Compliance assistants
Microsoft Teams, Slack, Copilot M365, an MCP server, and browser dictation — all surfaces onto the same governed platform. Same tool registry, same role-based access control, same audit log, same human-review gates as the web app. A chat request and a button click run identical, audited logic.
Assistant answer
Yes. Acompli exposes a ReAct-style agent over a governed tool registry — assessments, risks, RoPA, knowledge base, tasks, reporting, research, notifications — through Microsoft Teams, Slack, and a Copilot M365 integration. Higher-level skills bundle the underlying tools into named workflows (clone-and-relaunch, completeness audit, create-and-launch with auto-draft), and the same skills are addressable from web chat, Teams, and Slack.
Every tool carries a minimum-role requirement and many require explicit confirmation before mutating anything. A chat request and a button click run identical, audited logic, under the same role-based access control and confirmation gates. The assistant is a thin facade onto the governed platform — not an independent AI.
Key takeaways
Same role hierarchy, same legal-entity and business-unit scope, same human-review gates as the web app. The agent cannot escalate privileges or complete a mutating action without explicit confirmation.
The in-app tool registry is re-exposed to Microsoft 365 Copilot, and an MCP server is provided for compatible runtimes. Same scoping, same audit, same review gates.
Browser dictation transcription is live. Meeting minutes surface extracts AI-suggested action items from transcripts. Realtime conversational voice is intentionally disabled — treated as roadmap, not live.
Grounded in your own knowledge base, every drafted claim carries a grounding score and review-priority flag, every mutating action passes through the platform's RBAC and human-review gates. A surface onto the governed platform — not an independent AI.
Where it lives
Each conversational and agentic surface is a transport over the same underlying tool registry. The agent's tools call the same service singletons and the same drafting-and-grounding pipeline as the UI; they read and write the same records and knowledge base; they enforce the same role hierarchy and confirmation gates; and they emit to the same audit and observability layer.
ReAct-style agent in the Acompli web app. Tool registry covers assessments, risks, RoPA, knowledge base, tasks, reporting, research, and notifications. Skills bundle these into named workflows.
Channel gateway exposes the same skills inside Teams and Slack. Commands and notifications route through the shared orchestrator and inherit identical role gates.
Copilot API plus an MCP server re-expose an RBAC-filtered slice of the tool registry to Microsoft 365 Copilot and compatible agent runtimes. Thin facade over existing service singletons.
Live dictation transcription across the platform. Meeting minutes surface extracts AI-suggested action items from transcribed meetings for human review.
Realtime conversational voice (a back-and-forth voice agent) is intentionally disabled — roadmap, not live. The MCP server degrades gracefully if its optional dependency is absent.
Every assistant action passes through the same five-layer spine that governs every other module — same knowledge base, same identity / legal-entity / business-unit RBAC, same AI pipeline, same immutable audit log, same reporting rollup. This is what keeps GDPR accountability under Article 5(2) and EU AI Act human-oversight expectations demonstrable to the DPC (Ireland) and the ICO (UK), whichever surface the work started from.
Each tool carries a minimum role from the 8-level role hierarchy. The agent cannot call a tool a user's role does not allow; the role check happens at the same layer as the web app's role check.
Many tools require explicit confirmation before they mutate anything. The confirmation is rendered to the user in their surface (Teams card, Slack message, web chat) and the action only proceeds on a positive response.
Every query the agent makes is filtered by the user's effective legal-entity and business-unit scope — the same scoping predicate enforced everywhere. The agent cannot see or act on records outside that scope.
Drafted answers, extracted risks, generated RoPA records, and report narratives are grounded in the organisation's own KB (real systems, third parties, locations, prior approved precedents) — not generic boilerplate. Each claim carries a grounding score and a review-priority flag.
Every agent run writes a durable provenance record (agent steps, token usage, grounding summary) to the same immutable audit log that captures every UI action. An admin can review what the assistant did, by whom, with the same trail as any other operator.
Stage-chains (draft → enhancement → risk extraction → RoPA generation) pause at human-review gates. A reviewer's approval is the only thing that unblocks privileged downstream generation — whether the chain was kicked off from Teams, Slack, the web app, or Copilot.
