What is KlarvoEngine?

KlarvoEngine is Klarvo's regulatory intelligence engine. It analyses your AI system through a 3-pass classification pipeline and produces an article-cited compliance memo with obligations, deadlines, and recommended controls — in under 60 seconds.

What is the EU AI Act?

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation. It classifies AI systems by risk level and imposes obligations on providers and deployers of AI systems operating in the EU.

Any organisation that provides or deploys AI systems affecting people in the EU — regardless of where the organisation is based. This includes websites with AI chatbots, companies using AI analytics, and businesses integrating AI models into their products.

Prohibited AI practices have been enforceable since February 2025. GPAI model obligations since August 2025. Article 50 transparency and most remaining obligations apply from August 2, 2026.

What are the penalties?

Up to €35 million or 7% of global turnover for prohibited practices. Up to €15 million or 3% for transparency and other violations. For SMEs, the penalty is whichever amount is lower.

Approval Workflows — Klarvo Docs

Approval Workflows

For audit-critical evidence, Klarvo supports approval workflows that ensure documents are reviewed before they count toward compliance. This maintains separation of duties — the person who uploads evidence shouldn't be the same person who approves it.

Evidence Status Flow

Draft → Pending Approval → Approved ↘ Rejected → Draft (with feedback)

Draft: Newly uploaded evidence. Does not count toward compliance metrics. Can be edited freely.

Pending Approval: Submitted for review. The uploader has indicated it's ready. Cannot be edited until reviewed.

Approved: Reviewed and confirmed. Counts toward Evidence Completeness and Audit Readiness scores. Locked from editing (upload a new version instead).

Rejected: Reviewer sent it back with feedback. Returns to Draft status for revision.

Submitting Evidence for Approval

Upload evidence (status = Draft)

Review the metadata, description, and linked entities

Click Submit for Approval

Select an approver (must have Reviewer/Approver or higher role)

Add optional notes: "Please verify this SOC 2 covers the correct audit period"

The approver receives a notification

Approving or Rejecting Evidence

Approvers see pending items in two places:

Approval Queue: Navigate to Evidence → Pending Approval tab

Notifications: In-app notification with direct link to the evidence

To review:

Open the evidence item

Review the file, metadata, description, and linked entities

Click Approve or Reject

If rejecting, provide feedback: "SOC 2 report is from 2023 — need the 2025 version"

The uploader is notified of the decision

Who Can Approve?

Role

Can Upload

Can Approve

Admin

✅

Compliance Owner

✅

System Owner

✅ (own systems)

❌

Reviewer/Approver

❌

✅

Viewer

❌

Separation of duties: The person who uploads should ideally not be the same person who approves. This is a best practice for audit integrity, though the system doesn't enforce it for flexibility.

When to Require Approval

Not all evidence needs formal approval. Use approval workflows for:

Audit-critical documents: Vendor security certifications, policy approvals, risk assessment sign-offs

High-risk system evidence: Any evidence linked to high-risk AI systems

External-facing documents: Anything that might be shared with auditors or regulators

Policy documents: Approved versions of internal policies

For internal screenshots, training completion records, and routine monitoring reports, Draft status may be sufficient.

Approval History

Every approval decision is recorded:

Approver name

Decision (Approved / Rejected)

Date and time

Comments / feedback

This history is included in evidence pack exports for full auditability

Best Practices

👥 Separate uploader and approver: Different people for upload vs. approval

📋 Batch approvals: Review the approval queue weekly rather than one-by-one

💬 Provide feedback on rejection: Clear feedback helps uploaders fix issues quickly

🔒 Approve before sharing: Never include Draft evidence in auditor-facing exports