sign up and be prepared for the AI Act

Stored on EU infrastructure. We only reach out about a pilot fit — no newsletter, no drip.

Talk to our AI consultant

Signe will explain you the details

Signe knows the AI Act, GDPR, and NordClaw's roadmap inside out. Ask about your stack, your deadline, your risk tier — or whether a pilot makes sense.

No sign-up. The conversation stays in your browser until you refresh.

S
Signe
AI consultant · online
Hej — I'm Signe, NordClaw's in-house AI consultant. Tell me about your stack, your deadline pressure, or whether a Q3 2026 pilot makes sense for you. I'll give you a straight answer.