142+ Features for Continuous Compliance
The complete Compliance OS: from free assessment to daily operations across 8 regulatory frameworks.
Organization Management
Structure your organization for effective AI governance
Departments & Employees
Manage your organizational structure with departments and employee profiles.
- Department hierarchy
- Employee roles
- Position tracking
- Responsibility mapping
Business Processes
Document and link business processes to AI systems for complete traceability.
- Process inventory
- AI system linkage
- Department mapping
- Impact assessment
AI Systems Inventory
Maintain a complete registry of all AI systems with risk classification and human oversight.
- System catalog
- EU AI Act risk classification
- Human oversight (HITL/HOTL/HIC)
- Lifecycle status
Data Asset Inventory
GDPR-compliant Record of Processing Activities (ROPA) for AI data.
- Data classification
- Processing activities
- Cross-border transfers
- Vendor & AI system links
Vendor Assessment
Evaluate and manage vendor compliance with self-assessment portal
Vendor Registry & Risk
Track third-party AI providers with criticality levels and risk scoring.
- Vendor catalog
- Criticality levels
- Risk scoring
- DPA tracking
Assessment Templates
Multi-language questionnaire templates for 16 regulatory frameworks.
- EU AI Act template
- ISO 27001 template
- DORA, NIS2, CRA templates
- Multi-language (EN/ES)
Vendor Portal (Self-Assessment)
Invite vendors to complete compliance assessments through a self-service portal.
- Token-based access
- Email invitations
- Section-by-section forms
- File upload support
Review & Collaborative Mode
Review vendor responses, approve or reject, and split work between vendor and internal teams.
- Approve/reject workflow
- Override with justification
- Section assignments
- Automated reminders
Client Management
Manage your client portfolio with portal access and AI-powered contract analysis
Client Registry & Dashboard
Centralized client portfolio with communications log, notifications, and incident integration.
- Client CRUD with status
- Communications log
- Client notifications
- Dashboard with metrics
Contract Management
Upload, manage, and version client contracts with compliance tracking.
- File upload (PDF, DOCX)
- Version management
- Status lifecycle
- Authenticated download
AI Contract Analysis
AI extracts compliance clauses, SLA terms, risk levels, and data processing requirements from contracts.
- Risk level extraction
- GDPR clause detection
- SLA term extraction
- Compliance gap alerts
Client Portal (Magic Link)
Self-service portal for clients with email-based authentication — no passwords needed.
- Magic link auth (24h sessions)
- Incident report viewing
- New report submission
- URL/email/domain access modes
AI Governance & Discovery
Comprehensive AI lifecycle management and documentation
Shadow AI Detection
Identify undocumented AI tools being used by employees through targeted surveys.
- Anonymous surveys
- Department targeting
- Adaptive questionnaires
- Risk identification
Discovery Campaigns
Launch campaigns to systematically discover AI usage across teams and departments.
- Email invitations
- Response tracking
- Campaign templates
- Completion analytics
Model Cards & Metrics
Standardized documentation for AI models with precision metrics and robustness assessments.
- Model registry
- Performance metrics
- Bias assessment
- Robustness tracking
AI Logging & Evidence
Append-only operational logs, risk events, and human oversight logs for audit compliance.
- Operational logs
- Risk event tracking
- Oversight evidence
- Evidence pack export
Risk & Incident Management
Comprehensive risk management and EU AI Act incident handling
Risk Register
Centralized risk management with heat maps, scoring, and fundamental rights impact assessment.
- Impact vs likelihood scoring
- Heat map visualization
- Fundamental rights impact
- Vulnerable groups assessment
Incident Management
Full incident lifecycle per EU AI Act Article 73 with regulatory notification deadlines.
- 72h/10d/15d deadlines
- Serious incident types
- CAPA tracking
- Public incident portal
AI Threat Assessment
AI-specific threat and vulnerability assessment per Article 15.5.
- Threat catalog
- Vulnerability tracking
- Mitigation plans
- Risk-control mapping
Multi-Framework Assessment
Assess against 16 regulatory frameworks simultaneously with unified questionnaires.
- EU AI Act
- GDPR
- NIS2
- DORA
- CRA
- ISO 27001
- + 10 more
EU AI Act Conformity
Complete EU AI Act conformity assessment and documentation
EU Declaration of Conformity
Article 47 declaration with CE marking, provider information, and harmonized standards.
- Article 47 compliance
- CE marking support
- Harmonized standards
- Version control
Technical Documentation (Annex IV)
12-section template per Annex IV with auto-population and attachments.
- 12-section template
- Auto-population
- File attachments
- PDF export
Post-Market Surveillance
Surveillance plans with indicators, alerts, and integration with incident management.
- Surveillance plans
- Performance indicators
- Alert thresholds
- Incident integration
Transparency Documentation
Instructions for use, foreseeable misuses, and explainability documentation per Article 13.
- Instructions for use
- Foreseeable misuses
- Explainability docs
- ML lifecycle tracking
Training & Certification
AI Literacy training per Article 4 of the EU AI Act
AI Ethics Training
Customized training courses to educate employees on responsible AI use and regulatory requirements.
- Interactive modules
- Role-based content
- Multi-language support (EN/ES)
Exams & Certification
Validate employee knowledge with assessments and issue official certifications upon completion.
- Automated grading
- Certificate generation
- Completion tracking
AI Course Generator
Automatically generate training content and exams using AI assistance.
- Content generation
- Exam builder
- Multi-language
- Preview & edit
Governance (GRC)
Complete governance, risk, and compliance management for AI
Policy Management
Create, version, and manage AI governance policies with full lifecycle support.
