{"id":5868,"date":"2025-08-26T15:15:28","date_gmt":"2025-08-26T13:15:28","guid":{"rendered":"https:\/\/www.evia.de\/?p=5868"},"modified":"2026-03-27T13:43:45","modified_gmt":"2026-03-27T12:43:45","slug":"automated-compliance-testing-with-ai","status":"publish","type":"post","link":"https:\/\/www.evia.de\/en\/automatisierte-compliance-pruefung-mit-ki\/","title":{"rendered":"Built with br.AI.n: Automated Compliance Audits"},"content":{"rendered":"<div class=\"wp-block-stackable-columns alignfull stk-block-columns stk-block stk-365285e stk-block-background stk--has-background-overlay\" data-block-id=\"365285e\"><style>.stk-365285e {background-color:var(--schwarz) !important;background-image:url(https:\/\/www.evia.de\/wp-content\/uploads\/2024\/11\/ki-und-machine-learning-hero-image.webp) !important;overflow:hidden !important;margin-bottom:0px !important;}.stk-365285e:before{background-color:var(--schwarz) !important;opacity:0 !important;}.stk-365285e > .stk-separator__bottom .stk-separator__wrapper{height:100px !important;}<\/style><div class=\"stk-row stk-inner-blocks stk-block-content stk-content-align stk-365285e-column alignfull\">\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-bc8bd27\" data-v=\"4\" data-block-id=\"bc8bd27\"><style>.stk-bc8bd27-inner-blocks{justify-content:center !important;}.stk-bc8bd27-container{min-height:100vh !important;}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-bc8bd27-container stk--no-background stk--no-padding\"><div class=\"stk--column-flex stk-block-content stk-inner-blocks stk-bc8bd27-inner-blocks\">\n<div class=\"wp-block-stackable-columns aligncenter stk-block-columns stk-block stk-df13e1f\" data-block-id=\"df13e1f\"><div class=\"stk-row stk-inner-blocks stk-block-content stk-content-align stk-df13e1f-column\">\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-a0f65cd\" data-v=\"4\" data-block-id=\"a0f65cd\"><style>@media screen and (min-width: 768px){.stk-a0f65cd {flex:var(--stk-flex-grow, 1) 1 calc(66.666% - var(--stk-column-gap, 0px) * 1 \/ 2 ) !important;}}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-a0f65cd-container stk--no-background stk--no-padding\"><div class=\"stk-block-content stk-inner-blocks stk-a0f65cd-inner-blocks\">\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-20b1318\" id=\"built-with-br-ai-n-automatisierte-compliance-prufung\" data-block-id=\"20b1318\"><style>.stk-20b1318 {margin-bottom:50px !important;}.stk-20b1318 .stk-block-heading__text{color:var(--weiss) !important;}<\/style><h1 class=\"stk-block-heading__text has-text-color has-text-align-left\">Built with br.AI.n: Automated Compliance Audits<\/h1><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-fd4b1a5\" data-block-id=\"fd4b1a5\"><style>.stk-fd4b1a5 {margin-bottom:50px !important;}.stk-fd4b1a5 .stk-block-text__text{color:var(--weiss) !important;}<\/style><p class=\"stk-block-text__text has-text-color has-text-align-left\">One of the few application areas where Generative AI is already proving productive today is in the classification and analysis of content within documents. With the appropriate toolchain and well-coordinated workflows, the accuracy of this evaluation can match or even surpass human analysis, all while offering incomparably higher processing speeds. In this blog post, we present two concrete use cases in which compliance checks have been automated by AI and productively implemented via the br.AI.n platform.<\/p><\/div>\n\n\n\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-8f761849 wp-block-group-is-layout-flex\">\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-c6e7c9e\" data-block-id=\"c6e7c9e\"><style>.stk-c6e7c9e {margin-bottom:0px !important;}.stk-c6e7c9e .stk-img-wrapper{width:50px !important;}.stk-c6e7c9e .stk-img-wrapper img{border-radius:40px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-5362\" src=\"https:\/\/www.evia.de\/wp-content\/uploads\/2025\/06\/Alexander_Dolgopolskiy.webp\" width=\"464\" height=\"464\" alt=\"Portrait of Steffen Tauber\" srcset=\"https:\/\/www.evia.de\/wp-content\/uploads\/2025\/06\/Alexander_Dolgopolskiy.webp 464w, https:\/\/www.evia.de\/wp-content\/uploads\/2025\/06\/Alexander_Dolgopolskiy-300x300.webp 300w, https:\/\/www.evia.de\/wp-content\/uploads\/2025\/06\/Alexander_Dolgopolskiy-150x150.webp 150w\" sizes=\"auto, (max-width: 464px) 100vw, 464px\" \/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-2d8ecfe\" data-block-id=\"2d8ecfe\"><style>.stk-2d8ecfe {margin-bottom:0px !important;}.stk-2d8ecfe .stk-block-text__text{color:var(--weiss) !important;}<\/style><p class=\"stk-block-text__text has-text-color\">Alexander Dolgopolskiy, Head of Data &amp; AI, as of 08\/26\/2025<\/p><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-stackable-button-group stk-block-button-group stk-block stk-a538155\" data-block-id=\"a538155\"><style>.stk-a538155 {margin-top:20px !important;}<\/style><div class=\"stk-row stk-inner-blocks has-text-align-left stk-block-content stk-button-group\">\n<div class=\"wp-block-stackable-button stk-block-button is-style-ghost stk-block stk-c6cf2d2\" data-block-id=\"c6cf2d2\"><style>.stk-c6cf2d2 .stk-button{background:transparent !important;border-top-left-radius:10px !important;border-top-right-radius:10px !important;border-bottom-right-radius:10px !important;border-bottom-left-radius:10px !important;}.stk-c6cf2d2 .stk-button:hover:after{background:var(--weiss) !important;opacity:1 !important;}:where(.stk-hover-parent:hover,  .stk-hover-parent.stk--is-hovered) .stk-c6cf2d2 .stk-button:after{background:transparent !important;opacity:1 !important;}.stk-c6cf2d2 .stk-button:before{border-style:solid !important;border-color:var(--weiss) !important;}.stk-c6cf2d2 .stk-button__inner-text{color:var(--weiss) !important;text-transform:uppercase !important;}.stk-c6cf2d2 .stk-button:hover .stk-button__inner-text{color:var(--schwarz) !important;}<\/style><a class=\"stk-link stk-button stk--hover-effect-darken\" href=\"https:\/\/outlook.office.com\/book\/TerminbuchungDolgopolskiy@evia.de\/\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-text-color stk-button__inner-text\">Schedule an initial consultation with our expert<\/span><\/a><\/div>\n<\/div><\/div>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-6c9b025\" data-v=\"4\" data-block-id=\"6c9b025\"><style>.stk-6c9b025 {align-self:flex-end !important;}@media screen and (min-width: 768px){.stk-6c9b025 {flex:var(--stk-flex-grow, 1) 1 calc(33.334% - var(--stk-column-gap, 0px) * 1 \/ 2 ) !important;}}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-6c9b025-container stk--no-background stk--no-padding\"><div class=\"has-text-align-right stk-block-content stk-inner-blocks stk-6c9b025-inner-blocks\"><\/div><\/div><\/div>\n<\/div><\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-stackable-spacer stk-block-spacer stk--no-padding stk-block stk-498db04\" data-block-id=\"498db04\"><style>.stk-498db04 {height:150px !important;}<\/style><\/div>\n\n\n\n<div class=\"wp-block-stackable-columns alignwide stk-block-columns stk-block stk-1167805\" data-block-id=\"1167805\"><style>@media screen and (max-width: 767px){.stk-1167805-column{--stk-columns-spacing:12px !important;}}<\/style><div class=\"stk-row stk-inner-blocks stk-block-content stk-content-align stk-1167805-column alignwide\">\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-f219282\" data-v=\"4\" data-block-id=\"f219282\"><style>.stk-f219282-container{max-width:1124px !important;min-width:auto !important;}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-f219282-container stk--no-background stk--no-padding\"><div class=\"stk-block-content stk-inner-blocks stk-f219282-inner-blocks\">\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-4cd87d7\" id=\"von-poc-zu-produktivem-einsatz-warum-eine-skalierbare-plattform-unerlasslich-ist\" data-block-id=\"4cd87d7\"><h2 class=\"stk-block-heading__text\">From POC to Production: Why a Scalable Platform is Essential<\/h2><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-382e299\" data-block-id=\"382e299\"><p class=\"stk-block-text__text\">Although many companies are exploring Artificial Intelligence (AI), pilot projects (POCs) often remain, which are never transitioned into productive operation. The reason for this is rarely the technology itself, but rather the lack of architectural maturity, insufficient integration into existing processes, and the absence of a sound operating model.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-0a5847f\" data-block-id=\"0a5847f\"><p class=\"stk-block-text__text\">For the productive use of AI, more is needed than just a model with good metrics. An architecture is required that brings together security, scalability, monitoring, data management, contextual understanding, and governance, while being aligned with regulatory requirements, user groups, and IT environments. Only in this way can business value, efficiency, and compliance be equally ensured.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-image aligncenter stk-block-image stk-block stk-60fd502\" data-block-id=\"60fd502\"><style>.stk-60fd502 .stk-img-wrapper{width:100% !important;}.stk-60fd502 .stk-img-wrapper img{border-radius:40px !important;object-fit:fill !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-5875\" src=\"https:\/\/www.evia.de\/wp-content\/uploads\/2025\/08\/br-ai-n_compliance_iceberg-e1755671081955.png\" width=\"1123\" height=\"632\" alt=\"A developer is working on a computer, with code displayed on the screen for database development and modernization.\"\/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-e9be8de\" data-block-id=\"e9be8de\"><p class=\"stk-block-text__text\">As shown in the figure above, for a Proof of Concept (PoC), usually only data availability, prompt engineering, and selection of the appropriate LLM are crucial. However, this is far from sufficient for a production deployment. These aspects merely form the tip of the iceberg.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-765f802\" data-block-id=\"765f802\"><p class=\"stk-block-text__text\">A robust and production-ready solution must cover significantly more, especially:<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-icon-list stk-block-icon-list stk-block stk-22d6781\" data-block-id=\"22d6781\"><style>.stk-22d6781 {--stk-icon-list-column-count:2 !important;--stk-icon-list-row-gap:18px !important;--stk-icon-list-marker-color:var(--gelbgruen) !important;}.stk-22d6781 .stk-block-icon-list-item__content{align-items:baseline !important;}<\/style><svg style=\"display:none\"><defs><g id=\"stk-icon-list__icon-svg-def-22d6781\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 448 512\"><path d=\"M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48z\" \/><\/svg><\/g><\/defs><\/svg><ul class=\"stk-block-icon-list__ul stk-block-icon-list--column\">\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-5552024\" data-block-id=\"5552024\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Scalability<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-df5c963\" data-block-id=\"df5c963\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Maintenance and upkeep, LLMOps<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-bead7c6\" data-block-id=\"bead7c6\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Regulatory