NNureComp
Sign inStart free 7-day discovery
EU AI Act · Article 4 · Enforceable since 2 Feb 2025

Find out which AI your staff actually use.Then train each person on what Article 4 actually requires.

Most AI training is the same 40 minutes for everyone. The EU AI Act says it must be role-specific. NureComp discovers what AI tools your team uses, maps it to each role, delivers the right training, and produces audit-ready evidence on demand.

Start free 7-day discoverySee a sample evidence pack

No card required. SSO-first — we never store your staff's names or emails. From £12/seat/year.

DiscoverMapTrainEvidenceMonitor
AI Registry · Acme Law LLP
  • ChatGPTLimited risk · 42 users
  • Microsoft CopilotApproved · 87 users
  • Lexis+ AILimited risk · 14 users
  • AI in our ATSHigh risk · 3 users
Article 4 Readiness
92 / 100
Evidence pack regenerated 2 days ago
92
The UK compliance evidence platform

One engine. Four statutory domains. One evidence pack.

Start with the domain you need today. Add others as your scope grows. One workforce mapped once; one evidence pack covering everything. Bundle savings up to 50%.

AI literacy
EU AI Act Article 4

Enforceable since 2 Feb 2025. High-risk system deadline Aug 2026.

Explore this domain →
Harassment
Worker Protection Act 2023

"All reasonable steps" defence + third-party liability from 1 Oct 2026.

Explore this domain →
UK GDPR + DUAA
DUAA 2025

Mandatory complaints procedure live 19 Jun 2026. Refresher + role overlays.

Explore this domain →
Cyber awareness
NCSC Cyber Essentials

Supply-chain assurance now. CSR Bill enforcement 2027-28.

Explore this domain →

Don't need all four? Each domain stands on its own — start with the wedge that hurts most.

The platform

An AI Compliance Operating System — not just a training course.

Five stages, one platform. Buyers see the whole loop on day one. Auditors see it any day after.

  1. Step 1
    Discover

    Anonymous 2-minute staff survey. Surfaces every AI tool your team is actually using — including the ones IT doesn't know about.

  2. Step 2
    Map

    Auto-map staff × tools → the specific training each person needs. Role overlay, sector overlay, tool-specific micro-modules.

  3. Step 3
    Train

    Role-tailored learning in 30–90 minutes per person. Five core modules plus the tools they actually use. Mobile-first.

  4. Step 4
    Evidence

    Live Readiness Score, hash-chained audit log, on-demand PDF pack with certificates, manifest, methodology.

  5. Step 5
    Monitor

    Forward-looking view. Expiring certificates, newly-detected AI tools, recommended actions. Never stale.

Why generic 40-minute training fails Article 4

The regulation is explicit about what "sufficient AI literacy" looks like — and one-size-fits-all content does not meet it.

Generic e-learning approach

Same 40-minute video for every employee. Identical quiz. PDF certificate. No record of which AI tools they actually use. No mapping to role. No live status.

“Sufficient” — to who? The regulator is looking for evidence that the training matched the role and the context.

The NureComp approach

Anonymous survey surfaces actual tool usage per person. Auto-assign Core + tool-specific + role-overlay + sector modules. Live Readiness Score. Hash-chained audit log. On-demand evidence pack with methodology document.

Exactly what Article 4 calls for: training proportionate to the AI in use and the individual's role.

“…shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in…”

— EU AI Act, Article 4

Built around the four jobs your compliance lead actually has

AI Discovery Engine

A 2-minute pseudonymous survey to every staff member. Answers — including the tools they use, how often, and for what — flow into your central AI Registry. Admin classifies each tool by risk (minimal / limited / high) and status (approved / unsanctioned / blocked).

  • Aggregate-only display until 5+ responses (preserves anonymity)
  • Pseudonym-only storage — never your staff's names or emails
  • Catalogue of 15 known tools auto-matched from free text

Role Mapping Engine

One click auto-assigns each learner the exact training they need: Core literacy, the specific tool-modules for what they use, a role overlay (Staff, Manager, Compliance/Risk, HR, Refresher), and a sector overlay (Legal, Accountancy, Recruitment, Financial Services, Marketing).

  • Idempotent — re-runs add only what's missing
  • Annual renewal logic + new-tool trigger
  • Matrix view: staff × tools, with status pill per cell

Continuous Evidence Dashboard

A live Article 4 Readiness Score — weighted blend of training currency, tool coverage, AUP acknowledgment, and evidence-pack freshness. Regenerate the PDF pack any time from current state.

  • Hash-chained audit log (tamper-evident)
  • Per-tool, per-staff, per-module drill-down
  • Methodology document mapping content → Article 4 requirements

Trust Center (public)

A public page at /trust/your-orgthat your customers' customers can visit. You choose what's shown — Readiness Score, approved-tool list, sub-processors, DPO contact, evidence-request form. Nothing publishes without your opt-in.

