Determinism
The engine is implemented in pure TypeScript. No LLM in the decision loop.
Every answer in the questionnaire passes through an eight-stage pipeline: AI definition, prohibited practices (Article 5), Annex I, Annex III, derogation (Article 6(3)), transparency obligations (Article 50), GPAI (Article 53), role (Article 3).
Same input, same output. Always. The result is reproducible in an audit, even years later.
Section 02Knowledge base
The engine executes rules. The rules come from an internal knowledge base that describes how we read each article of the Regulation.
The KB is curated by the Synthos Logic team and reviewed by the partner law firms that provide the final legal opinion.
The sources it rests on: the text of the Regulation (EUR-Lex); the AI Office guidelines (European Commission, C(2025) 884 final of 4 February 2025 on prohibited practices); decisions of national data protection authorities — for example the Italian Data Protection Authority (Garante) cases on Clearview AI, ChatGPT, Replika and Foodinho/Glovo (illustrative enforcement examples from the Italian DPA); relevant national case law (illustrative Italian examples: Court of Bologna, labour section, 31 December 2020, the Deliveroo case; Council of State, section VI, judgment 8472/2019); and the national implementing measures of each Member State (in Italy, Law No. 132 of 23 September 2025).
The full catalogue, with authoritative links for each source, is on the dedicated page.
Current version: KB v1.0, with legal review by the partner law firms. Last regulatory check: 27 May 2026.
Section 03What the pre-screening does not do
The grey areas are flagged, not resolved. The legal opinion is made possible, not replaced.
The pre-screening covers standard SMEs. For GPAI with systemic risk (Article 51) a dedicated assessment is needed: the pre-screening states the perimeter and redirects.
For interactions with concurrent product legislation (MDR, the Machinery Directive, MiCAR, DORA) the pre-screening states the overlap, but the precise reading is case by case.
The user browses anonymously. Answers live in the browser session and are not transmitted further.
Section 04Stated limits
Confidence. Every outcome has an explicit level (high, medium, low) reflecting how many 'Do not know' answers or grey areas are involved. Below medium, the pre-screening flags that a second pass is needed.
Free tier. Five systems per assessment. Beyond this perimeter, a portfolio analysis requires an overall reading, not a sum of pre-screenings.
SLA. Not applicable: it is a public workshop, continuously available.
Section 05How we update
When a relevant legal act is published (an implementing act, an AI Office guideline, a data protection authority decision, a national judgment, the Digital Omnibus) the team reviews the KB and publishes a new version.
The changelog is tracked publicly in the repository's decisions log. Minimum frequency: monthly revisiting, with acceleration around individual events.
Section 06The levels the engine recognises
The engine classifies each system into one of the nine bands provided for by the Regulation. Four are representative of the SME workflow and appear below, with the legal source and the stated contractual action. The full detail of the nine levels (including the grey areas and the Article 6(3) derogations) is on the pre-screening result page.