requirements<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-614e86b\" data-block-id=\"614e86b\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Guardrails<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-1e1cdf5\" data-block-id=\"1e1cdf5\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Integration into core systems<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-30647fc\" data-block-id=\"30647fc\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Edge Cases<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-eda54c8\" data-block-id=\"eda54c8\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Change Management<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-60a2c6c\" data-block-id=\"60a2c6c\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Return on Investment<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-23e2e88\" data-block-id=\"23e2e88\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Monitoring, Logging &amp; Observability<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-d441124\" data-block-id=\"d441124\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-22d6781\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Security risks<\/span><\/div><\/li>\n<\/ul><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-b28b019\" data-block-id=\"b28b019\"><p class=\"stk-block-text__text\">Only when all these dimensions are taken into account can Generative AI be operated reliably, safely, and economically within the company.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-33e3b9a\" data-block-id=\"33e3b9a\"><p class=\"stk-block-text__text\">This architecture can be realized in various ways. However, to ensure that the above-mentioned aspects are covered while keeping the time-to-production for standard use cases within weeks rather than months \u2013 a robust platform is indispensable.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-d110062\" data-block-id=\"d110062\"><p class=\"stk-block-text__text\">The use cases described below were developed with the <a href=\"https:\/\/www.evia.de\/en\/productive-ki-solutions\/\" data-type=\"link\" data-id=\"https:\/\/www.evia.de\/produktive-ki-losungen\/\">Platform br.AI.n<\/a> from now on realized \u2013 a Java-based enterprise low-code platform that enables the creation of generative AI workflows with configurable standard building blocks in BPMN 2.0 notation.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-image aligncenter stk-block-image stk-block stk-91e552e\" data-block-id=\"91e552e\"><style>.stk-91e552e .stk-img-wrapper{width:100% !important;}.stk-91e552e .stk-img-wrapper img{border-radius:40px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-5556\" src=\"https:\/\/www.evia.de\/wp-content\/uploads\/2025\/07\/brAIn_IBSH_Architecture.png\" width=\"1124\" height=\"632\" alt=\"Architecture diagram of the Br.AI.n platform with AI modules, data sources, and engineering area\" srcset=\"https:\/\/www.evia.de\/wp-content\/uploads\/2025\/07\/brAIn_IBSH_Architecture.png 1124w, https:\/\/www.evia.de\/wp-content\/uploads\/2025\/07\/brAIn_IBSH_Architecture-300x169.png 300w, https:\/\/www.evia.de\/wp-content\/uploads\/2025\/07\/brAIn_IBSH_Architecture-1024x576.png 1024w, https:\/\/www.evia.de\/wp-content\/uploads\/2025\/07\/brAIn_IBSH_Architecture-768x432.png 768w\" sizes=\"auto, (max-width: 1124px) 100vw, 1124px\" \/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-6b60c57\" data-block-id=\"6b60c57\"><p class=\"stk-block-text__text\"><strong>The br.AI.n platform connects all the components necessary for a scalable, secure, and production-ready Generative AI implementation<\/strong>From data ingestion, through modular AI services, powerful storage and retrieval technologies, to an engineering workspace for data preparation, tuning, and governance - all orchestrated via standardized process models and integrally expandable.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-6b4bec0\" data-block-id=\"6b4bec0\"><p class=\"stk-block-text__text\">evia is an integration and distribution partner of br.AI.n, because: Even with the best platform, the right expertise and experienced resources are needed to unlock its full potential.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-93ab408\" data-block-id=\"93ab408\"><p class=\"stk-block-text__text\">In the previous blog post, we already discussed a <a href=\"https:\/\/www.evia.de\/en\/application-review-with-low-code-ai-platform-br-ai-n\/\" data-type=\"link\" data-id=\"https:\/\/www.evia.de\/antragspruefung-mit-low-code-ki-plattform-br-ai-n\/\">Use case for automated application data collection presented<\/a>, which was realized together with the Investitionsbank Schleswig-Holstein (IB.SH) based on the br.AI.n platform. This time, we take a look at two further application scenarios: Firstly, the checking of contracts for conformity with the DORA regulation, and secondly, the verification of supplier documents for compliance with the Code of Conduct of a major customer.