  • Direct procurement-evidence channel — answers due-diligence faster than email
  • Every external evidence request logged + DPO notified
  • Toggle per-section visibility independently
Privacy by default

Your IT team will approve this faster than they approved Slack.

Connect via Microsoft Entra ID, Google Workspace, or Okta and we never store your staff's names or emails. Training records link to pseudonyms derived via HMAC of the IdP subject claim. Names appear on certificates only at the moment they're generated, never persisted in our database.

EU residency by default

Hosted in EU jurisdiction. No US data transfer in normal operation.

HMAC pseudonyms

Staff identifiers derived from your IdP subject claim + per-org secret.

Hash-chained audit log

Every state change is signed. Tamper-evident.

UK GDPR processor stance

For SSO tenants we hold no PII, so the DPA is short.

AI features — opt-in, tier-gated

Optional AI inside the product — but only if you want it.

Starter has zero runtime AI — clean Article 4 compliance without paying for AI features. Pro adds admin-side AI helpers; Business adds learner-facing AI; Enterprise adds custom RAG. Every tier comes with per-feature spend caps and full audit logging.

Pro
Admin AI helpers

Smart assignment recommendations, natural-language admin queries, AI-drafted executive summaries on every report.

Business
Learner AI Trainer

“Ask the Trainer” chat panel during modules. AI-drafted Acceptable Use Policy from your discovered registry.

Enterprise
RAG + extension discovery

Custom-trained domain assistant on your own knowledge base. Browser-extension discovery beyond the survey baseline.

Pricing that scales with your team

Annual billing. No setup fees. From 10 seats up.

Starter
£12
/seat/year · 10+ seats

Core + sector + evidence pack. Zero in-product AI.

Most chosen
Pro
£25
/seat/year · 25+ seats

Above + SSO + admin AI helpers. Most chosen.

Business
£40
/seat/year · 50+ seats

Above + learner AI Trainer + AI-drafted AUP.

Enterprise
£60+
/seat/year · 100+ seats

Above + RAG + extension discovery + assurance pack.

See full pricing
CPD-aligned by design

Structured learning your professional body will accept.

Every module discloses its CPD hour value. Every completion is signed in the hash-chained audit log. Every certificate lists the hours earned and links to a public verification URL. Suitable for SRA, ICAEW, CIPD, and personal CPD records.

CPD hour disclosure

Each module has an explicit CPD hour value (not derived from duration) shown to the learner before they begin.

Outcome-led

Learners see specific, measurable outcomes (“identify the four risk levels…”) before they start, not vague aspirations.

Downloadable CPD transcript

Running record across every module the learner has completed — for SRA Continuing Competence, ICAEW CPD, CIPD log.

Published methodology

How CPD hours are calculated, what counts as structured learning, audit trail and verification — published at /methodology/cpd.

EU residency
All processing in EU jurisdiction.
Cyber Essentials
In progress — issued Q3 2026.
ICO registered
Number on /legal/privacy.
CPD Provider
Application submitted to The CPD Group.
DPA + SCCs
Standard processor terms; reverse-charge VAT.

Common questions

Isn't this just another LMS?

No. LMS players (Skillsoft, DataCamp, QA) deliver content. They have no discovery, no role-mapping, no live evidence — the regulator-side of the work. NureComp sits at the intersection of AI governance + training + continuous evidence. Nobody else covers all three at SME pricing.

How is "role-specific" different from generic AI training?

Generic training assumes one curriculum for everyone. Our auto-assign algorithm builds each learner's training matrix from the AI they actually use (per the discovery survey), their role (Staff / Manager / Compliance / HR / Refresher), and their sector. A solicitor using ChatGPT + Lexis+ AI gets a different matrix from an HR manager using the firm's ATS.

What does the evidence pack contain?

A cover letter, methodology document (mapping content to Article 4 requirements), curriculum summary, staff completion table, individual certificate PDFs, CSV training records, hash-chained audit log extract, and a machine-readable verification manifest. Each certificate is independently verifiable at /verify/{code}.

Do you store our staff data?

For SSO tenants (Pro and above), no. We store a pseudonym derived from your IdP subject claim. Names appear only on certificates at the moment they're generated and never get written to the database. For Starter (email mode, sub-25 seats) we hold standard email + name as a processor.

What about high-risk AI under Annex III?

Article 4 (AI literacy) is one piece. High-risk obligations under Articles 9–17 and Article 26 bite from August 2026 (or December 2027 if the Digital Omnibus shifts the timeline). The Discovery engine surfaces high-risk uses; sector overlays (HR, Financial Services) call them out. Full Article 9–14 deployer tooling is on the roadmap.

Is this legal advice?

No. Content is reviewed by qualified UK counsel before paying-customer launch, but use the platform alongside — not instead of — your firm's legal and compliance advisors.

Start with discovery. Article 4 readiness follows.

Run a free 7-day anonymous survey of your staff. In 48 hours you'll have the AI register every other compliance product asks you to provide.

Start free 7-day discovery Book 15-min walkthrough