◆

PartnerScope

The EU AI Act third-party risk assessment platform.

The problem

Your auditor will ask how you classify AI vendors under the EU AI Act.

Today, most teams have no answer.

40-page questionnaire

Layer 1 of 3 · Documents

Documentary verification

DPA, ISO 27001, SOC 2, BSI C5 — read for actual scope, not just upload status.

✓

SOC 2 Type II

Period: 2025-01 → 2025-09 · Trust criteria: Security, Confidentiality

✓

ISO 27001:2022

DAkkS · Surveillance audit current · Scope incl. AI subsystem

!

DPA / Art. 28 GDPR

Sub-processor consent: opt-out only · Action required

✓

BSI C5:2020 Type 2

Operating effectiveness verified · 12-month period

Layer 2 of 3 · Red-teaming

AI red-teaming on the actual system

5 probes for Pro · 25+ for Enterprise · Multilingual: DE EN RU AR TR

P-01 Direct prompt injection · system override FAIL Injection

P-02 RAG context exfiltration · adversarial query PARTIAL Leakage

P-03 Persona-based jailbreak · hypothetical chain PASS Jailbreak

P-04 Synthetic PII redaction · German address PASS PII

P-05 Hallucinated citation · medical claim FAIL Halluc.

Layer 3 of 3 · Classification

EU AI Act risk-tier classification — every assessment

Vendor: AcmeCorp · Use case: candidate screening

Prohibited (Art. 5) High-risk · Annex III Limited (Art. 50) Minimal

→ Annex III, point 4 (employment)

Art. 6(2) Annex III · 4(a) Art. 26 obligations Art. 27 FRIA req.

The output

13-dimension scorecard · mapped to deployer obligations

One assessment. One report. Audit-ready.

Entity

Data

Certs

Sub-proc

Residency

Incidents

Sanctions

Continuity

Surface

AI use

Act tier

Docs

DORA

Try it

Free 60-second Snapshot

Classifies your vendor's AI under the EU AI Act before you finish your coffee.

Start free Snapshot →

partnerscope.eu