<\/p><\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-stackable-spacer stk-block-spacer stk--no-padding stk-block stk-3046ce7\" data-block-id=\"3046ce7\"><style>.stk-3046ce7 {height:50px !important;}<\/style><\/div>\n\n\n\n<div class=\"wp-block-stackable-columns alignwide stk-block-columns stk-block stk-3d26c48\" data-block-id=\"3d26c48\"><style>@media screen and (max-width: 767px){.stk-3d26c48-column{--stk-columns-spacing:12px !important;}}<\/style><div class=\"stk-row stk-inner-blocks stk-block-content stk-content-align stk-3d26c48-column alignwide\">\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-73d1c91\" data-v=\"4\" data-block-id=\"73d1c91\"><style>.stk-73d1c91-container{max-width:1124px !important;min-width:auto !important;}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-73d1c91-container stk--no-background stk--no-padding\"><div class=\"stk-block-content stk-inner-blocks stk-73d1c91-inner-blocks\">\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-b455f1a\" id=\"automatisierte-vertragsprufung-nach-dora-digitale-operational-resilience-in-der-praxis\" data-block-id=\"b455f1a\"><h2 class=\"stk-block-heading__text\">Automated Contract Review with DORA: Digital Operational Resilience in Practice<\/h2><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-9f6f4cd\" data-block-id=\"9f6f4cd\"><p class=\"stk-block-text__text\">The EU's DORA Regulation (Digital Operational Resilience Act) requires all financial companies \u2013 including banks, insurance companies, and asset management companies \u2013 to have a comprehensive framework for digital resilience since 2025. The goal is to ensure that critical business processes remain stable even in the event of cyber attacks, system failures, or disruptions at third-party providers.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-659d68d\" data-block-id=\"659d68d\"><p class=\"stk-block-text__text\">A central component of DORA is contract and supplier management. For example, contracts with IT and cloud service providers must meet clear requirements, such as those relating to:<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-icon-list stk-block-icon-list stk-block stk-ba0497a\" data-block-id=\"ba0497a\"><style>.stk-ba0497a {--stk-icon-list-column-count:1 !important;--stk-icon-list-row-gap:18px !important;--stk-icon-list-marker-color:var(--gelbgruen) !important;}.stk-ba0497a .stk-block-icon-list-item__content{align-items:baseline !important;}<\/style><svg style=\"display:none\"><defs><g id=\"stk-icon-list__icon-svg-def-ba0497a\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 448 512\"><path d=\"M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48z\" \/><\/svg><\/g><\/defs><\/svg><ul class=\"stk-block-icon-list__ul stk-block-icon-list--column\">\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-0f6cb18\" data-block-id=\"0f6cb18\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-ba0497a\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Transparency and auditability<\/strong>Obligation of service providers to permit inspections by supervisory authorities or internal auditors.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-39dea04\" data-block-id=\"39dea04\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-ba0497a\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Exit strategies<\/strong>Regulations that ensure data and systems can be migrated without risk at the end of a contract or provider outage.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-9cf1b87\" data-block-id=\"9cf1b87\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-ba0497a\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Security standards<\/strong>Commitments to information security, data protection, and emergency management.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-ab19d75\" data-block-id=\"ab19d75\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-ba0497a\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Reporting obligations<\/strong>Agreements on the immediate reporting of security incidents.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-55efd90\" data-block-id=\"55efd90\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-ba0497a\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Business Continuity &amp; Disaster Recovery<\/strong>Documented processes for maintaining critical services even during disruptions.<\/span><\/div><\/li>\n<\/ul><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-369b93b\" data-block-id=\"369b93b\"><p class=\"stk-block-text__text\">Since contracts are often very extensive and structured differently, the <strong>Manual inspection extremely complex and error-prone<\/strong>. This is where the br.AI.n platform comes in, by automatically analyzing contracts, identifying relevant clauses, and checking their compliance with DORA's regulatory requirements.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-image aligncenter stk-block-image stk-block stk-630fb66\" data-block-id=\"630fb66\"><style>.stk-630fb66 .stk-img-wrapper{width:100% !important;}.stk-630fb66 .stk-img-wrapper img{border-radius:40px !important;object-fit:fill !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-5904\" src=\"https:\/\/www.evia.de\/wp-content\/uploads\/2025\/08\/br-ai-n_dora_bpmn.png\" width=\"1124\" height=\"632\" alt=\"A developer is working on a computer, with code displayed on the screen for database development and modernization.\" srcset=\"https:\/\/www.evia.de\/wp-content\/uploads\/2025\/08\/br-ai-n_dora_bpmn.png 1124w, https:\/\/www.evia.de\/wp-content\/uploads\/2025\/08\/br-ai-n_dora_bpmn-300x169.png 300w, https:\/\/www.evia.de\/wp-content\/uploads\/2025\/08\/br-ai-n_dora_bpmn-1024x576.png 1024w, https:\/\/www.evia.de\/wp-content\/uploads\/2025\/08\/br-ai-n_dora_bpmn-768x432.png 768w\" sizes=\"auto, (max-width: 1124px) 100vw, 1124px\" \/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-86be4f2\" data-block-id=\"86be4f2\"><p class=\"stk-block-text__text\">The diagram shows a rough, high-level diagram of the process modeled in BPMN for verifying DORA compliance. The productive workflow includes additional checks, gateways, error handling, and escalations. However, the simplified example effectively conveys how the solution works. The modeled workflow translates directly into a runnable backend with REST APIs. This backend is deployed and connected to a custom-developed or existing UI.