What is KlarvoEngine?

KlarvoEngine is Klarvo's regulatory intelligence engine. It analyses your AI system through a 3-pass classification pipeline and produces an article-cited compliance memo with obligations, deadlines, and recommended controls — in under 60 seconds.

What is the EU AI Act?

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation. It classifies AI systems by risk level and imposes obligations on providers and deployers of AI systems operating in the EU.

Any organisation that provides or deploys AI systems affecting people in the EU — regardless of where the organisation is based. This includes websites with AI chatbots, companies using AI analytics, and businesses integrating AI models into their products.

Prohibited AI practices have been enforceable since February 2025. GPAI model obligations since August 2025. Article 50 transparency and most remaining obligations apply from August 2, 2026.

What are the penalties?

Up to €35 million or 7% of global turnover for prohibited practices. Up to €15 million or 3% for transparency and other violations. For SMEs, the penalty is whichever amount is lower.

User Roles & Permissions

Klarvo uses role-based access control (RBAC) to ensure users have appropriate access to compliance data. This is critical for a compliance tool — separation of duties, least-privilege access, and audit trail are non-negotiable.

The Five Built-in Roles

Admin

Full platform access — intended for founders, CTO, or Head of Compliance.

Everything including: create/edit/delete any AI system, approve evidence, manage team members, configure integrations, manage billing, generate all reports.

Compliance Owner

Manages the compliance program — intended for DPO, compliance leads, legal counsel.

Everything except billing and integration configuration. Can invite users (except Admin role). Full access to all AI systems, evidence, controls, and reports.

System Owner

Owns specific AI systems — intended for product managers, team leads, department heads.

Can view and edit only their assigned AI systems. Upload evidence for their systems. Complete assigned tasks. View (not edit) other systems. Personal settings only.

Reviewer/Approver

Reviews and approves — intended for senior compliance staff, legal reviewers.

Read access to all AI systems. Can approve/reject evidence, classifications, and policies. Can comment on tasks. Cannot create or edit systems.

Viewer

Read-only access — intended for leadership, board members, external observers.

Can view dashboards, AI systems (read-only), and shared reports. Cannot edit, upload, or approve anything.

Complete Permission Matrix

Capability

Admin

Compliance Owner

System Owner

Reviewer

Viewer

Create AI systems

✅

❌

Edit any AI system

✅

❌

Edit own AI systems

✅

❌

Upload evidence

✅

❌

Approve evidence

✅

❌

✅

❌

Create tasks

✅

❌

Complete tasks

✅

❌

Invite members

✅

❌

Manage billing

✅

❌

Export reports

✅

❌

View audit log

✅

❌

✅

❌

\ Own systems only

\ Cannot invite Admins

\ Own systems only

Auditor Role (Special)

For external auditors, Klarvo offers restricted time-limited access:

Read-only access to shared areas

No editing capabilities

Export-ready document views

Time-limited access tokens (configurable expiry)

Watermarked document views

Activity logged for compliance

Set up via Exports → Auditor Links.

Best Practices

🔒 Least privilege: Start with Viewer and upgrade as needed

👥 Separate duties: Different people for uploading evidence vs. approving it

📋 Quarterly access review: Audit team membership every quarter

🚪 Same-day offboarding: Remove access immediately when people leave

🏷️ Match roles to responsibilities: System Owners should be the actual people managing those systems day-to-day