What is KlarvoEngine?

KlarvoEngine is Klarvo's regulatory intelligence engine. It analyses your AI system through a 3-pass classification pipeline and produces an article-cited compliance memo with obligations, deadlines, and recommended controls — in under 60 seconds.

What is the EU AI Act?

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation. It classifies AI systems by risk level and imposes obligations on providers and deployers of AI systems operating in the EU.

Any organisation that provides or deploys AI systems affecting people in the EU — regardless of where the organisation is based. This includes websites with AI chatbots, companies using AI analytics, and businesses integrating AI models into their products.

Prohibited AI practices have been enforceable since February 2025. GPAI model obligations since August 2025. Article 50 transparency and most remaining obligations apply from August 2, 2026.

What are the penalties?

Up to €35 million or 7% of global turnover for prohibited practices. Up to €15 million or 3% for transparency and other violations. For SMEs, the penalty is whichever amount is lower.

Linking Evidence to Controls

Uploading evidence is necessary but not sufficient. The critical step for audit readiness is linking evidence to the specific controls it supports. This is what proves a control is actually implemented — not just claimed.

Why Linking Matters

An auditor doesn't just want to see that you have documents. They want to see:

Which control does this evidence support?

Is the evidence current (not expired)?

Is it approved (not just a draft)?

Does it actually demonstrate what you claim?

When evidence is linked to a control:

The control status can be set to "Implemented"

The evidence appears in the control's evidence section

It's included in Evidence Pack exports under the correct section

It contributes to the Evidence Completeness and Audit Readiness scores

How to Link Evidence

From the Control

Open Controls and find the relevant control (e.g., DEP-02 "Competent Human Oversight Assigned")

Click Add Evidence in the control's evidence section

Either upload new evidence or select existing evidence from the vault

The link is created automatically

From the Evidence Item

Open the evidence item in the vault

Click Link to Control

Search for the control by ID or name

Select one or more controls

Save

From the AI System Detail Page

Open the AI system

Navigate to the Controls tab

Find the relevant control

Click the evidence icon to attach evidence

Control-Evidence Mapping Examples

Control

What Evidence to Link

GOV-01 AI Governance Ownership

System record showing named owners (screenshot)

DEP-01 Instructions for Use Stored

Vendor's instructions for use document (PDF)

DEP-02 Human Oversight Assigned

Oversight owner assignment + training completion record

DEP-08 Logs Retained ≥ 6 Months

Log retention configuration screenshot + retention policy

TRN-01 AI Interaction Disclosure

Screenshot of disclosure notice as shown to users

VEN-01 Vendor Identified & Contract

Contract PDF or link

VEN-03 Vendor Security Evidence

SOC 2 report, ISO 27001 certificate

LIT-02 Training Completion Tracked

Training completion report

Evidence Quality Indicators

Not all evidence is equal. Strong evidence:

Is specific: Clearly shows what control it supports

Is current: Not expired

Is approved: Went through the approval workflow

Is verifiable: Can be independently confirmed (e.g., a vendor-issued certificate vs. a self-attestation)

Is complete: Covers the full scope of the control (e.g., training completion for all operators, not just one)

Gap Analysis

Controls without linked evidence show as gaps in:

The AI System's Gap Checklist

The Controls dashboard

Evidence Pack exports (marked as "Missing")

The Audit Readiness Score calculation

Best Practices

🔗 Link immediately: When uploading evidence, link it to the relevant control(s) right away

📋 One control, multiple evidence: A control may need several pieces of evidence (e.g., oversight assignment + training record + SOP)

🔍 Check the gap checklist: It tells you exactly which controls need evidence

✅ Approved and current: Only approved, non-expired evidence truly satisfies a control

📄 Export to verify: Generate an Evidence Pack to see how your evidence looks in audit format