- Rich text editor
- Version control with diff
- Approval workflows
- PDF export
Controls Library
Define and track controls that mitigate AI-related risks and ensure compliance.
- Control catalog
- Risk mapping
- Evidence linking
- Effectiveness tracking
Approval & Acknowledgments
Multi-step approval workflows with email notifications and policy acknowledgment tracking.
- Sequential/parallel approvers
- Email notifications
- Acknowledgment tracking
- Deadline reminders
Governance Documents
Centralized repository for governance evidence: meeting minutes, decisions, certifications.
- Document upload
- Category organization
- Policy/control linking
- Retention management
Self-Assessment & Frameworks
Multi-framework self-assessment across 8 regulatory frameworks with organization and AI system level assessments
GDPR Self-Assessment
70 questions covering data protection, processing activities, cross-border transfers, and vendor DPAs.
- Organization-level assessment
- AI system-level assessment
- Gap mapping to GRC
- Dashboard widget
NIS2 & DORA Self-Assessment
NIS2 (65 questions) for critical infrastructure and DORA (73 questions) for financial sector compliance.
- Vendor templates (NIS2: 47q, DORA: 49q)
- Org-level assessment
- Auto GRC folder creation
- Multi-language (EN/ES)
CRA & ISO 27001 Self-Assessment
CRA (74 questions) for cyber resilience and ISO 27001 (62 questions) for information security.
- CRA vendor template (49q)
- CRA vulnerability reporting (8 types)
- ISO 27001 vendor assessment
- Gap-to-document mapping
Framework Management
Enable/disable frameworks per organization, customize GRC folder names, and track compliance progress.
- Smart framework recommendations
- Auto GRC folder creation
- Compliance dashboard widget
- Cross-framework gap mapping
Industry Packs & Automation
Pre-configured compliance packages and automated folder workflows
Industry Packs
One-click compliance setup per industry and regulation. Automatically creates folders, documents, controls, risks, training, and surveys.
- Call Center GDPR pack
- Healthcare NIS2 pack
- Generic NIS2 pack
- Preview before apply
Folder Rules
Automated workflows per GRC folder: approvals, acknowledgments, notifications, and questionnaires with inheritance.
- 4 rule types
- Multi-target selector
- Rule inheritance
- Distribution list integration
Evidence Management
Centralized evidence repository with lifecycle management. File, text, and link evidence types.
- Evidence lifecycle (draft→active→expired)
- S3 file upload
- Cross-entity linking
- Evidence pack export
Unified Task Dashboard
One view for all pending compliance actions across 6 modules: approvals, acknowledgments, CAPAs, assessments, audits, surveillance.
- Cross-module aggregation
- Summary cards
- Filters and search
- Priority indicators
AI Cybersecurity & Fundamental Rights
Article 15.5 cybersecurity controls and Article 9 fundamental rights impact assessment
AI Cybersecurity Controls
Cybersecurity controls catalog with AI system implementation tracking per Article 15.5.
- Controls catalog
- Implementation tracking
- Threat assessment
- Vulnerability management
Fundamental Rights Impact
EU Charter fundamental rights impact assessment and vulnerable groups analysis per Article 9.
- Rights impact assessment
- Vulnerable groups analysis
- Risk appetite definition
- Mitigation tracking
Reporting & Analytics
Generate comprehensive compliance documentation
Compliance Reports
Generate detailed compliance reports suitable for stakeholders and regulators.
- Executive summaries
- Evidence pack export
- Audit trail
- Export to PDF
Dashboard & Analytics
Visual dashboards showing compliance status across all your AI systems.
- Real-time metrics
- Client portfolio view
- Vendor compliance gaps
- Maturity levels (L1-L8)
Platform & Distribution
Multi-tenant platform with white-label and partner capabilities
White-Label (Reseller)
Distribute the platform under your own brand with custom domains and styling.
- Custom branding
- Custom domains (SSL)
- Menu configuration
- Revenue share model
Service Partner Portal
External consultants access assigned client organizations with audited sessions.
- Client context switching
- Access level controls
- Audit trail
- Partner marketplace
Global Admin Backoffice
Platform administration with organization management, partner approvals, and security.
- 2FA (TOTP)
- Organization suspend/delete
- Partner management
- Audit logs
Public API & Integrations
RESTful API for custom integrations and automation workflows.
- 210+ API endpoints
- External surveillance API
- Celery background tasks
- Webhook support
Metrica.uno vs Manual Compliance
See how Metrica.uno streamlines your compliance process
| Feature | Manual Process | Metrica.uno |
|---|---|---|
| AI Inventory | Spreadsheets | Centralized registry |
| Shadow AI Discovery | Manual interviews | Automated surveys |
| Assessment Time | 40+ hours | 2-4 hours |
| Framework Coverage | Single framework | 16 frameworks supported |
| Gap Identification | Manual analysis | Automated detection |
| Policy Management | Word documents | Version-controlled with rich editor |
| Controls Library | Scattered documents | Centralized control catalog |
| Approval Workflows | Email chains | Multi-step workflow builder |
| Policy Acknowledgments | Paper signatures | Digital tracking & reminders |
| Employee Training | External courses | Integrated AI ethics training |
| Certification | Not tracked | Automated exams & certificates |
| Reporting | Manual compilation | Instant PDF generation |
Start Your Free Assessment
Assess your regulatory compliance in minutes. 8 frameworks, 142+ features. No credit card required.