# SIMOSphere AI > Data-Driven AI Orchestration Platform for European SMEs by SIMO GmbH, Aschaffenburg, Germany. Sovereign AI that keeps enterprise data in your infrastructure — on-premise or private cloud, GDPR compliant, EU AI Act ready. SIMOSphere AI connects enterprise data sources (CRM, ERP, email, databases, document management) with AI agents through standardized APIs and the Model Context Protocol (MCP). The platform orchestrates multiple LLMs and autonomous agents for sales, customer service, compliance, and knowledge management — without sending data to external cloud services. - Company: SIMO GmbH, Wuerzburger Str. 152, 63743 Aschaffenburg, Germany - Founded: 2019 - Registration: HRB 15769, AG Aschaffenburg - Trademark: DPMA 30 2024 240 269 - Languages: German (default), English - Region: DACH (Germany, Austria, Switzerland) - Contact: +49 6021 3274550 - Corporate website: https://simo-online.com - Blog: https://simo-online.com/blog - LinkedIn: https://www.linkedin.com/company/simo-gmbh-aschaffenburg/ --- ## Platform & Product ### SIMOSphere AI Platform URL: https://simosphereai.com/platform/ SIMOSphere AI is the European AI Operating System — a modular enterprise architecture for data-driven companies. **Architecture (4 layers):** 1. Client Layer: ContextChat workspace, dashboards, agent configuration 2. Gateway Layer: API gateway, authentication, rate limiting 3. Services Layer: Multi-LLM orchestration, autonomous agents, RAG pipeline, DataFlow engine, MCP integration 4. Data Layer: Databases, document stores, external APIs, CRM/ERP systems **Platform Modules:** - **ContextChat Workspace**: Chat interface for interacting with AI agents and enterprise data - **Multi-LLM Orchestration**: Intelligent routing across multiple language models (Claude, GPT, Gemini, Llama, Mistral) — selects the optimal model per task - **Autonomous Agents**: Docker-isolated agents with 3-tier memory (short-term, long-term, episodic), sleep/wake cycles, personality configuration, and full governance/audit trails - **RAG Pipeline**: Retrieval-Augmented Generation with hybrid search, reranking, document indexing, and context-aware answers from enterprise documents - **DataFlow Engine**: Real-time data processing, pipeline automation, heartbeat monitoring - **MCP Integration**: Model Context Protocol for standardized connections to enterprise data sources **Security & Compliance:** - GDPR compliant (DSGVO-konform) - EU AI Act ready - ISO 27001, SOC 2 aligned - AES-256-GCM encryption - On-premise or private cloud deployment - Zero-trust architecture - No US data transfer **Pricing:** - AI Core: EUR 199/month — ContextChat Workspace, Multi-LLM Orchestration, MCP Integration, DataFlow Engine, GDPR & EU AI Act compliance - DataAgent: EUR 79/month — Data analysis & reporting, pipeline automation, real-time data processing, heartbeat monitoring - RAGAgent: EUR 89/month — RAG Pipeline, hybrid search & reranking, document indexing, context-aware answers - Autonomous Agent: EUR 150/month — Docker-isolated, 3-tier memory, sleep/wake & personality, governance & audit trail Platform activation: https://activate.simosphereai.com --- ### Data-Driven AI URL: https://simosphereai.com/data-driven-ai/ Data-Driven AI means using enterprise data as the foundation for AI-powered decisions — securely, efficiently, and under full control. **The Challenge:** 1. Data silos & fragmentation: Enterprise data is scattered across dozens of systems without unified access 2. Privacy vs. AI usage: Public AI tools like ChatGPT require sending data to external servers, violating GDPR 3. Missing data strategy: 73% of enterprise data remains unused because there is no strategy for AI integration **SIMOSphere AI Solution:** - **Data Sovereignty**: All data stays in your infrastructure. No external cloud processing. Full control over what AI can access. - **Smart Data