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-ab81c79\" id=\"kernlogik-in-stichpunkten\" data-block-id=\"ab81c79\"><h3 class=\"stk-block-heading__text\">Core logic in bullet points<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-icon-list stk-block-icon-list stk-block stk-5366be8\" data-block-id=\"5366be8\"><style>.stk-5366be8 {--stk-icon-list-row-gap:18px !important;--stk-icon-list-marker-color:var(--gelbgruen) !important;}.stk-5366be8 .stk-block-icon-list-item__content{align-items:baseline !important;}<\/style><svg style=\"display:none\"><defs><g id=\"stk-icon-list__icon-svg-def-5366be8\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 448 512\"><path d=\"M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48z\" \/><\/svg><\/g><\/defs><\/svg><ul class=\"stk-block-icon-list__ul stk-block-icon-list--column\">\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-6081437\" data-block-id=\"6081437\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-5366be8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Contract entry<\/strong><br>Message start event from a monitored folder. File is validated and normalized, followed by OCR and text extraction.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-fd2b25c\" data-block-id=\"fd2b25c\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-5366be8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Vectorization and Storage<\/strong><br>Creation of embeddings, storage in a vector DB.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-eb6efa2\" data-block-id=\"eb6efa2\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-5366be8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Requirements catalog<\/strong><br>Loading a prepared DORA requirements list from CSV or database.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-c934e9c\" data-block-id=\"c934e9c\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-5366be8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Subprocess Check Request<\/strong><br>Multi-Instance Subprocess. The same process is executed for each request.<br>\u2013 Guardrails for queries, e.g., prompt sanitization, PII redaction, token budget, model routing.<br>\u2013 Semantic search against the vector DB, retrieval of relevant passages.<br>\u2013 LLM evaluation and response generation.<br>\u2013 Guardrails for responses, e.g., toxicity checks, leakage detection, evidence obligations.<br>\u2013 Decision Met Yes\/No, Documentation of compliance or recording of deviation with severity.<br>\u2013 Storage of evidence with references to sources and scores.<br>Robust design through boundary events on the LLM task, e.g., timer for retry, error for fallback model, and error logging.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-bf12ecb\" data-block-id=\"bf12ecb\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-5366be8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Aggregation and Reporting<\/strong><br>Consolidation of all individual results, generation of a compatibility report as CSV, DOC, or PDF.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-9e19c20\" data-block-id=\"9e19c20\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-5366be8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Auditability<\/strong><br>Writing an immutable audit trail with references to artifacts such as Contract.pdf, Requirements List.csv, Evidence Collection.json.<\/span><\/div><\/li>\n<\/ul><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-91d1474\" id=\"was-die-implementierung-so-direkt-macht\" data-block-id=\"91d1474\"><h3 class=\"stk-block-heading__text\">What makes the implementation so straightforward<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-bb7151e\" data-block-id=\"bb7151e\"><p class=\"stk-block-text__text\">The BPMN definition runs on the br.AI.n platform with a BPMN engine. Each task is stored as a service task or call activity and invokes the corresponding backend services, such as OCR, Embedding Service, Retrieval, LLM Scoring, Reporting. The engine handles orchestration, error and retry logic, instance correlation, as well as persistence of states and audit logs. The workflow can be started, monitored, and analyzed from a UI via REST APIs.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-ff71ecd\" data-block-id=\"ff71ecd\"><p class=\"stk-block-text__text\">The diagram is not just documentation. It is the specification of the productive process and therefore the basis for a comprehensible, scalable, and auditable system. The combination of BPMN orchestration, Vector DB retrieval, LLM evaluation, and guardrails creates reproducible results with clear evidence. This is precisely what is essential for DORA and allows the transition from a POC to a robust enterprise-level solution.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-8b0aef5\" id=\"betrieb-und-deployment\" data-block-id=\"8b0aef5\"><h3 class=\"stk-block-heading__text\">Operation and Deployment<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-de677b3\" data-block-id=\"de677b3\"><p class=\"stk-block-text__text\">The solution can be deployed flexibly: <strong>in the public cloud, in German sovereign cloud environments, and fully on-premises in the data center<\/strong>. Especially in the DORA-relevant financial sector, data residency, control, and auditability are central. Regardless of the operating model, APIs and functionality remain identical, and Infrastructure as Code simplifies rollout and maintenance. Network isolation, key management, and integration with existing security and GRC processes are included.