UK DUAA right to complain enforces in -- days · 19 June 2026 EU AI Act high-risk enforces in -- days · 2 August 2026
OBEXGATE
Free AI Risk Assessment Does OBEXGATE apply to you?

EVF Assessment

Your AI is running.
Do you know what it's exposing you to?

Most businesses using AI have no idea what regulatory obligations have already attached to them. The EU AI Act is in force. GDPR covers AI that touches personal data. Sector regulators are issuing guidance right now. The EVF gives you a structured, honest picture of where you actually stand, at the level of depth your organisation needs.

EU AI Act enforcement live GDPR covers AI outputs Cross-border use means cross-border fines AI chatbots collect personal data by default Sector-specific obligations layer on top
Start free. Find out now. See all assessment tiers

The problem

You don't need to be a large enterprise to have AI compliance obligations. You just need to be using AI.

A restaurant booking chatbot collects personal data. A medical practice using AI note-taking has HIPAA and data protection obligations. A small business with an AI customer service tool is subject to consumer protection rules. A funded startup shipping globally inherits the compliance requirements of every market it enters. The rules don't wait until you're ready.

The EVF was built to answer one question: given how you are actually using AI right now, what are you exposed to, and what do you need to do about it? Whether you need a free starting point or a full audit-grade assessment, the ladder starts here.

Restaurant

AI booking assistant handling customer preferences and dietary data. One allergen misstatement is your liability.

Medical practice

AI clinical assistant reading patient records. HIPAA holds you accountable whether or not you built the AI.

Insurance broker

AI drafting policy wording for clients. The output is attributed to you. Global use means global fines.

Funded startup

AI embedded across your product. Your exposure scaled with your growth. You need it mapped, not guessed.

Small business

AI serving customers 24/7. Its mistakes are your liability. One afternoon to assess it is not a project.

Vibe-coded app

Your app may be brilliant. It still needs to handle personal data, disclosures, and user rights correctly.

Assessment ladder

Four tiers. One starting point: free.

Start where you are. Every tier is a complete assessment at that level, not a teaser for the next one. Move up when your governance needs require it.

Free

Exposure snapshot

A free starting point. Identifies headline statutory exposure and governance signals across your AI use.

Free
  • Headline statutory exposure flags across your AI use
  • Governance signals based on your answers
  • Identification of your most immediate risk areas
  • No account required. No payment. Immediate results.

Not included at this tier

  • Scoring or weighted verdict
  • Exposure map or next-step priorities
  • Documentation gap analysis
  • Regulatory article direction
  • FRIA or audit-grade review
Free always
Start free assessment

$4.99 or local equivalent

Pre-Qualification Report

Exposure map and initial next-step priorities. Designed for solopreneurs, solo developers, tech startups, and small businesses.

Entry
  • Likely applicable regulatory areas for your AI use
  • Data handling and AI-use exposure flags
  • Documentation gaps identified
  • Cross-border regulator exposure warnings
  • Initial next-step priorities
  • AI Guardrails Guide
  • Coding Agent Standing Instructions
  • Customising Model Instructions
  • Access to OBEXGATE Governance Office Hours

Not included at this tier

  • Weighted scoring or scored verdict
  • Full baseline report
  • FRIA or audit-grade evaluation
  • Expert advisory call
$4.99 one-off
Get Pre-Qualification Report

$199

Governance Foundation Report

Weighted score and full baseline report. For organisations that need something on record, with a scored verdict and expert follow-up.

Most popular
  • Weighted AI governance score based on submitted answers
  • Full report delivered as PDF
  • Likely regulatory issues for your organisation type and AI use
  • Scored direction across Governance, Technical, Operational, Legal, and Financial frameworks
  • Basic remediation pathways
  • Documentation gaps
  • 30-minute expert call within five business days

Not included at this tier

  • FRIA
  • Audit-grade EVF evaluation
  • Organisation-specific remediation planning
  • WCAG assessment
  • SOC 2 readiness assessment
  • NIST alignment review
  • Legal advice
  • Proprietary scoring methodology disclosure
  • Full methodology-based compliance assessment under EU AI Act, GDPR, UK GDPR, or other regulatory requirements
$199 one-off
Start Governance Foundation

Price on application

Full EVF

Audit-grade evaluation for medium, enterprise, public-sector, and high-exposure organisations. Defensible for regulators, boards, auditors, and procurement.

Audit grade
  • Audit-grade evaluation
  • Proprietary EVF scoring
  • Deeper evidence review
  • Organisation-specific remediation planning
  • FRIA where applicable
  • Shadow AI discovery where applicable
  • Witness Audit Evidence planning
  • Deployment pathway to end-to-end governance
  • Report structured for General Counsel, auditors, boards, procurement, and regulators
POA contact us
Discuss Full EVF hello@obexgate.com

Public methodology boundary

What EVF assesses. What it doesn't disclose.

EVF assessment draws on ten structured domains. Five are named here. The remaining five unpublished proprietary EVF domains are assessed where applicable but not published. Scoring logic, weighting, and diagnostic criteria are not disclosed at any public tier.

On scoring methodology: Scoring methodology is proprietary and is not described publicly. EVF scoring reflects high-level governance expertise and is conducted by industry experts with direct knowledge of regulatory requirements, enforcement expectations, and operational governance failure modes.

Domain 01

Execution Boundary Ownership

Assesses whether accountability is clear at the point an AI-enabled action produces a consequence.

Domain 02

System Complexity

Assesses the breadth and interdependence of AI systems, vendors, workflows, and decision surfaces.

Domain 03

Drift and Continuous Validity

Assesses whether governance evidence and controls remain reliable as systems, data, users, and obligations change.

Domain 04

Gate Integrity Under Pressure

Assesses whether governance gates can be bypassed, weakened, or overridden during operational pressure.

Domain 05

Legal and Liability Exposure

Assesses legal exposure and evidence requirements across applicable regulatory frameworks.

Domains 06 – 10

Five unpublished proprietary EVF domains

These domains are assessed where applicable but are not listed publicly. They are included in Full EVF evaluation.

Start now

Start where you are. Find out what you don't know.

The free assessment takes minutes and costs nothing. The Pre-Qualification Report gives you an exposure map for less than a coffee. The Governance Foundation gives you a scored record you can use internally within days. Every tier is a complete assessment at that level.

Free risk assessment $4.99 Pre-Qualification $199 Governance Foundation

Information contained is not legal or financial advice or a guarantee of outcome. EVF assessment reflects submitted information only and does not constitute a formal audit, legal review, or regulatory determination. Regulatory requirements change and should be verified against current published guidance, legislation, and regulator materials.