Integration**: Standardized connectors for CRM, ERP, email, databases, and document management systems. API integration typically takes 3 hours instead of 3 months. - **AI-Powered Analytics**: Autonomous agents analyze data in real-time, generate reports, identify patterns, and provide actionable recommendations. **Key Metrics:** - 360x faster API integration (3 hours vs. 3 months) - 40% cost reduction through automation - 100% data sovereignty — data never leaves your infrastructure **Use Cases:** - Sales & Revenue: AI analyzes customer data, creates personalized offers, predicts buying behavior - Compliance: Automated monitoring of regulatory requirements (GDPR, EU AI Act, industry regulations) - Customer Service: Multi-channel automation with context-aware responses from enterprise knowledge - Knowledge Management: Enterprise-wide knowledge retrieval, document analysis, expert system **FAQ:** - Q: What Is Data-Driven AI — and Why Does It Matter? A: Data-Driven AI is an approach where enterprise decisions are based on AI analysis of your own data — not generic models, but AI that understands your specific business context. - Q: How does SIMOSphere AI ensure data sovereignty? A: All processing happens on-premise or in your private cloud. No data is sent to external AI providers. You control what data AI agents can access through fine-grained permissions. - Q: Is Data-Driven AI GDPR compliant? A: Yes. SIMOSphere AI is designed for GDPR compliance from the ground up. Data stays in EU infrastructure, processing is transparent, and all AI actions are auditable. - Q: What data sources can be connected? A: CRM systems, ERP systems, email servers, relational databases, document management systems, file servers, and custom APIs via the Model Context Protocol (MCP). - Q: How quickly can we get started? A: After an Experience Session (30 min, free) and Blueprint Session (4 hours), the Proof Sprint delivers measurable results in 4-6 weeks. --- ### MCP Server Integration URL: https://simosphereai.com/mcp-server/ The Model Context Protocol (MCP) is a standardized protocol for connecting enterprise data sources with AI agents — securely, efficiently, and GDPR-compliant. **The Challenge:** 1. Incompatible systems: Every AI tool has its own API, creating integration chaos 2. Privacy risks: Data must flow through external servers for processing 3. High integration effort: Custom integrations for every data source are expensive and fragile **SIMOSphere AI MCP Solution:** - **Standardized Protocol**: One protocol to connect all enterprise data sources. MCP provides a unified interface for databases, APIs, file systems, and communication tools. - **GDPR-Compliant by Design**: Data stays within your infrastructure. MCP servers run on-premise. No data leaves your network for AI processing. - **Plug-and-Play Integration**: Pre-built MCP connectors for common enterprise systems. New data sources can be connected in hours, not months. **Architecture:** Data Sources (CRM, ERP, Email, Databases, Documents) → MCP Server (on-premise) → AI Agents (SIMOSphere AI Platform) The MCP Server acts as a secure gateway between your data and AI agents. It handles authentication, rate limiting, data transformation, and access control. **Key Metrics:** - 360x faster integration vs. custom APIs - 100% data sovereignty — processing stays on-premise - 1 standardized protocol for all data sources - Full GDPR and EU AI Act compliance **Use Cases:** - CRM Integration: AI agents access customer data, update records, and trigger workflows directly through MCP - ERP Connection: Real-time access to inventory, orders, and financial data for AI-powered analysis - Document Management: AI agents search, summarize, and extract information from enterprise document stores - Email Analysis: Automated email processing, classification, and response drafting with full context **FAQ:** - Q: What is an MCP Server? A: An MCP (Model Context Protocol) Server is a standardized interface that connects enterprise data sources with AI models. It acts as a secure gateway, allowing AI agents to read and interact with your data without the data leaving your infrastructure. - Q: Is the MCP Server GDPR compliant? A: Yes. The MCP Server runs entirely on-premise or in your private cloud. No data is transmitted to external services. All access is logged and auditable. - Q: What data sources does MCP support? A: Databases (SQL, NoSQL), CRM systems (Salesforce, HubSpot), ERP systems (SAP, Microsoft Dynamics), email servers (Exchange, Gmail), file systems, document management systems, and custom REST/GraphQL APIs. - Q: How long does MCP integration take? A: Typically 3 hours for standard connectors. Complex custom integrations may take 1-2 days. --- ### LLM Orchestration URL: https://simosphereai.com/llm-orchestrierung/ LLM Orchestration coordinates multiple AI models and autonomous agents to solve complex enterprise tasks — intelligently, efficiently, and under central control. **The Challenge:** 1. Isolated AI tools: Individual ChatGPT, Copilot, or Claude subscriptions create shadow AI without governance 2. Uncontrolled AI usage: No visibility into what data employees share with AI tools 3. Scaling problems: Single AI tools cannot handle complex, multi-step enterprise workflows **SIMOSphere AI Orchestration Solution:** - **Multi-LLM Routing**: Intelligent routing across Claude, GPT, Gemini, Llama, and Mistral. The orchestration layer selects the optimal model for each task based on capability, cost, and latency. - **Agentic AI Framework**: Autonomous agents with defined roles, goals, and constraints. Agents collaborate on complex tasks, delegate subtasks, and validate results. - **Central Control**: Unified dashboard for all AI activity. Token usage tracking, access control, audit logs, and governance policies. **How It Works:** Input (Task/Request) → Orchestration Layer (model selection, agent routing, context assembly) → AI Agents (specialized per domain) → Validation → Output (verified result) **AI Agents:** - **William Salespear** (Sales Agent): Analyzes customer data, creates personalized offers, optimizes sales pipelines, predicts buying behavior - **Service Agent**: Multi-channel customer service automation with context from CRM and knowledge base - **Compliance Agent**: Monitors regulatory compliance (GDPR, EU AI Act, industry regulations), flags violations, generates compliance reports - **Knowledge Agent**: Enterprise knowledge management — searches, summarizes, and retrieves information across all connected data sources - **Analytics Agent**: Data analysis, report generation, trend identification, anomaly detection **Key Metrics:** - 5+ specialized AI agents working in concert - 40% cost reduction through intelligent model routing (using cheaper models for simple tasks) - 10x faster processing through parallel agent execution - 24/7 autonomous operation with human-in-the-loop escalation **Use Cases:** - Sales Automation: William Salespear analyzes CRM data, identifies high-value leads, generates personalized outreach, and updates pipeline automatically - Multi-Channel Service: Service Agent handles customer inquiries across email, chat, and phone with full context from enterprise systems - Compliance Monitoring: Compliance Agent continuously monitors communications and documents for regulatory violations - Knowledge Management: Knowledge Agent creates a searchable, AI-powered knowledge base from all enterprise documents and communications **FAQ:** - Q: What is LLM Orchestration? A: LLM Orchestration is the coordination of multiple Large Language Models and AI agents to solve complex tasks. Instead of using a single AI model, orchestration routes each subtask to the most suitable model and agent. - Q: Why not just use ChatGPT? A: ChatGPT is a single model with no access to your enterprise data, no governance, and no ability to take actions in your systems. SIMOSphere AI orchestrates multiple models with full data access, audit trails, and enterprise-grade security. - Q: How does Multi-LLM routing save costs? A: Simple tasks (summarization, classification) are routed to smaller, cheaper models. Complex tasks (analysis, generation) go to more capable models. This typically reduces AI costs by 30-40%. - Q: Can agents take actions or only answer questions? A: Autonomous agents can take actions — update CRM records, send emails, generate reports, trigger workflows — all within defined governance policies and with full audit trails. --- ## Free Tools ### TokenizerSpeedUp URL: https://tokenizer-speedup.simosphereai.com npm: https://www.npmjs.com/package/@simosphere/tokenizer-speedup Reduce Claude Code and Claude Desktop token costs by 30-60% through intelligent context gating. Free and open source. **Features:** - Context Gating: Automatically filters irrelevant context before sending to AI - YAML Rules Engine: Define custom rules for context inclusion/exclusion - Real-time Dashboard: Monitor token savings and usage - Claude Code Hooks Integration: Works with Claude Code's hook system - Claude Desktop MCP Integration: MCP server for Claude Desktop --- ## Getting Started **4-Step Journey:** 1. **Experience Session** (free, 30 minutes): Live demo with your questions. See AI agents in action. Book at https://simosphereai.com/demo/ 2. **Blueprint Session** (4 hours): Workshop with your actual data. Define use cases, map data sources, design agent configurations. 3. **Proof Sprint** (4-6 weeks): Implement first use case with measurable results. Demonstrate ROI with your data. 4. **Activation**: Full platform deployment with all configured agents and integrations. Contact: +49 6021 3274550 Booking: https://simosphereai.com/demo/ (redirects to Outlook booking for SIMOSphereConsulting@simo-online.com) --- ## Legal - Cookie Policy: https://simosphereai.com/cookies/ - Imprint: https://simo-online.com/imprint (SIMO GmbH, HRB 15769, AG Aschaffenburg) - Privacy Policy: https://simo-online.com/datenschutz --- ## API Reference The public API surface lives at `https://simosphereai.com/api/`. The full platform API (workspaces, agents, BYOK) runs at `https://api.simosphereai.com/` and requires authentication. ### Endpoints | Endpoint | Method | Purpose | |---|---|---| | [`/api/chat-completion.php`](https://simosphereai.com/api/chat-completion.php) | POST | Public chat proxy (HMAC-bound) | | [`/api/chat-completion.php?action=token`](https://simosphereai.com/api/chat-completion.php?action=token) | GET | Issue ephemeral session token | | [`/api/ask.php`](https://simosphereai.com/api/ask.php) | POST | NLWeb natural-language query | | [`/api/ask.php`](https://simosphereai.com/api/ask.php) | GET | NLWeb capability discovery | | [`/api/consulting.json`](https://simosphereai.com/api/consulting.json) | GET | Consulting catalogue | | [`/api/hardware.json`](https://simosphereai.com/api/hardware.json) | GET | Hardware catalogue | | [`/openapi.json`](https://simosphereai.com/openapi.json) | GET | OpenAPI 3.1 spec | | [`/.well-known/mcp/manifest.json`](https://simosphereai.com/.well-known/mcp/manifest.json) | GET | MCP manifest | --- ## Authentication ### Public chat (anti-bot HMAC tokens) The marketing chat does not require an API key from the visitor. Instead, every browser fetches a short-lived HMAC-signed session token bound to its IP + User-Agent. Headless bots without a real page load cannot mint a token. ```bash # Step 1: fetch a token (origin header required) curl -sS 'https://simosphereai.com/api/chat-completion.php?action=token' \ -H 'Origin: https://simosphereai.com' # → {"token":"eyJ0Ijox...","expires":1779000000,"min_age":3} ``` ### Platform