ASK
Your EU compliance copilot. Sovereign AI, no US data transfer.
AI-powered compliance assistant built on Mistral AI, EU-sovereign and France-based. Ask natural language questions about NIS2, DORA, and GDPR obligations and receive context-aware guidance with article references. Morning brief summarises overnight regulatory changes. Powered by RAG over 4,000+ regulatory sources from EUR-Lex, ENISA, and national supervisory authorities.
What you get
Natural Language Regulatory Q&A
Ask questions in plain language — 'Do we need to report this incident under NIS2?' or 'What are our DORA obligations for cloud outsourcing?' — and receive precise, contextual answers with specific article citations. ASK understands the nuance between essential and important entities, between financial and non-financial sector obligations, and between national transposition variations.
Context-Aware Guidance with Article Citations
Every response from ASK includes specific regulatory article references (e.g., 'per NIS2 Directive 2022/2555, Article 23(4)(a)') with links to the source text. Guidance is contextualised to your organisation's sector, entity classification, and applicable Member State transpositions, ensuring advice is specific rather than generic.
Morning Brief
Start each day with an AI-generated summary of overnight regulatory developments relevant to your organisation. New publications from EUR-Lex, ENISA advisories, national supervisory authority guidance, and relevant CJEU rulings are distilled into a 2-minute read with impact assessment and recommended actions.
RAG over 4,000+ Regulatory Sources
ASK's knowledge is grounded in a continuously updated corpus of 4,000+ regulatory sources including EU Official Journal publications, ENISA guidelines, EBA/EIOPA/ESMA technical standards, national transposition laws across 27 Member States, and supervisory authority enforcement decisions. Retrieval-augmented generation ensures responses are factual and current.
EU-Sovereign AI (Mistral, France-Hosted)
All AI processing runs on Mistral AI infrastructure hosted in France. No query data, compliance information, or organisational context is transferred to US-based AI providers. This satisfies GDPR Chapter V transfer restrictions and organisational policies requiring EU data sovereignty for sensitive compliance data.
Multi-Language Support (24 EU Languages)
Ask questions and receive answers in any of the 24 official EU languages. Regulatory sources are processed in their original language, and ASK can reference national transposition texts in the Member State's official language while providing guidance in your preferred working language.
How it works
Ask a Question
Type a regulatory question in natural language in any of the 24 supported EU languages. Questions can range from simple lookups ('What is the NIS2 incident reporting deadline?') to complex interpretive queries ('How does DORA interact with NIS2 for banks operating in multiple Member States?').
ASK Retrieves Context
The RAG engine searches the 4,000+ regulatory source corpus to find the most relevant regulatory texts, guidance documents, and enforcement precedents. Results are filtered by your organisation's sector, entity classification, and applicable jurisdictions for maximum relevance.
Get Cited Answer
ASK generates a clear, actionable answer with specific article citations and links to source documents. Confidence indicators flag areas where regulatory interpretation is unsettled or where national transpositions vary, so you know when to seek additional legal counsel.
Take Action
Convert ASK guidance into action — create compliance tasks, update risk assessments, draft policy changes, or schedule team briefings. ASK responses can be saved to the knowledge base and shared with colleagues for consistent interpretation across the organisation.
Built for your team
GDPR Interpretation
A DPO receives a data subject access request involving data processed by a sub-processor in a non-EEA country. They ask ASK to clarify the obligations under GDPR Articles 15 and 28, the impact of the Schrems II ruling on the transfer mechanism, and whether the new EU adequacy decision for the relevant country applies. ASK provides a structured response with specific article references, relevant EDPB guidelines, and the applicable national DPA position.
Regulatory Horizon Scanning
The CISO checks the morning brief each day to stay ahead of regulatory developments. When a new DORA RTS on ICT incident classification is published, the morning brief summarises the key changes, identifies which current processes are affected, and recommends specific updates to the incident management workflow. The CISO forwards the brief to the relevant team leads with action items already outlined.
Daily Regulatory Guidance
A compliance officer uses ASK throughout the day for quick regulatory lookups — confirming NIS2 reporting timelines, checking whether a new business activity falls within DORA scope, or verifying the correct supervisory authority for a cross-border incident. Each query returns in seconds with precise article citations, replacing hours of manual regulatory research across multiple source documents.
Supports your compliance stack
Common questions
How does FortisEU ensure AI data sovereignty with no US data transfer?
ASK is built exclusively on Mistral AI, a French AI company with all infrastructure hosted in EU data centres. No query data, organisational context, or compliance information is ever transmitted to US-based AI providers such as OpenAI, Anthropic, or Google. This architectural decision satisfies GDPR Chapter V transfer restrictions, Schrems II requirements, and organisational policies mandating EU data sovereignty. All embeddings, inference, and model fine-tuning occur within EU jurisdiction under French data protection law.
How does ASK prevent AI hallucination and ensure accuracy?
ASK uses retrieval-augmented generation (RAG) grounded in a curated corpus of 4,000+ authoritative regulatory sources. Every response is generated from retrieved source documents, not from the model's parametric memory alone. Responses include confidence indicators and source citations so users can verify accuracy. When the corpus does not contain sufficient information to answer a question reliably, ASK explicitly states the limitation rather than generating a speculative response. Regular accuracy audits against known regulatory interpretations maintain quality.
What regulatory sources does ASK cover?
The ASK corpus includes EU Official Journal publications via EUR-Lex (directives, regulations, delegated acts), European Supervisory Authority technical standards (EBA, EIOPA, ESMA), ENISA guidelines and threat landscape reports, EDPB guidelines and opinions, national transposition laws for all 27 Member States, national supervisory authority guidance and enforcement decisions, and relevant CJEU case law. The corpus is updated daily from automated RSS and SPARQL feeds. Coverage focuses on cybersecurity, data protection, financial regulation, and AI governance.
Which languages does ASK support?
ASK supports all 24 official EU languages: Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish, and Swedish. You can ask questions in one language and receive answers in another. Regulatory sources are processed in their original publication language, and ASK can reference national transposition texts in the Member State's official language while providing guidance in your preferred working language.
How is ASK different from using ChatGPT for compliance questions?
Three fundamental differences separate ASK from general-purpose AI assistants. First, data sovereignty: ASK runs on EU-hosted Mistral AI with zero US data transfer, while ChatGPT sends all queries to US-based OpenAI servers — a potential GDPR Chapter V violation for sensitive compliance data. Second, source grounding: ASK retrieves answers from a curated corpus of 4,000+ authoritative regulatory sources with article citations, while general AI draws from uncurated training data and cannot guarantee accuracy or currency. Third, organisational context: ASK understands your specific entity classification, sector, applicable Member States, and existing compliance posture, providing guidance tailored to your situation rather than generic regulatory summaries.
Related features
Compliance Automation
Map once. Comply everywhere.
Learn moreQuestionnaire Automation
Answer security questionnaires in minutes, not weeks.
Learn moreRisk Management
From risk register to risk intelligence.
Learn moreExecutive Dashboards
Board-ready compliance intelligence. Not another spreadsheet.
Learn moreSee ASK in Action
Create an account and explore the platform, or talk to our team about enterprise deployment.