VODR Nexus

Your AI system knows what it does. Nexus knows what it owes.

VODR Nexus reads your code repository — not a questionnaire, not a form — and produces the AI System Identity: what your system is, what obligations it triggers, where risk concentrates, and what happened to other companies with the same architectural pattern.

One scan. 57 extractors. 136 regulatory frameworks. 89+ enforcement precedents. Evidence at file:line.

View on GitHub →

Regulatory intelligence, not legal advice. Confirm all classifications with qualified legal counsel before acting on them.

—

Until EU AI Act high-risk enforcement

Your competitors are guessing. Your regulators are not.

What the Organism finds

Code-level evidence, not description-level guessing.

AI Components

Every ML library, model file, LLM API call, and AI framework import — detected from your actual code. A face_recognition import your description didn't mention triggers Annex III Category 1(a). The Organism finds what you forgot to disclose.

Database Schemas

PII fields mapped to GDPR obligations. An email column in your candidates table triggers an Article 35 DPIA requirement. Nexus reads your schema, not a form.

Deployment Configuration

Architecture patterns with regulatory implications. A US-hosted service processing EU resident data triggers GDPR Chapter V transfer obligations. Detected from your infrastructure code, not your compliance team's assumptions.

Enforcement Precedents

Real fines. Real cases. Real regulators. Matched to your system's specific risk pattern with verifiable decision numbers and regulatory article citations. Not "you might be at risk." Here is the company that had your exact architecture and here is what happened.

136 Frameworks, Mapped to Your Code

One scan of a credit scoring repo triggers EU AI Act + GDPR + CCPA + PCI DSS + GLBA + SOC 2 — six frameworks, specific requirements, mapped to your actual code. Not "we support 136 frameworks." Nexus found the ones that apply to you.

Evidence Levels

Not every finding is equal. Three extractors converging on the same code location — that's code-confirmed. Single pattern match — that's evidence-supported. Description-only inference — that's provisional. Every finding carries its evidence level so you know which to act on today and which to verify.

The AI System Identity

Other tools scan code for bugs. Nexus reads your code and tells you what your AI system actually is under the law.

What is this system?

Not what your README says. What the code does. Nexus reads imports, schemas, configs, model files, API calls, and deployment patterns. If your code imports face_recognition but your description says "image processing tool," Nexus finds the gap.

What does it owe?

Risk classification under the EU AI Act, mapped to your actual code. Prohibited, high-risk, limited, or minimal — with the specific Article, Annex point, and sub-article cited. A classification derived from what your code does, with evidence.

Where does risk concentrate?

Findings converge. An unvalidated endpoint calling an LLM with a hardcoded API key is not three separate issues — it's one concentrated risk surface touching security, cost, and legal exposure simultaneously. Nexus finds the convergence.

Who got fined for this pattern?

89+ real enforcement decisions — Italian Garante, French CNIL, UK ICO, FTC, Dutch courts, CJEU — automatically matched to your system's architectural pattern. Nexus shows you who already got fined, for what, and how much.

Pricing

Every paid tier gets the full truth. Same 57 extractors. Same 136 frameworks. Same enforcement precedents. Same evidence quality. Price scales only with how many systems you need to watch and how often you need Nexus to look.

Checks are pooled across your account. Non-answers — when the Organism withholds a classification because it isn't confident enough — don't burn checks.

Free

per month

1 system · 1 check per 7 days

Full classification with evidence

Top compliance gaps

Get started →

Starter

$39

per month

1 system · 2 checks / day

Everything in Free

Full 57-extractor scan across 5 dimensions

AI System Identity with all sections

AI-BOM generation (CycloneDX)

Enforcement precedent matching

Forensic classification receipts

PDF + JSON + SARIF export

GitHub Action for every PR

Get started →

Pro

$149

per month

Up to 5 systems · 25 checks / day

Everything in Starter

Multi-signal classification for ambiguous systems

Evidence tracking across scans

Per-article compliance breakdown

Classification drift alerts

Slack / PagerDuty / webhook integrations

Get started →

Team

$999

per month

Up to 100 systems · 500 checks / day

Everything in Pro

Org-wide compliance posture (API)

Audit-ready evidence export

Cross-system risk concentration analysis

Get started →

Partner

$6,999

per month

Up to 1,000 systems · 5,000 checks / day

Everything in Team

Multi-client management with per-client data isolation

Branded compliance reports

Multi-jurisdiction overlap mapping (EU + UK + US + 44 more)

License conflict detection across client portfolios

Enforcement archaeology priority access

Contact →

Per system, not per seat. Checks pooled per account. Credit card checkout on all tiers. No sales calls.