01SCAN
Find every AI in your stack
Connect GitHub, drop a package.json, or paste a SaaS list. Stele detects OpenAI, Anthropic, LangChain, Cohere, Replicate, Mistral, transformers — and 200+ embedded AI features.
CODEBASE · SAAS · API LOGS
REGULATION (EU) 2024/1689 — ARTICLES 13, 26, 50, 86
THE AI ACT
IS ABOUT
TO HIT YOUR
STACK.
Stele inventories every AI system in your codebase, SaaS, and API logs — classifies it against the Act's risk tiers — and drafts the disclosures, deployer records, and DPIAs your auditor will demand. Built for European SMBs. Priced like one.
NO LOGIN · 30 SECONDSEU-HOSTED · GDPR POSTUREFREE TIER ONLY DURING VALIDATION
99 DAYS
UNTIL DEPLOYER OBLIGATIONS LAND
<30%
OF EU SMEs HAVE STARTED PREPARING
€35M / 7%
MAX FINE — ARTICLE 99
FREE
VALIDATION TIER — PAYMENTS COMING LATER
FOUR STEPS
ONE WEEKEND.
Stop hand-rolling spreadsheets. Stele runs your stack against the AI Act's deployer obligations and outputs the artifacts your auditor will ask for — with a hash-chained trail proving when you knew, what you decided, and who signed.
02CLASSIFY
Tier against Annex III
Each detected system is mapped to UNACCEPTABLE, HIGH-RISK, LIMITED, or MINIMAL with full reasoning trace and Annex III citation.
REASONING TRACE · CITED · REVERSIBLE
03GENERATE
Draft the paperwork
Article 50 transparency disclosures, Article 13 instructions for use, Article 26 deployer records, DPIA stubs, Art. 86 notification templates — pre-filled, exportable, defensible.
PDF · MARKDOWN · VERSIONED
04AUDIT
Hash-chain the trail
Every classification, document version, and policy decision is appended to an immutable, SHA-256 hash-chained log. Court-ready. Exportable in one click.
SHA-256 · IMMUTABLE · COURT-READY
FOUR TIERS.
ONE LIVE WALL.
Article 6 splits AI systems into four risk tiers. The deployer's obligations scale with the tier. We map yours, cite the article, and tell you what to do — in that order.
[ UNACCEPTABLE ]
PROHIBITED
ARTICLE 5
Examples in your stack
- Social-scoring models trained on employee behaviour
- Subliminal manipulation in growth experiments
- Untargeted facial-image scraping for ID
- Real-time remote biometric ID in public spaces
- Emotion inference in workplace or schools
YOU MUSTSTOPREMOVE OR REWORK BEFORE AUG 2.
[ HIGH-RISK ]
REGULATED
ANNEX III · ARTS. 8–22, 26
Examples in your stack
- Employment shortlisting & performance evaluation
- Credit scoring and creditworthiness assessment
- Education access & exam evaluation
- Critical infrastructure operation
- Migration, asylum, border-control assistance
YOU MUSTDOCUMENTDPIA · ART. 26 RECORDS · HUMAN OVERSIGHT.
[ LIMITED ]
TRANSPARENT
ARTICLE 50
Examples in your stack
- Customer-facing chatbots & support assistants
- Generative content (text, image, audio, video)
- Deepfake or AI-generated media
- Emotion recognition outside high-risk contexts
- Biometric categorisation (non-prohibited)
YOU MUSTDISCLOSEUSERS MUST KNOW THEY'RE INTERACTING WITH AI.
[ MINIMAL ]
UNREGULATED
VOLUNTARY CODES
Examples in your stack
- Spam filters and inbox classifiers
- AI-assisted code completion (internal use)
- Recommendation engines below threshold
- Productivity assistants without sensitive data
- Image upscaling & format conversion
YOU SHOULDLOGKEEP A RECORD. AUDITORS APPRECIATE THOROUGHNESS.
FREE VALIDATION — PAYMENTS NOT ENABLED YETTRY THE SCANNER.
TRY THE SCANNER.
SHAPE THE PRODUCT.
FREE VALIDATION TIER
€0/NOW
For founders and CTOs checking whether Stele is useful before we add paid plans.
- Free scanner
- Lightweight workspace
- First-pass proposed guidance
- Evidence gaps and AI Act reader
- Organic feedback prompts that shape what ships next
COMING SOON
?
Record packs, exports, and billing will only ship after user feedback validates them.
- Audit-ready deployer record packs
- Article 50 disclosure exports
- Versioned evidence bundles
- No checkout exposed until Stripe is implemented
STRAIGHT
ANSWERS.
Built by people who actually read the regulation. If you have a sharper question, email us — we read every one.
What is the AI Act, in one sentence?
EU Regulation 2024/1689 classifies AI systems by risk and forces deployers to document, disclose, and oversee high-risk and limited-risk uses — with deployer obligations live on 2 August 2026.
Am I a deployer or a provider?
If you put an AI system into use under your own brand or for your own purpose, you are a deployer. If you build and place one on the market, you are a provider. Most SMBs end up as both — Stele tracks each role separately.
Does using ChatGPT make me high-risk?
Not by default. The risk tier depends on what you use it for. ChatGPT in marketing copy is limited-risk. ChatGPT in CV shortlisting is high-risk under Annex III, point 4(a). Stele asks the use questions you don't think to ask.
Where is my data stored?
EU only. Postgres in Frankfurt, object storage in EU-Central, Cloudflare in front. We sign a DPA on every plan including Solo. We don't train models on your data.
How does the hash chain work?
Every audit entry stores a SHA-256 of the previous hash plus a canonical JSON of the payload. Tamper any row and every subsequent hash breaks. We expose a verify-CLI so your auditor can run it themselves.
Is Stele a substitute for a lawyer?
No. Stele drafts artifacts, runs classifications, and keeps records — your DPO or external counsel signs them. We make their job 90% faster, not 0% required.