NADOVO — Frequently Asked Questions (FAQ)

Category 1: Getting Started

How does NADOVO work? What is the compliance journey?

NADOVO guides you through EU AI Act compliance in 5 phases. You work through the phases in order:

Phase 1 — Discover: Capture all AI systems in your company (e.g. ChatGPT, Microsoft Copilot, AI-powered HR tools).

Phase 2 — Define: Document what you use each AI system for, and automatically receive a risk classification.

Phase 3 — Assess: Evaluate the risks of your AI processes and plan measures for risk mitigation.

Phase 4 — Implement: Train your employees in the use of AI (legally required by Art. 4 EU AI Act).

Phase 5 — Monitor: Capture and report AI incidents when something goes wrong.

Tip: You do not have to complete all phases at once. Start with Phase 1 and work your way forward step by step. The dashboard shows your progress at all times.

In what order should I proceed?

The recommended order for getting started:

Create AI system (Phase 1) — Enter your first AI system. The wizard guides you through 5 steps.
Release AI system — Set the status to "In operation".
Create AI process (Phase 2) — Describe what you use the system for. NADOVO classifies the risk automatically.
Release AI process — For high-risk systems, you must first perform an assessment (see below).
Plan training (Phase 4) — Document AI training for your employees.

Important: An AI process can only be released once the linked AI system has the status "In operation". NADOVO will notify you if anything is missing.

What is the difference between AI system, AI process and assessment?

These three elements form the core of NADOVO:

AI system (Phase 1): This is the technology itself — for example "ChatGPT" or "Microsoft Copilot". Here you capture which AI model you are using, where it is hosted, and who is responsible for it.

AI process (Phase 2): This is the specific use case — for example "Customer support via ChatGPT" or "Application pre-screening with an AI HR tool". An AI system can have multiple processes. The process determines the risk level.

Assessment (Phase 3): This is the risk evaluation for a specific AI process. Here you identify risks, define measures, and document how you keep those risks under control.

Relationship: An AI system has one or more AI processes. Each AI process can have an assessment. The three elements are linked — changes to one element can affect the others.

Category 2: AI Systems (Phase 1)

What do the different AI system statuses mean?

Status	Meaning	What you can do
Draft	The system is still being edited	Edit, delete or release
In operation	The system is active and released	Deactivate or create new version
Deactivated	The system is temporarily out of operation	Reactivate or archive
Archived	The system was replaced by a new version	View only, no further editing

What happens when I deactivate an AI system?

When you deactivate an AI system, NADOVO automatically updates all linked elements:

AI processes connected to this system are set to "Paused"
Assessments connected to these processes receive the status "Review required"

Why? When an AI system is no longer in operation, the associated processes cannot continue to run. The EU AI Act regulation requires you to keep your risk assessments up to date — when something on the system changes, the assessments must be reviewed.

What do you need to do?

If the deactivation is temporary: reactivate the system later. The processes will be automatically reactivated.
If the deactivation is permanent: archive the processes and, if applicable, create new ones for a replacement system.

What does "Create new version" mean for an AI system?

When something substantial changes on an AI system — for example a different AI model, new infrastructure, or a new data location — you create a new version instead of overwriting the existing system.

Why a new version instead of just editing? The EU AI Act requires that changes are documented traceably (Art. 12). With versioning, the old state is preserved and the change is verifiable at any time — including for auditors and supervisory authorities.

What happens when you create a new version?

NADOVO copies all data of the current version into a new draft
You edit the changed fields in the wizard
In the last step you see a summary of the changes
After release, the old version is archived and the new version becomes active
Linked AI processes are paused and must also be updated

Tip: You do not have to manage version numbers yourself. NADOVO automatically detects what has changed and suggests a suitable version.

Category 3: AI Processes (Phase 2)

What is a risk class and how is it determined?

The EU AI Act classifies AI systems into four risk levels:

Risk level	Meaning	Examples	Consequence
Prohibited	Banned AI practices	Social scoring, manipulative systems	Must not be used
High-risk	High-risk AI in sensitive areas	Application pre-screening, credit scoring, biometric identification	Strict requirements, mandatory assessment
Limited risk	AI with transparency obligations	Chatbots, deepfake detection	Transparency requirements
Minimal risk	Low risk	Spam filters, AI-powered search	No special requirements

How does NADOVO determine the risk level? Automatically. When you describe the purpose and scope of use in the wizard, NADOVO checks your entries against the official criteria of the EU AI Act regulation (Annex I and III). The classification appears immediately in the wizard.