<\/p><\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-stackable-spacer stk-block-spacer stk--no-padding stk-block stk-4a7dac7\" data-block-id=\"4a7dac7\"><\/div>\n\n\n\n<div class=\"wp-block-stackable-columns alignwide stk-block-columns stk-block stk-fc8e2c4\" data-block-id=\"fc8e2c4\"><style>@media screen and (max-width: 767px){.stk-fc8e2c4-column{--stk-columns-spacing:12px !important;}}<\/style><div class=\"stk-row stk-inner-blocks stk-block-content stk-content-align stk-fc8e2c4-column alignwide\">\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-3d1c5ef\" data-v=\"4\" data-block-id=\"3d1c5ef\"><style>.stk-3d1c5ef-container{max-width:1124px !important;min-width:auto !important;}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-3d1c5ef-container stk--no-background stk--no-padding\"><div class=\"stk-block-content stk-inner-blocks stk-3d1c5ef-inner-blocks\">\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-fc3e598\" id=\"automatisierte-co-c-prufung-bei-lieferanten\" data-block-id=\"fc3e598\"><h2 class=\"stk-block-heading__text\">Automated CoC inspection for suppliers<\/h2><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-975fb55\" data-block-id=\"975fb55\"><p class=\"stk-block-text__text\">A very similar practical use case: ensuring that the codes of conduct of a large industrial company's suppliers align in content with the buyer's CoC. This is important for legal requirements, reputation protection, ESG (Environmental, Social, and Governance) guidelines, and procurement policies. Deviations can lead to audit findings, contractual risks, and supplier debarment.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-f333c02\" data-block-id=\"f333c02\"><p class=\"stk-block-text__text\">The essential difference to DORA: there is no formalized catalog of paragraphs here. Instead, the AI extracts the relevant guiding principles and control points from the buyer's CoC and compares them semantically with the suppliers' CoCs, thus recognizing statements with the same meaning stated differently or gaps.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-053c59d\" id=\"robustes-vorgehen-auf-basis-von-embeddings\" data-block-id=\"053c59d\"><h3 class=\"stk-block-heading__text\">Robust approach based on embeddings<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-icon-list stk-block-icon-list stk-block stk-762ddf8\" data-block-id=\"762ddf8\"><style>.stk-762ddf8 {--stk-icon-list-column-count:1 !important;--stk-icon-list-row-gap:18px !important;--stk-icon-list-marker-color:var(--gelbgruen) !important;}.stk-762ddf8 .stk-block-icon-list-item__content{align-items:baseline !important;}<\/style><svg style=\"display:none\"><defs><g id=\"stk-icon-list__icon-svg-def-762ddf8\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 448 512\"><path d=\"M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48z\" \/><\/svg><\/g><\/defs><\/svg><ul class=\"stk-block-icon-list__ul stk-block-icon-list--column\">\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-c2cb8be\" data-block-id=\"c2cb8be\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-762ddf8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Buyer-CoC and all Supplier-CoCs are parsed, broken down into sections, and vectorized.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-efb9c5a\" data-block-id=\"efb9c5a\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-762ddf8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Key points, policies, and mandatory statements are derived from the Buyer's Code of Conduct and also stored as embeddings.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-44ddb6c\" data-block-id=\"44ddb6c\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-762ddf8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">A multi-instance subprocess runs for each supplier: semantic search for matching passages, LLM-based evaluation, evidence link to the text passages.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-2fd6fa1\" data-block-id=\"2fd6fa1\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-762ddf8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Guardrails before and after LLM evaluation secure inputs and outputs, for example, prompt injection filters, PII redaction, leakage checks, and explainability requirements.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-b1a443f\" data-block-id=\"b1a443f\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-762ddf8\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\">Results are consolidated by supplier, gaps and deviations are marked with severity, and optional automatic tasks are created in Procurement or Compliance.<\/span><\/div><\/li>\n<\/ul><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-991b469\" id=\"high-level-bpmn-diagramm\" data-block-id=\"991b469\"><h3 class=\"stk-block-heading__text\">High-level BPMN diagram<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-image aligncenter stk-block-image stk-block stk-1a613a4\" data-block-id=\"1a613a4\"><style>.stk-1a613a4 .stk-img-wrapper{width:100% !important;}.stk-1a613a4 .stk-img-wrapper img{border-radius:40px !important;object-fit:fill !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-5877\" src=\"https:\/\/www.evia.de\/wp-content\/uploads\/2025\/08\/br-ai-n_compliance_workflow_w_embeddings-e1755671038250.png\" width=\"1124\" height=\"632\" alt=\"A developer is working on a computer, with code displayed on the screen for database development and modernization.