Difference
A generic chatbot answers from a model and a knowledge file. The Acompli assistant is a governed surface onto the platform — the same RBAC, immutable audit log and human-review gates that the DPC or ICO would expect to see behind any compliance action.
For the GDPR / EU AI Act seam — how completed assessments feed an Article 30 RoPA, and how data processing flags AI systems for Annex III review — see Assessments, EU AI Act, and when the EU AI Act applies in Ireland.
Regulatory signals
Selected GDPR and EU AI Act news from acompli.ie — implementation timelines, regulator guidance, enforcement, and cross-border effects.
The third annual ENISA NIS360 assessment reveals that while cybersecurity maturity is improving across EU critical sectors, seven sectors - including health, public administration, and water - remain in a risk zone where their importance to society exceeds their cyber readiness.
Read update →The European Data Protection Board has published the first EU-wide harmonized template for Data Protection Impact Assessments, aiming to replace the patchwork of national formats and bring consistency to one of the GDPR's most important compliance tools.
Read update →European data protection authorities imposed €68.18 million in GDPR fines in the first quarter of 2026 - nearly five times the €13.8 million recorded in Q1 2025 - with France and the United Kingdom accounting for 94% of the total.
Read update →Practical questions about Teams, Slack, Copilot M365, MCP, dictation, RBAC, and audit controls.
Yes. Acompli exposes a ReAct-style agent over a governed tool registry — assessments, risks, RoPA, knowledge base, tasks, reporting, research, notifications — through Microsoft Teams, Slack, and a Copilot M365 integration. A user asking the assistant a question and a user clicking a button in the web app run identical, audited logic. Mutating actions require the same role and the same explicit confirmation regardless of which surface the request came from.
Every tool in the Acompli assistant registry carries a minimum-role requirement enforced by the same role-based access control that gates the web app. The agent cannot bypass legal-entity or business-unit scope, cannot escalate privileges, and cannot complete a mutating action without the explicit confirmation gates configured per tool. Every agent run emits to the same immutable audit log as a UI action — so an admin can review what the assistant did, by whom, with the same trail as any other operator.
Yes. The same tool registry the in-app agent uses is re-exposed to Microsoft 365 Copilot, and an MCP server is provided for compatible Copilot and agent runtimes. The integration is a thin facade over existing platform services — Copilot queries and writes resolve through the same scoping, the same human-review gates, and the same audit spine that govern every other surface.
Yes. Browser-based dictation transcription is live across the platform, and a meeting-minutes surface extracts action items from a transcribed meeting. Realtime conversational voice (a back-and-forth voice agent) is intentionally disabled today and treated as roadmap — dictation transcription is the live capability; conversational voice is not.
Higher-level skills bundle the underlying tool registry into named workflows — clone-and-relaunch an assessment, run a completeness audit, create-and-launch with auto-draft, request indexing of a register entry. The same skills are addressable from web chat, Teams, and Slack. Skills inherit the role gate of every tool they wrap, so the Slack surface cannot do more than the user could do in the web app.
A generic chatbot answers from a model and a knowledge file. The Acompli assistant runs on the same drafting and grounding pipeline as the rest of the platform — every claim is grounded in the organisation's own knowledge base (real systems, third parties, prior approved precedents), every drafted answer carries a grounding score and a review-priority flag, and every mutating action passes through the same RBAC and human-review gates as a UI action. The assistant is a surface onto the governed platform, not an independent AI.
Ja. Acompli stellt einen agentischen Assistenten über ein kontrolliertes Werkzeugregister bereit — Bewertungen, Risiken, RoPA, Wissensbasis, Aufgaben, Berichte, Recherche, Benachrichtigungen — erreichbar über Microsoft Teams, Slack und eine Integration mit Microsoft 365 Copilot. Eine Anfrage an den Assistenten und ein Klick im Web-Frontend führen dieselbe, auditierte Logik aus. Schreibende Aktionen verlangen dieselbe Rolle und dieselben expliziten Bestätigungsschritte, unabhängig vom Aufrufkanal.
