How does Hydrus help with EU AI Act compliance?

Classifies systems across the four risk tiers, screens for Article 5 prohibited practices, auto-drafts the documentation high-risk obligations require as they phase in, and generates audit-ready Annex IV evidence and exports.

What’s the difference between Hydrus and a documentation-only GRC tool?

Generic GRC tools store policies. Hydrus continuously discovers your actual AI systems, classifies them, maps controls, and keeps evidence current automatically — a living system of record, not a binder.

Is Hydrus a runtime firewall or proxy?

No. Hydrus is the governance and audit-evidence layer. It integrates with your cloud, model providers, and AI-security tools as evidence sources; it doesn’t sit in your live request path.

How does Hydrus handle our data and security?

SOC 2 (Type II) and ISO 27001. Encryption in transit (TLS 1.3) and at rest (AES-256). Deploy as SaaS or inside your own VPC / self-host. Regional data residency available.

Can Hydrus govern AI agents and not just models?

Yes. Built for agentic and MCP environments, with impact assessments, tool-call accountability, and full audit logs for autonomous behavior.

How fast can we deploy?

Most teams reach a governed inventory in days, not quarters. Deploy as SaaS or in your own VPC, integrating via API and connectors.

AI Governance Platform

Govern every
AI system.
Prove it, continuously.

Continuously discover every AI model and agent, classify and tier risk, map controls, and stay audit-ready against the EU AI Act, NIST AI RMF, ISO 42001, and AIUC-1.

Get started Book a demo See how it works ↓

Inventory every AI systemAudit-ready, alwaysDeploy in days

Live · Governance Activity

GovernedAudit-Ready

next.hydrus.ai/ai-governance

Hydrus AI Governance dashboard showing 10 AI systems, FRIAs awaiting review, shadow AI discovery, and controls & evidence modules

Aligned with the standards your regulators and customers expect

EU AI ActNIST AI RMFISO 42001AIUC-1OECD AI PrinciplesGDPRSOC 2EU AI ActNIST AI RMFISO 42001AIUC-1OECD AI PrinciplesGDPRSOC 2EU AI ActNIST AI RMFISO 42001AIUC-1OECD AI PrinciplesGDPRSOC 2

01 /The Problem

AI adoption is easy. Governing it is where enterprises stall.

No single source of truth

Models, agents, and vendors sprawl across teams with no inventory and no clear ownership.

Governance arrives too late

Risk and compliance reviews happen after the build, so launches stall and shadow AI spreads.

Compliance can’t keep up

The EU AI Act, NIST AI RMF, and ISO 42001 demand continuous proof, but evidence is still gathered by hand.

02 /Platform

One platform to catalog, classify, and prove your AI.

Hydrus unifies AI discovery, risk classification, impact assessments, control mapping, and continuous audit evidence in a single governed layer.

Catalog AI & Assess Risk

Build one living inventory of every AI system and tier its risk.

Central inventory of models, datasets, agents, and vendors
Automated risk tiering against EU AI Act risk classes / Annex III
Ownership, lifecycle status, and dependency mapping

Discover Shadow AI

Find the AI in use that no one registered.

Auto-discovery of AI usage across cloud, SaaS, and model providers
Flag unregistered / unsanctioned systems
Bring every system under governance before audit

Assess Impact & Map Controls

Turn regulations into structured, owned work.

Auto-drafted Fundamental Rights Impact Assessments routed for sign-off
Controls mapped across EU AI Act, NIST AI RMF, ISO 42001, AIUC-1
Named accountability and review workflows

Prove Compliance Continuously

Generate audit-ready evidence automatically as your AI evolves.

Evidence and control mappings generated automatically
Model cards, AI bills of materials, and lineage / technical files
Audit-ready exports for EU AI Act (Annex IV), NIST AI RMF, ISO 42001, AIUC-1

Explore the platform

03 /How It Works

From first AI system to governed scale.

Discover

Connect your stack; Hydrus auto-discovers models, agents, vendors, and shadow AI.

Classify

Tier risk and map each system to the frameworks that apply.

Document

Auto-draft FRIAs, model cards, and technical files; route for sign-off.

Prove

Generate continuous, audit-ready evidence as your AI evolves.

Most teams reach a governed AI inventory in days, not quarters.

Deploy as SaaS or inside your own VPC. Integrate via API and connectors — governance lives at the platform layer.

04 /Why Hydrus

Governance that’s continuous, not a once-a-year scramble.

Standards-Aligned Out of the Box

Why it matters · EU AI Act, NIST AI RMF, ISO 42001, AIUC-1 pre-mapped

Outcome · Coverage on day one, not after a project.

Continuous Evidence

Why it matters · Automated evidence and control mappings

Outcome · Audit-ready exports, not quarterly scrambles.

Living System of Record

Why it matters · Auto-discovery and shadow-AI detection

Outcome · An inventory that’s always current.

Built for Agents & MCP

Why it matters · Impact assessments and audit logs for autonomous behavior

Outcome · Tool-call accountability and full traceability.

Evidence From Your Whole Stack

Why it matters · API and connectors across cloud, model providers, and security tools

Outcome · One governed layer across providers.

Two Ways to Adopt

Why it matters · Self-serve for lean teams; expert-configured for enterprise

Outcome · Governed production in days, your way.

05 /By Role & Segment

See what changes for your team.

SMB / lean teams

Sign up and govern in a day
Pre-built policy and control templates
Auto-discovery and one-click framework mapping
Continuous evidence with no consultant required

Shadow AI mapped before it ships
Security and data-governance controls evidenced
One inventory of every AI system and vendor
Audit evidence from real platform activity

Representative Outcome

"Hydrus let us embed oversight across the AI lifecycle and accelerated approvals from weeks to days."

Illustrative — based on common deployment outcomes.

06 /FAQ

Common questions.

Inventorying, risk-assessing, documenting, and proving the behavior of every AI system you run. It matters now because the EU AI Act, NIST AI RMF, and ISO 42001 increasingly require continuous, demonstrable oversight — and because AI agents now take actions, not just generate text.

Download

EU AI Act Compliance Guide

A practical walkthrough of risk tiers, prohibited practices, and audit-ready obligations.

30-minute walkthrough

Bring AI into your enterprise — fast, compliant, and provable.

See continuous governance live in 30 minutes.

Book a demo Get started

Financial services · Healthcare · Government · Technology

Contact

Talk to the team.

AI governance or sustainability reporting — book a walkthrough, or start free in the app whenever you're ready.

Prefer to dive in?

Create an account and start in minutes — no credit card required.

Get started free

Book a discovery call

30-minute demo

Pick a time that works for you — we'll walk through Hydrus and answer your questions.

Calendar not loading? Open the scheduling page.

Send us a message

Prefer to write first?

Tell us about your program and we'll respond within one business day.

For security questionnaires and vendor reviews, book a call and we'll route you to the right person.

Enterprise-ready: SOC 2 (Type II), ISO 27001, encryption, and flexible deployment.Security & compliance →

Govern everyAI system.Prove it, continuously.