tika
Get started
Agents

Five agents. One per regulation.

Each agent is grounded in the source text - drafting, mapping and escalating against the statutory clocks so your team focuses on judgment, not paperwork.

GDPR
GDPR Agent
Regulation (EU) 2016/679

Maintains the Article 30 records of processing, drafts Article 28 DPAs and Article 35 DPIAs, and prepares the Article 33 breach notice within the 72-hour window.

What it covers
  • Art. 5 - lawfulness, purpose limitation, minimisation
  • Art. 28 - processor contracts (DPAs)
  • Art. 30 - records of processing activities
  • Art. 33–34 - 72h breach notification & individual notice
  • Art. 35 - Data Protection Impact Assessment
  • Chapter V - international transfers (SCCs, TIAs)
DORA
DORA Agent
Regulation (EU) 2022/2554 - applied since 17 Jan 2025

Owns the ICT risk framework, maintains the register of information on third-party arrangements, and drives the 4h / 72h / 1-month incident reports under RTS 2024/1772.

What it covers
  • Art. 5–16 - ICT risk-management framework
  • Art. 17–23 - incident management & reporting
  • Art. 24–27 - digital operational resilience testing
  • Art. 28–30 - ICT third-party risk & register
  • Art. 40–49 - TLPT (threat-led penetration testing)
MiCA
MiCA Agent
Regulation (EU) 2023/1114

Drafts crypto-asset white papers, prepares CASP authorisation files and tracks ESMA / EBA Q&As - across asset-referenced tokens, e-money tokens and other crypto-assets.

What it covers
  • Title II - white papers for non-ART/EMT crypto-assets
  • Title III - asset-referenced token issuers (incl. reserves)
  • Title IV - e-money token issuers
  • Title V - CASP authorisation & operating conditions
  • Title VI - market abuse rules for crypto-assets
AI Act
AI Act Agent
Regulation (EU) 2024/1689 - full application 2 Aug 2027

Classifies systems by risk tier, maintains the Article 11 technical file and the Article 12 logs, and tracks the staged obligations entering into application on 2 Feb 2025, 2 Aug 2025 and 2 Aug 2026.

What it covers
  • Art. 5 - prohibited practices (in force 2 Feb 2025)
  • Annex III - high-risk system classification
  • Art. 9 - risk management system
  • Art. 11 - technical documentation
  • Art. 12 - automatic logs for high-risk systems
  • Chapter V - general-purpose AI model obligations
NIS2
NIS2 Agent
Directive (EU) 2022/2555 - transposition due 17 Oct 2024

Determines essential vs important entity status across the 18 sectors in Annexes I & II, and operates the 24-hour early-warning / 72-hour notification / 1-month report pipeline under Article 23.

What it covers
  • Art. 3 - essential vs important entity criteria
  • Art. 20 - governance & management body responsibility
  • Art. 21 - cybersecurity risk-management measures
  • Art. 23 - 24h / 72h / 1-month incident reporting
  • Annexes I & II - 18 sectors in scope

Grounded in the source text

Every answer cites the article it relies on - GDPR, DORA, MiCA, AI Act or NIS2 - with the EUR-Lex permalink.

Auditable by design

Model, prompt, retrieval set and output are logged for every action - aligned with the AI Act Art. 12 logging duty.

Reversible

Every agent action is a draft until a human owner approves. Nothing is sent to a regulator without explicit sign-off.

Try the agents