Can I change the risk level? Yes. If you believe the automatic classification is incorrect, you can override it manually. You must provide a justification, which is documented in the audit trail.

Why can't I release my high-risk process?

For AI processes with the risk level "High-risk" or "Prohibited", stricter requirements apply. Release is a multi-stage process:

Step 1: Complete the process in the wizard (finish all 5 steps)

Step 2: Submit the process "For review" — This signals that the process is ready for a risk assessment.

Step 3: Perform the assessment — Go to the "Risk management" area and perform a risk assessment for this process. The assessment includes:

Identifying risks
Evaluating likelihood and impact
Defining measures for risk mitigation
Creating a Human Oversight Plan
Carrying out a Fundamental Rights Impact Assessment (FRIA)

Step 4: Approve the assessment — Make sure all mandatory fields are filled in (at least 1 risk, at least 1 measure per risk, Human Oversight Level, all FRIA categories rated).

Step 5: Release the process — Only when the assessment has the status "Approved" can you release the process.

Why so many steps? Art. 9 of the EU AI Act regulation requires that high-risk AI systems undergo a documented risk management process BEFORE they are deployed. The multi-stage release ensures that you can demonstrably meet this requirement.

Processes with low risk (Limited/Minimal): Here a direct release without an assessment is sufficient. NADOVO detects the risk level automatically and adjusts the release process accordingly.

What does the status "Paused" mean for an AI process?

A process is paused automatically when something changes on the linked AI system:

Reason 1 — AI system deactivated: The system was temporarily taken out of operation. As soon as the system is reactivated, you can reactivate the process as well.

Reason 2 — New version of the AI system: A new version of the AI system was released. The old version has been archived, and the process still points to the old version. You need to create a new process version and link the new AI system.

How do I find out why my process is paused? NADOVO shows you the next step directly in the process overview:

"Reactivate" — when the AI system is active again
"Create new version" — when the AI system has been replaced by a new version
"AI system must be activated first" — when the AI system is still deactivated

What happens to my assessment when the process is changed?

When you substantially change an AI process, the associated assessment must be reviewed. NADOVO automatically sets the assessment status to "Review required" in the following cases:

The risk class has changed (e.g. from "Limited" to "High-risk")
The linked AI system has been swapped
The process has been paused or archived
The process has been set back to draft

What do you need to do? Open the assessment, check whether the risk evaluation is still up to date, and approve it again. If the risk class has changed, you may need to identify additional risks or perform the FRIA.

Note: Assessments still in progress ("In progress") are not changed automatically — they still need to be completed anyway.

Category 4: Risk Evaluation / Assessment (Phase 3)

What is an assessment and when do I need one?

An assessment is a systematic risk evaluation for an AI process. NADOVO automatically indicates whether an assessment is required:

Indicator	Meaning	Action
"Required"	High-risk process — assessment is mandatory	Assessment must be performed and approved before the process can be released
"Recommended"	The process handles personal data or uses non-EU hosting	Assessment is recommended but not mandatory for release
"Not required"	Low risk, no special characteristics	No assessment needed

What must be included in an assessment for high-risk processes?

The EU AI Act sets clear requirements for risk management of high-risk AI. NADOVO guides you through the assessment in 6 steps:

Step 1 — Select process: Choose the AI process for which you want to perform the assessment.

Step 2 — Check prohibited practices: Check whether your AI use falls under the prohibited practices in Annex I.

Step 3 — Identify risks: Capture all relevant risks for your AI use (e.g. discrimination, data protection breach, faulty decisions).

Step 4 — Evaluation and measures: Evaluate each risk by likelihood and impact. Define at least one mitigation measure for each risk.

Step 5 — Human Oversight and FRIA:

Human Oversight: Define how humans monitor AI decisions and can intervene.
FRIA (Fundamental Rights Impact Assessment): Evaluate the impact on fundamental rights across 6 categories.

Step 6 — Summary: Review the overall evaluation and accept the residual risk.

