In-app agent (web)
ReAct-style agent in the Acompli web app, working over the governed tool registry (assessments, risks, RoPA, and more). Skills bundle these into named workflows.
Compliance assistants
Work from Microsoft Teams, Slack, Copilot M365 and the web app with the same role controls, confirmation gates and audit trail. All four are surfaces onto the same governed Acompli platform. AI helps teams draft, search and route work, while accountable people approve the record.
Assistant answer
Yes. Acompli exposes a ReAct-style agent over a governed tool registry — assessments, risks, RoPA, knowledge base, tasks, reporting, research, notifications — through Microsoft Teams, Slack, and a Copilot M365 integration. Higher-level skills bundle the underlying tools into named workflows (clone-and-relaunch, completeness audit, create-and-launch with auto-draft), and the same skills are addressable from web chat, Teams, and Slack. The assistant is a thin facade onto the governed platform — not an independent AI.
Key takeaways
Where it lives
Each conversational and agentic surface is a transport over the same underlying tool registry. The agent's tools call the same service singletons and the same drafting-and-grounding pipeline as the UI; they read and write the same records and knowledge base; they enforce the same role hierarchy and confirmation gates; and they emit to the same audit and observability layer. In Acompli, the surface is only the transport — the governance lives in the tool registry underneath.
ReAct-style agent in the Acompli web app, working over the governed tool registry (assessments, risks, RoPA, and more). Skills bundle these into named workflows.
Channel gateway exposes the same skills inside Teams and Slack. Commands and notifications route through the shared orchestrator and inherit identical role gates.
Copilot API plus an MCP server re-expose an RBAC-filtered slice of the tool registry to Microsoft 365 Copilot and compatible agent runtimes. Thin facade over existing service singletons.
Live dictation transcription across the platform. Meeting minutes surface extracts AI-suggested action items from transcribed meetings for human review.
Every assistant action passes through the same five-layer spine that governs every other module — same knowledge base, same identity / legal-entity / business-unit RBAC, same AI pipeline, same immutable audit log, same reporting rollup. This is what keeps GDPR accountability under Article 5(2) and EU AI Act human-oversight expectations demonstrable to the DPC (Ireland) and the ICO (UK), whichever surface the work started from. Here is what that spine enforces on every run.
Last reviewed: 10 June 2026. See how the platform works · EU AI Act governance.
Each tool carries a minimum role from the 8-level role hierarchy. Acompli's agent cannot call a tool a user's role does not allow; the role check happens at the same layer as the web app's role check.
Many tools require explicit confirmation before they mutate anything. The confirmation is rendered to the user in their surface (Teams card, Slack message, web chat) and the action only proceeds on a positive response.
Every query Acompli's agent makes is filtered by the user's effective legal-entity and business-unit scope — the same scoping predicate enforced everywhere. The agent cannot see or act on records outside that scope.
Drafted answers, extracted risks, generated RoPA records, and report narratives are grounded in the organisation's own KB (real systems, third parties, locations, prior approved precedents) — not generic boilerplate. Each claim carries a grounding score and a review-priority flag.
Every agent run writes a durable provenance record (agent steps, token usage, grounding summary) to the same immutable audit log that captures every UI action. An admin can review what the assistant did, by whom, with the same trail as any other operator.
Stage-chains (draft → enhancement → risk extraction → RoPA generation) pause at human-review gates. A reviewer's approval is the only thing that unblocks privileged downstream generation — whether the chain was kicked off from Teams, Slack, the web app, or Copilot. Acompli records that approval on the chain itself, so the audit trail shows who unblocked each step, and from which surface.
Difference
A generic chatbot answers from a model and a knowledge file. The Acompli assistant is a governed surface onto the platform — the same RBAC, immutable audit log and human-review gates that the DPC or ICO would expect to see behind any compliance action.
Evaluation checklist
For the GDPR / EU AI Act seam — how completed assessments feed an Article 30 RoPA, and how data processing flags AI systems for Annex III review — see Assessments, EU AI Act, and when the EU AI Act applies in Ireland.
The Acompli assistant operates over the same registers as the rest of the platform — explore the category pillars for DPIA software, DSAR software, and vendor risk management software.
Acompli compliance assistants are included with the Acompli platform. See Acompli pricing.
Regulatory signals
Selected GDPR and EU AI Act news from acompli.ie — implementation timelines, regulator guidance, enforcement, and cross-border effects.
The Irish High Court has upheld the Data Protection Commission's €530 million fine against TikTok over the transfer of EEA user data to China and related transparency failures, confirming one of the largest GDPR penalties on record while allowing a narrow appeal on the size of the fine to proceed.
Read update →Novo Nordisk has disclosed a security incident in which attackers copied personal data from internal systems, including pseudonymised clinical trial data covering biomarkers and lifestyle factors, and directly identifying information about healthcare professionals - a breach that illustrates the layered sensitivity of health-sector data.
Read update →A compromise of market intelligence platform Klue allowed attackers to steal OAuth tokens connecting customer Salesforce environments, exposing business data across numerous organisations including Tanium, Gong, Huntress, and LastPass - a textbook SaaS supply-chain attack built on a forgotten legacy credential.
Read update →Assistant FAQ
Practical questions about Teams, Slack, Copilot M365, MCP, dictation, RBAC, and audit controls.
Teams, Slack, Copilot M365, MCP, and dictation — all on the same governed platform, with the same human-review gates. Talk to us about deployment for your organisation.