Jedes Werkzeug im Acompli-Assistenten-Register trägt eine minimale Rollenanforderung, die über dieselbe rollenbasierte Zugriffskontrolle (RBAC) durchgesetzt wird wie das Web-Frontend. Der Agent kann die Rechtseinheits- oder Geschäftsbereichs-Abgrenzung nicht umgehen, keine Rechte eskalieren und keine schreibende Aktion ohne die explizit konfigurierten Bestätigungsschritte abschließen. Jeder Agentenlauf landet im gleichen unveränderlichen Audit-Log wie eine UI-Aktion — ein Admin kann nachvollziehen, was der Assistent getan hat, durch wen, mit derselben Spur wie für jeden anderen Operator.
Ja. Dasselbe Werkzeugregister, das der In-App-Agent verwendet, wird auch Microsoft 365 Copilot zur Verfügung gestellt, und für kompatible Copilot- und Agenten-Laufzeiten steht ein MCP-Server bereit. Die Integration ist eine dünne Fassade über bestehende Plattformdienste — Copilot-Anfragen und Schreibvorgänge laufen durch dieselbe Abgrenzung, dieselben menschlichen Prüfschritte und dieselbe Audit-Grundlage, die alle anderen Oberflächen steuern.
Ja. Browserbasierte Diktattranskription ist plattformweit live, und eine Besprechungsprotokoll-Oberfläche extrahiert Aktionspunkte aus einer transkribierten Besprechung. Echtzeit-Sprachagenten (ein dialogischer Sprachassistent) sind heute bewusst deaktiviert und werden als Roadmap behandelt — Diktattranskription ist die Live-Funktion; dialogische Sprache nicht.
Oui. Acompli expose un assistant agentique sur un registre d'outils gouvernés — évaluations, risques, RoPA, base de connaissances, tâches, reporting, recherche, notifications — accessible via Microsoft Teams, Slack et une intégration Microsoft 365 Copilot. Une demande à l'assistant et un clic dans l'application web exécutent une logique identique et auditée. Les actions modificatrices exigent le même rôle et les mêmes étapes de confirmation explicites, quel que soit le canal d'appel.
Chaque outil du registre de l'assistant Acompli porte une exigence de rôle minimum appliquée par le même contrôle d'accès basé sur les rôles (RBAC) que l'application web. L'agent ne peut contourner le périmètre d'entité juridique ou d'unité commerciale, escalader des privilèges, ou compléter une action modificatrice sans les étapes de confirmation configurées. Chaque exécution de l'agent émet vers le même journal d'audit immuable qu'une action UI.
Oui. Le même registre d'outils utilisé par l'agent intégré est réexposé à Microsoft 365 Copilot, et un serveur MCP est fourni pour les runtimes Copilot et d'agents compatibles. L'intégration est une façade fine sur les services existants — les requêtes et écritures Copilot passent par le même périmètre, les mêmes contrôles de revue humaine et la même base d'audit que toutes les autres surfaces.
Oui. La transcription de dictée dans le navigateur est en production, et une surface de comptes rendus de réunion extrait des actions à partir d'une réunion transcrite. L'agent vocal conversationnel en temps réel (un assistant vocal bidirectionnel) est intentionnellement désactivé aujourd'hui et traité comme feuille de route — la transcription de dictée est la capacité en production ; la voix conversationnelle ne l'est pas.
Ja. Acompli stelt een agentische assistent beschikbaar via een beheerd toolregister — beoordelingen, risico's, verwerkingsregister (VVT), kennisbank, taken, rapportage, onderzoek, meldingen — bereikbaar via Microsoft Teams, Slack en een Microsoft 365 Copilot-integratie. Een vraag aan de assistent en een klik in de webapp voeren dezelfde gecontroleerde logica uit. Wijzigende acties vereisen dezelfde rol en dezelfde expliciete bevestigingsstappen, ongeacht het kanaal.
Elke tool in het Acompli-assistentregister draagt een minimale rolvereiste die wordt afgedwongen door dezelfde rolgebaseerde toegangscontrole (RBAC) als de webapp. De agent kan het rechtspersoon- of business-unit-bereik niet omzeilen, geen rechten escaleren en geen wijzigende actie afronden zonder de geconfigureerde bevestigingsstappen. Elke uitvoering komt in hetzelfde onveranderlijke auditlog terecht als een UI-actie.
Teams, Slack, Copilot M365, MCP, and dictation — all on the same governed platform, with the same human-review gates. Talk to us about deployment for your organisation.