Mandatory fields for approval:

At least 1 risk identified
For each risk, at least 1 measure defined
Human Oversight Level set
All 6 FRIA categories rated

What does "Review required" mean for an assessment?

This status means that something has changed in the context and you need to check whether your risk evaluation is still current.

Possible triggers:

The linked AI system was deactivated or replaced by a new version
The risk class of the process has changed
The process was set back to draft status

What do you need to do?

Open the assessment
Check whether the identified risks and measures still apply
Adjust the evaluation if needed
Approve the assessment again

Category 5: Versioning

Why are there versions, and what do the numbers mean?

NADOVO uses version numbers (e.g. 1.0.0, 1.1.0, 2.0.0) to document changes to AI systems and AI processes traceably. This matters because the EU AI Act requires changes to AI systems to be documented and retained for at least 10 years (Art. 12).

You do not need to worry about the version numbers. NADOVO automatically detects what has changed and suggests a suitable version number. You can simply accept the suggestion.

If you're curious — here's how the logic works:

Change	Example	Version number
Substantial change	Different AI model, different role, different infrastructure	1.0.0 → 2.0.0
Minor change	New responsible person, updated description	1.0.0 → 1.1.0
Minimal change	Correction in the name, notes updated	1.0.0 → 1.0.1

Can I still edit a released AI system or process?

No — and that is by design. A released element represents a reviewed and documented state. If you want to make changes, create a new version:

Click "Create new version" in the action menu
NADOVO creates a copy as a draft
Edit the desired fields
In the last wizard step you see a summary of the changes
Release the new version

The old version is archived automatically. All changes are documented in the audit trail.

Why can't I just overwrite? If an auditor or supervisory authority wants to trace how your AI system was configured 2 years ago, the old state must be available. Versioning makes that possible at any time.

Category 6: Training Management (Phase 4)

Why does the EU AI Act require training?

Article 4 of the EU AI Act regulation obliges companies to ensure that employees using AI systems have sufficient AI competence. NADOVO helps you meet this obligation in a verifiable way.

What you should do:

Plan training for all employees who work with AI systems
Document the execution in NADOVO
Upload training records (certificates, attendance confirmations)
Keep an eye on validity — NADOVO shows you when training expires

Category 7: Incident Management (Phase 5)

What is an AI incident and when do I have to report it?

An AI incident is an event in which an AI system leads to harm or malfunction — for example discriminatory decisions, data protection breaches, or faulty outcomes with real-world effects.

Reporting deadlines under EU AI Act (Art. 72/73):

Severity	Reporting deadline	Example
Critical	2 days	AI system causes significant harm to health or safety
Serious	15 days	AI system systematically makes discriminatory decisions
Minor	15 days	Isolated error without larger effects

NADOVO shows the remaining reporting deadline as a progress bar so you don't miss a deadline.

Category 8: Audit Trail and Documentation

What does NADOVO document automatically?

NADOVO automatically logs all changes to your AI systems, processes, assessments, training, and incidents. You don't have to document anything manually.

What is recorded:

Who changed what, and when
Which fields were changed (old and new value)
Releases and approvals
Status changes (including automatic ones, e.g. through cascading)
Risk classifications and changes to them

Retention: 10 years, as required by EU AI Act Art. 12.

Export: You can export the audit trail as PDF (read-only), CSV or JSON at any time.

Which PDF reports can I generate?

NADOVO offers four report types:

Report	Content	Typical occasion
Compliance overview report	Overview of all AI systems, processes, assessments and their status	Annual compliance review, management report
AI system inventory	Detailed list of all AI systems with models, hosting, responsible persons	Request from a supervisory authority
Training summary	Overview of all training, participants and records	Proof of AI competence (Art. 4)
Risk assessment report	Detailed assessment with risks, measures, FRIA, Human Oversight	Documentation for individual high-risk processes

All reports are AES-256 read-only protected and include an EU AI Act compliance notice.

Category 9: Relationships and Automations

Why do status values change automatically?

NADOVO ensures that your compliance documentation stays consistent. When something changes on an AI system, the linked processes and assessments must be reviewed — this is a requirement of the EU AI Act (Art. 9, Risk Management).