API (Bearer token) For workspace + agent endpoints on `api.simosphereai.com`, use a Bearer token created at https://onboarding.simosphereai.com. ```bash curl -sS https://api.simosphereai.com/v1/models \ -H 'Authorization: Bearer sk-simo-...' ``` --- ## Quickstart examples ### 1. Minimal chat call (public, no account) ```bash TOKEN=$(curl -sS 'https://simosphereai.com/api/chat-completion.php?action=token' \ -H 'Origin: https://simosphereai.com' | jq -r .token) # wait 3+ seconds (token min_age = anti-bot) sleep 4 curl -sS -X POST 'https://simosphereai.com/api/chat-completion.php' \ -H 'Content-Type: application/json' \ -H 'Origin: https://simosphereai.com' \ -H "X-Simo-Token: $TOKEN" \ -d "{ \"message\": \"Was kostet der Business-Plan?\", \"model\": \"swiss-ai/apertus-8b-instruct-2509\", \"mode\": \"online\", \"session_token\": \"$TOKEN\" }" ``` ### 2. NLWeb /ask call ```bash curl -sS -X POST 'https://simosphereai.com/api/ask.php' \ -H 'Content-Type: application/json' \ -d '{"query": "Is SIMOSphere AI GDPR compliant?"}' ``` ### 3. NLWeb streaming (Server-Sent Events) ```bash curl -N -X POST 'https://simosphereai.com/api/ask.php' \ -H 'Content-Type: application/json' \ -H 'Prefer: streaming' \ -d '{"query": "How fast can I go live?"}' # → event: start \n data: {...} # event: result \n data: {...} # event: complete \n data: {} ``` ### 4. Platform API · OpenAI-compatible chat completion ```python from openai import OpenAI client = OpenAI( base_url="https://api.simosphereai.com/v1", api_key="sk-simo-...", ) resp = client.chat.completions.create( model="mistralai/mistral-large-2", messages=[{"role": "user", "content": "Erkläre den EU AI Act in 3 Sätzen."}], ) print(resp.choices[0].message.content) ``` --- ## Rate limits | Surface | Limit | Notes | |---|---|---| | `/api/chat-completion.php` | 20 req/h/IP | Returns HTTP 429 with `Retry-After`, IPs hashed in logs | | `/api/ask.php` | upstream gateway limit | 30 req/min on the marketing key | | Gateway (`api.simosphereai.com`) | per-key, configurable | RPM + TPD limits visible in dashboard | All responses include `RateLimit-Limit`, `RateLimit-Remaining`, and `RateLimit-Reset` headers per RFC 9598. Use these to self-throttle before hitting 429. --- ## Self-Service Onboarding for AI Agents If you are an autonomous agent (Claude, ChatGPT, Gemini, custom MCP client) and want to integrate with SIMOSphere AI without human intervention: ### 1. Discovery (no auth required) ```bash curl https://simosphereai.com/?mode=agent # JSON site overview curl https://simosphereai.com/api/site-meta.json # canonical machine-readable meta curl https://simosphereai.com/api/mcp.php # WebMCP manifest curl https://simosphereai.com/openapi.json # OpenAPI 3.1 spec curl https://simosphereai.com/api/status.php # health check ``` ### 2. Public chat (no account, no key) ```bash TOKEN=$(curl -sS 'https://simosphereai.com/api/chat-completion.php?action=token' \ -H 'Origin: https://simosphereai.com' | jq -r .token) sleep 4 curl -X POST 'https://simosphereai.com/api/chat-completion.php' \ -H 'Content-Type: application/json' \ -H 'Origin: https://simosphereai.com' \ -H "X-Simo-Token: $TOKEN" \ -d "{\"message\":\"What does SIMOSphere AI cost?\",\"session_token\":\"$TOKEN\"}" ``` ### 3. NLWeb ask (no account, no key) ```bash curl -X POST 'https://simosphereai.com/api/ask.php' \ -H 'Content-Type: application/json' \ -d '{"query":"Explain the EU AI Act in three sentences."}' ``` ### 4. WebMCP tools (no account, no key) ```bash curl -X POST 'https://simosphereai.com/api/mcp.php' \ -H 'Content-Type: application/json' \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' curl -X POST 'https://simosphereai.com/api/mcp.php' \ -H 'Content-Type: application/json' \ -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"get_pricing","arguments":{"category":"platform"}}}' ``` ### 5. Platform-side autonomous flow (account required) For full programmatic access to workspaces, agents, BYOK keys, data-source connectors: 1. **Create free account** — browser flow on `https://onboarding.simosphereai.com/de/register` (14-day trial, no credit card). 