\"\/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-6ef65ec\" id=\"warum-nicht-beide-co-cs-einfach-in-ein-starkes-llm-mit-grossem-context-window-geben\" data-block-id=\"6ef65ec\"><h3 class=\"stk-block-heading__text\">Why not just put both CoCs into a strong LLM with a large context window?<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-c5eb505\" data-block-id=\"c5eb505\"><p class=\"stk-block-text__text\">Because an LLM-only approach quickly becomes unscalable and expensive with the length and number of documents, results are difficult to reproduce, and evidence tracking suffers. With embeddings and a vector store, we retrieve only the truly relevant passages for each question, reducing tokens and costs, lowering hallucinations, anchoring every statement to evidence points with citations, enabling consistent point-by-point matching even with differently phrased semantics, reusing indexes for new suppliers or updates, and fulfilling audit and compliance requirements through stable, traceable pipelines. In short, <strong>Retrieval augmented generation<\/strong> supplies <strong>more precise, cheaper, reproducible, and auditable<\/strong>, especially with many CoCs.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-spacer stk-block-spacer stk--no-padding stk-block stk-1c54f5e\" data-block-id=\"1c54f5e\"><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-2507f15\" id=\"regulatorisch-sicher-und-reproduzierbar-eu-ai-act-und-iso-42001-mit-validaitor\" data-block-id=\"2507f15\"><h2 class=\"stk-block-heading__text\">Regulatory certainty and reproducibility: EU AI Act and ISO 42001 with Validator<\/h2><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-ae3444a\" data-block-id=\"ae3444a\"><p class=\"stk-block-text__text\">Especially in regulated industries, the pressure to operate AI in a comprehensible, secure, and auditable manner is growing. To ensure our solution meets the requirements of the EU AI Act and ISO 42001 while delivering consistent, accurate results, we are integrating <strong><a href=\"https:\/\/www.evia.de\/en\/ki-governance-compliance\/\" data-type=\"link\" data-id=\"https:\/\/www.evia.de\/ki-governance-compliance\/\">Validator<\/a><\/strong>. The tool combines automated <strong>Compliance<\/strong>, <strong>Governance<\/strong> and <strong>Testing<\/strong> of AI solutions and models. Result: audit-proof evidence, reproducible quality, and stable results, regardless of LLM or infrastructure changes.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-80c2bf5\" id=\"was-wir-u-a-mit-validaitor-absichern\" data-block-id=\"80c2bf5\"><h3 class=\"stk-block-heading__text\">What we ensure with Validator, among other things<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-icon-list stk-block-icon-list stk-block stk-6517cf6\" data-block-id=\"6517cf6\"><style>.stk-6517cf6 {--stk-icon-list-row-gap:18px !important;--stk-icon-list-marker-color:var(--gelbgruen) !important;}.stk-6517cf6 .stk-block-icon-list-item__content{align-items:baseline !important;}<\/style><svg style=\"display:none\"><defs><g id=\"stk-icon-list__icon-svg-def-6517cf6\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 448 512\"><path d=\"M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48z\" \/><\/svg><\/g><\/defs><\/svg><ul class=\"stk-block-icon-list__ul stk-block-icon-list--column\">\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-bad84c2\" data-block-id=\"bad84c2\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-6517cf6\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>AI Inventory and Lineage<\/strong>: comprehensive capture of models, datasets, prompts, pipelines, versions, hashes, artifacts.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-f22b891\" data-block-id=\"f22b891\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-6517cf6\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Control Framework Mapping<\/strong>Requirements from the EU AI Act and ISO 42001 are mapped to specific controls, policies, and processes.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-7c92a2b\" data-block-id=\"7c92a2b\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-6517cf6\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Automated test suites<\/strong>: Privacy, Security, Robustness, Bias, Red-Teaming. Results including metrics, evidence, and thresholds.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-fac143c\" data-block-id=\"fac143c\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-6517cf6\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Risk Management<\/strong>Identified risks with severity, actions, responsibilities, and deadlines.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-d76f077\" data-block-id=\"d76f077\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-6517cf6\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Audit Trail<\/strong>Immutable logs with timestamps and references to all artifacts, ready for internal and external audits.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-9f951d7\" data-block-id=\"9f951d7\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-6517cf6\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Drift Control<\/strong>Golden datasets, regression tests, baselines, monitoring of data, prompt, and model drift.<\/span><\/div><\/li>\n\n\n\n<li class=\"wp-block-stackable-icon-list-item stk-block-icon-list-item stk-block stk-8ad61cd\" data-block-id=\"8ad61cd\"><div class=\"stk-block-icon-list-item__content\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg aria-hidden=\"true\" width=\"32\" height=\"32\"><use xlink:href=\"#stk-icon-list__icon-svg-def-6517cf6\"><\/use><\/svg><\/div><\/span><span class=\"stk-block-icon-list-item__text\"><strong>Reproducibility<\/strong>Pinning model versions, runtimes, and dependencies, deterministic pipelines, seed management.