Overview of automatic status changes:

What you do	What NADOVO does automatically	Why
Deactivate AI system	Processes → Paused, Assessments → Review required	System no longer in operation, processes cannot continue
Reactivate AI system	Selected processes → Released again	System is in operation again
Release new version of AI system	Old processes → Paused	Old system was replaced, processes must be moved to the new version
Risk class of a process changes	Assessment → Review required	Risk evaluation was based on the old risk class
Link a new AI system in the process	Assessment → Review required	Risk evaluation was based on the old system

Rule of thumb: When NADOVO changes a status automatically, the platform shows you the next step directly in the overview. Just follow the hints.

How do AI system, process and assessment relate to each other?

The three elements are linked hierarchically:

AI system (e.g. "ChatGPT")
  |
  |-- In operation, v1.2.0
  |
  +-- AI process (e.g. "Customer support")
  |     |
  |     |-- Released, v1.0.0
  |     |
  |     +-- Assessment (risk evaluation)
  |           |-- Approved
  |
  +-- AI process (e.g. "Content creation")
        |
        |-- Draft, v1.0.0

Rule: An AI system must be "In operation" before linked processes can be released. For high-risk processes, an assessment must additionally be approved before the process can be released.

Changes flow top-down: When the AI system changes, processes and assessments are updated automatically. The reverse is not true — a change to the assessment has no impact on the AI system.

Category 10: Tips and Best Practices

How many AI systems does a typical company have?

Most mid-sized companies (50-500 employees) use 5-20 AI systems, often without realising it. Typical examples:

ChatGPT / Claude — Text generation, research, summaries
Microsoft Copilot — Office automation, email drafts
AI-powered HR tools — Application pre-screening, employee analysis
Chatbots — Customer support on the website
AI analytics tools — Sales forecasts, fraud detection
AI translation tools — DeepL, Google Translate in business operations

Tip: Ask around in all departments which AI tools are in use. Often employees use AI tools on their own without IT knowing.

How often should I review my AI compliance?

At least annually — or on the following occasions:

An AI system is updated or replaced
A new AI system is introduced
An AI incident occurs
Regulation changes (new guidelines, implementing regulations)
The area of use of an AI system changes

NADOVO supports you with automatic status changes and the dashboard, which shows you open tasks and critical incidents.

Do I need a lawyer for EU AI Act compliance?

NADOVO does not replace legal advice, but it significantly reduces the need for it:

The automatic risk classification spares you from manually working through the 113 articles and 13 annexes of the regulation
The structured assessments guide you through the regulatory requirements without requiring you to know the legal text in detail
The 10-year documentation ensures your compliance is verifiable at any time

When to bring in a lawyer:

If you use AI systems with a "High-risk" risk level and are unsure whether the classification is correct
If you place AI systems on the market as a provider
If an AI incident with serious consequences occurs

As of April 2026

NADOVO — Frequently Asked Questions (FAQ) ​

Category 1: Getting Started ​

How does NADOVO work? What is the compliance journey? ​

In what order should I proceed? ​

What is the difference between AI system, AI process and assessment? ​

Category 2: AI Systems (Phase 1) ​

What do the different AI system statuses mean? ​

What happens when I deactivate an AI system? ​

What does "Create new version" mean for an AI system? ​

Category 3: AI Processes (Phase 2) ​

What is a risk class and how is it determined? ​

Why can't I release my high-risk process? ​

What does the status "Paused" mean for an AI process? ​

What happens to my assessment when the process is changed? ​

Category 4: Risk Evaluation / Assessment (Phase 3) ​

What is an assessment and when do I need one? ​

What must be included in an assessment for high-risk processes? ​

What does "Review required" mean for an assessment? ​

Category 5: Versioning ​

Why are there versions, and what do the numbers mean? ​

Can I still edit a released AI system or process? ​

Category 6: Training Management (Phase 4) ​

Why does the EU AI Act require training? ​

Category 7: Incident Management (Phase 5) ​

What is an AI incident and when do I have to report it? ​

Category 8: Audit Trail and Documentation ​

What does NADOVO document automatically? ​

Which PDF reports can I generate? ​

Category 9: Relationships and Automations ​

Why do status values change automatically? ​

How do AI system, process and assessment relate to each other? ​

Category 10: Tips and Best Practices ​

How many AI systems does a typical company have? ​

How often should I review my AI compliance? ​

Do I need a lawyer for EU AI Act compliance? ​