2. **Obtain API key** — workspace settings → generate `sk-simo-...` Bearer token. 3. **Call platform endpoints** — `https://api.simosphereai.com/v1/*` with `Authorization: Bearer sk-simo-...`. OpenAI-compatible chat completions shape. 4. **MCP integration** — point your MCP client at `https://api.simosphereai.com/mcp` with the same Bearer token in the `Authorization` header. For agentic commerce flows (autonomous purchase of a paid plan) refer to the [Gateway Handoff doc](https://simosphereai.com/docs/orank-gateway-handoff.md) (ACP / UCP / MPP / x402 roadmap). --- ## Discoverability - [`/llms.txt`](https://simosphereai.com/llms.txt) — top-level AI-readable overview - [`/llms-full.txt`](https://simosphereai.com/llms-full.txt) — this document - [`/api/llms.txt`](https://simosphereai.com/api/llms.txt) — scoped to the API - [`/docs/llms.txt`](https://simosphereai.com/docs/llms.txt) — scoped to product documentation - [`/developers/llms.txt`](https://simosphereai.com/developers/llms.txt) — integration guide for developers - [`/AGENTS.md`](https://simosphereai.com/AGENTS.md) — repo-level instructions for AI coding agents - [`/?mode=agent`](https://simosphereai.com/?mode=agent) — machine-readable agent view of the homepage --- ## Comparisons (fair, with "when the competitor fits" sections) ### SIMOSphere AI vs ChatGPT Team URL: https://simosphereai.com/compare/vs-chatgpt-team.php Alternative to ChatGPT Team for EU SMBs. 10-criterion side-by-side comparison covering data residency, EU AI Act, model choice, on-premise, CRM/ERP integration, pricing (~ EUR 249/mo for 10 seats on SIMOSphere Business plan vs ~ USD 250/mo on ChatGPT Team), workspace inclusion, custom agents, audit logs, and vendor lock-in. **When SIMOSphere AI fits**: regulated data (banking, health, legal, public), on-premise mandate, multi-model strategy, MCP-native CRM/ERP integration, EU AI Act audit trail as hard requirement. **When ChatGPT Team fits**: first access to newest OpenAI models (GPT-5, Sora, DALL-E, Code Interpreter, Voice mode), non-critical data classification, no own infrastructure required. You can keep ChatGPT via BYOK in the SIMOSphere API key layer. ### SIMOSphere AI vs Claude for Work URL: https://simosphereai.com/compare/vs-claude-for-work.php Alternative to Claude for Work and Claude Enterprise for the German Mittelstand. 10-criterion comparison; SIMOSphere wins on data residency, MCP-native CRM/ERP integration, on-premise capability, multi-model orchestration, and German industry tonality. Claude wins on long-context reasoning (200k native), single-model code/reasoning leadership, Anthropic skills + sub-agents SDK ecosystem. **Hybrid recommendation**: keep Claude as the high-quality reasoning model via BYOK in the SIMOSphere API key layer, route compliance-sensitive workloads to EU models (Apertus 8B, Mistral Large 2). ### SIMOSphere AI vs Dataiku URL: https://simosphereai.com/compare/vs-dataiku.php Alternative to Dataiku for organizations focused on generative AI in production. SIMOSphere is LLM-centric and ships pre-configured EU models (Apertus, Mistral suite). Dataiku remains the choice for classical ML pipelines (AutoML, MLOps, feature store) and citizen data scientists with visual recipe editors. Time-to-value: SIMOSphere account in 30 seconds and first MCP connector in hours vs Dataiku notebook/pipeline setup in weeks to months. Pricing: transparent SIMOSphere Business EUR 249/mo for 10 seats vs Dataiku enterprise license (typically 5-figure annual + 6-figure implementation engagement). **Hybrid recommendation**: Dataiku for predictive ML, SIMOSphere AI for generative AI + agents — cleanly separated. --- ## Integration + Compliance Guides ### CRM + ERP Integration Guide URL: https://simosphereai.com/guides/crm-erp-integration.php How SIMOSphere AI integrates with the most common SMB systems via the Model Context Protocol (MCP). Supported systems with auth method, MCP connector slug, and empirical time-to-value: | System | Category | Auth | MCP Connector | Time-to-Value | |------------------------------|-------------|----------------------------|---------------------|---------------| | Salesforce | CRM | OAuth 2.0 | mcp-salesforce | 0.5–1 day | | HubSpot | CRM | OAuth 2.0 | mcp-hubspot | 2–4 h | | Microsoft Dynamics 365 | CRM/ERP | OAuth 2.0 (Azure AD) | mcp-dynamics365 | 0.5–1 day | | SAP S/4HANA | ERP | OAuth 2.0 / SAML | mcp-sap | 2–5 days | | Odoo | ERP | API key | mcp-odoo | 2–4 h | | Microsoft 365 | Productivity| OAuth 2.0 (Azure AD) | mcp-ms365 | 0.5 day | | Nextcloud | Documents | App password | mcp-nextcloud | 1–2 h | Architecture in 4 layers: data sources → per-system MCP server (with audit logs) → SIMOSphere orchestrator (RBAC, model routing, data classification) → workspace + teammates (business users via chat surface or predefined teammates William Salespear / Service Agent / Knowledge Agent / Compliance Agent / Analytics Agent). Time-to-value values are empirical from the last 18 customer implementations (Q4/2025 – Q2/2026). Complex custom fields or legacy bridges can exceed these. Entry package: Friction Tax Sprint (EUR 1,450, 4 hours) takes one complete process live from CRM read to productive teammate. ### EU AI Act Compliance Guide URL: https://simosphereai.com/guides/eu-ai-act-compliance.php Pragmatic compliance guide for SMBs and enterprises. Disclaimer: not legal advice, summarizes SIMO learnings from 18 audit projects between Q4 2024 and Q2 2026. **Deployer status**: a company becomes a deployer ("Betreiber") under the EU AI Act as soon as it uses any AI system under its own responsibility in a professional context — including purchased SaaS modules like ChatGPT, Copilot, or SIMOSphere AI. Private use is exempt. **Deadlines**: | Date | Trigger | |----------------|---------------------------------------------------------------------| | 02 Feb 2025 | Training duty (Art. 4) and ban on prohibited practices (Art. 5) | | 02 Aug 2025 | GPAI model duties enter into force | | 02 Aug 2026 | Full applicability for high-risk systems under Annex III | | 02 Aug 2027 | High-risk systems under Annex I (product safety federation) | **6-step path to compliance**: 1. AI inventory: list all deployed AI systems incl. SaaS modules. 2. Risk classification per Annex III: prohibited / high-risk / limited / minimal. 3. Training duty Art. 4: all persons with AI access trained — documented. 4. Build audit trail: per prompt log who / what / which model / which data source / outcome. 5. Transparency + notification duties: inform end customers of direct AI interaction; label deepfakes. 6. Conformity documentation for each high-risk system: declaration of conformity, risk management system, technical documentation, post-market monitoring. **SIMOSphere coverage**: per-prompt audit trail (CSV/S3/webhook export), risk-class tags per workflow, EU model cards with sub-processor listing, EU-only or on-premise data residency, two certified training packages (AI Prompting für Entscheider EUR 490, DSGVO-konform mit LLMs EUR 890), and the EU AI Act Audit (EUR 2,900, 1 day) which delivers per-system risk classification, training proof set, documentation templates, and a prioritized action plan. **Definition of high-risk under Annex III** (most common SMB cases): HR recruiting decisions, performance evaluation, creditworthiness scoring, insurance pricing, essential public services, education access, biometric identification, law enforcement, migration. AI in HR recruiting is frequently high-risk and triggers the full conformity-assessment chain.