<\/span><\/div><\/li>\n<\/ul><\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-stackable-spacer stk-block-spacer stk--no-padding stk-block stk-d3a99b0\" data-block-id=\"d3a99b0\"><style>.stk-d3a99b0 {height:150px !important;}<\/style><\/div>\n\n\n\n<div class=\"wp-block-stackable-columns stk-block-columns stk-block stk-a6d05fc stk-block-background\" data-block-id=\"a6d05fc\"><style>.stk-a6d05fc {background-color:var(--cyan) !important;border-top-left-radius:40px !important;border-top-right-radius:40px !important;border-bottom-right-radius:40px !important;border-bottom-left-radius:40px !important;overflow:hidden !important;}.stk-a6d05fc:before{background-color:var(--cyan) !important;}<\/style><div class=\"stk-row stk-inner-blocks stk-block-content stk-content-align stk-a6d05fc-column\">\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-e09279d\" data-v=\"4\" data-block-id=\"e09279d\"><style>@media screen and (min-width: 768px){.stk-e09279d {flex:var(--stk-flex-grow, 1) 1 calc(66.666% - var(--stk-column-gap, 0px) * 1 \/ 2 ) !important;}}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-e09279d-container stk--no-background stk--no-padding\"><div class=\"stk-block-content stk-inner-blocks stk-e09279d-inner-blocks\">\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-f4dee0b\" id=\"unverbindliches-erstgesprach-buchen\" data-block-id=\"f4dee0b\"><h2 class=\"stk-block-heading__text\">Book a free introductory meeting<\/h2><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-bf1ae85\" id=\"in-einem-kompakten-termin-klaren-wir-wir-sie-beim-datenmanagement-unterstutzen-konnen\" data-block-id=\"bf1ae85\"><h3 class=\"stk-block-heading__text\">In a compact meeting, we'll clarify how we can support you with data management.<\/h3><\/div>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-7a274ec\" data-v=\"4\" data-block-id=\"7a274ec\"><style>.stk-7a274ec {align-self:center !important;}@media screen and (min-width: 768px){.stk-7a274ec {flex:var(--stk-flex-grow, 1) 1 calc(33.334% - var(--stk-column-gap, 0px) * 1 \/ 2 ) !important;}}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-7a274ec-container stk--no-background stk--no-padding\"><div class=\"has-text-align-center stk-block-content stk-inner-blocks stk-7a274ec-inner-blocks\">\n<div class=\"wp-block-stackable-button-group stk-block-button-group stk-block stk-f336aec\" data-block-id=\"f336aec\"><div class=\"stk-row stk-inner-blocks stk-block-content stk-button-group\">\n<div class=\"wp-block-stackable-button stk-block-button stk-block stk-5f16a7d\" data-block-id=\"5f16a7d\"><style>.stk-5f16a7d .stk-button{background:var(--schwarz) !important;border-top-left-radius:10px !important;border-top-right-radius:10px !important;border-bottom-right-radius:10px !important;border-bottom-left-radius:10px !important;}.stk-5f16a7d .stk-button:hover:after{background:var(--weiss) !important;opacity:1 !important;}.stk-5f16a7d .stk-button:before{border-style:solid !important;border-color:var(--schwarz) !important;}.stk-5f16a7d .stk-button__inner-text{color:var(--weiss) !important;text-transform:uppercase !important;}.stk-5f16a7d .stk-button:hover .stk-button__inner-text{color:var(--schwarz) !important;}<\/style><a class=\"stk-link stk-button stk--hover-effect-darken\" href=\"https:\/\/outlook.office.com\/book\/TerminbuchungDolgopolskiy@evia.de\/\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-text-color stk-button__inner-text\">Book an appointment now!<\/span><\/a><\/div>\n<\/div><\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-stackable-spacer stk-block-spacer stk--no-padding stk-block stk-9ae18cf\" data-block-id=\"9ae18cf\"><style>.stk-9ae18cf {height:150px !important;}<\/style><\/div>","protected":false},"excerpt":{"rendered":"<p>Built with br.AI.n: Automated Compliance Checking\nOne of the few application areas where Generative AI is already proving productive today is the classification and analysis of content in documents. With the right toolchain and well-coordinated workflows, the accuracy of the evaluation can match or even exceed human analysis, while offering incomparably higher processing speeds. In this blog post\u2026 <a title=\"Built with br.AI.n: Automated Compliance Audits\" class=\"read-more\" href=\"https:\/\/www.evia.de\/en\/automatisierte-compliance-pruefung-mit-ki\/\" aria-label=\"Read more about Built with br.AI.n: Automated Compliance Auditing\">Read more<\/a><\/p>","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[24],"tags":[45,38,39,53,54,43,44,42,55,56],"class_list":["post-5868","post","type-post","status-publish","format-standard","hentry","category-inside-evia","tag-agenticai","tag-ai-2","tag-artificialintelligence","tag-compliance","tag-dora","tag-ki-2","tag-llm-2","tag-lowcode","tag-bpmn","tag-br-ai-n"],"_links":{"self":[{"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/posts\/5868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/comments?post=5868"}],"version-history":[{"count":17,"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/posts\/5868\/revisions"}],"predecessor-version":[{"id":6683,"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/posts\/5868\/revisions\/6683"}],"wp:attachment":[{"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/media?parent=5868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/categories?post=5868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.evia.de\/en\/wp-json\/wp\/v2\/tags?post=5868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}