Shadow AI is everywhere.
Prove you're governing it.

Discover which AI tools your team uses, enforce your approved list, and export audit-ready compliance evidence. No content surveillance.

Talk to us See how it works
Aug 2, 2026 — AI Act deadline 77% paste data into AI 60%+ SMEs unprepared
allowed 0
warned 0
blocked 0
The Problem

Shadow AI is the default. Compliance is not.

The HR manager

Klara pastes 140 candidate CVs — including disability status and nationality — into her personal ChatGPT to rank applicants. No DPA, no consent, no audit trail. One incident triggers GDPR Art. 9 and AI Act Annex III.

The developer

Max debugs a customer API integration by pasting error logs into Claude. The logs contain API keys, customer email addresses, and OAuth tokens. Credential exposure + GDPR breach. No evidence that controls existed.

The finance controller

Anna uploads vendor contracts and revenue forecasts to ChatGPT for summarization. Named counterparties, payment terms, commercial secrets. No approved workflow, no retention controls.

These aren't hypothetical. They happened at Samsung within 20 days of allowing ChatGPT.

The Product

See it. Control it. Prove it.

Discover

Which AI tools are your employees actually using? A lightweight browser extension detects usage across ChatGPT, Claude, Gemini, Copilot, and 40+ AI tools. Living inventory — updated in real time.

Control

Set your approved tool list. New tools default to a friendly coaching notice: "This isn't on your approved list yet. Request access or use an approved alternative." Blocking is opt-in, not default.

Prove

Timestamped, checksummed compliance evidence. AI tool inventory, policy decision logs, training records, readiness scorecard. One-click export as PDF + JSON.

Report

Weekly "Monday morning" report per organization: new tools detected, unapproved usage, readiness score changes, recommended actions. Designed for MSPs to white-label.

Trust

We see where your team goes. We never see what they say.

What we collect

Destination domain (chatgpt.com, claude.ai, etc.)
Timestamp
Pseudonymized user identifier
Policy decision (allowed / warned / blocked)

What we never collect

Prompt content
Clipboard or file uploads
Page titles or full URLs
Keystrokes or screenshots
Any content whatsoever
VetoShield is metadata-only by design. This isn't a future promise — it's an architectural decision. The browser extension doesn't request content access permissions. You can verify this in the Chrome Web Store listing.
EU-First

Not US DLP with a GDPR sticker.
Built in the EU, for the EU.

Works council ready

Ships with a draft Betriebsvereinbarung, employee notification templates, and DPIA starter. Deployment doesn't die in legal review.

EU data residency

All data stored and processed in AWS Frankfurt. No transatlantic transfers.

Jurisdiction-aware templates

AI Acceptable Use Policy, risk classification wizard, and compliance evidence mapped to AI Act articles — in German, Dutch, and English.

For You

Built for the companies every enterprise vendor ignores.

For Partners

For MSPs

You manage IT for 20-50 SME clients. Every meeting now includes "what should we do about AI?" VetoShield gives you a multi-tenant dashboard, white-label weekly reports, and a new recurring revenue line. Deploy to a client in 15 minutes via your existing RMM.

EUR 5-6/user/month wholesale
"AI governance as a managed service."
Direct

For IT leads and office managers

You're the person who got told "make sure we're covered." You don't have a compliance team. VetoShield gives you a browser extension your employees won't notice, a policy your DPO can sign off on, and an evidence pack for the next time an auditor, insurer, or enterprise client asks.

EUR 8-12/user/month. Annual billing. No MDM required.
Timeline

The deadline is real.

Feb 2025
AI literacy obligations active
Aug 2025
GPAI governance obligations
Today
Feb 2026
Aug 2, 2026
Most AI Act obligations apply

The AI Act isn't coming. It's here. Most obligations apply in . The question isn't whether you'll comply — it's whether you can prove it when someone asks.

Fines: up to EUR 35M / 7% turnover for prohibited practices. Up to EUR 15M / 3% for other AI Act breaches. GDPR fines apply independently — they stack.

Pricing

One product. Simple pricing. No surprises.

For Partners

MSP Partners

EUR 5-6
per user / month (wholesale)
  • Multi-tenant dashboard
  • White-label weekly reports
  • Bulk policy templates
  • NFR license for your team (up to 50 users)
  • Partner onboarding support
Become a partner

Direct

EUR 8-12
per user / month
  • Full dashboard access
  • All compliance exports
  • AI policy + legal template pack
  • Email support
Get started

Annual billing default. 10% discount for annual commitment. No per-feature gating — every customer gets everything.

Questions

Frequently asked

VetoShield collects metadata only (which AI domains employees visit), not content. This is comparable to existing web filtering and security tooling. However, in Germany and the Netherlands, even metadata monitoring can require works council consultation depending on your specific setup. We ship a draft Betriebsvereinbarung and employee notification templates to streamline this process. We recommend reviewing with your legal counsel.
Purview requires E5 licensing (EUR 50+/user/month), covers only Microsoft tools (Copilot), and doesn't generate AI Act-specific compliance evidence. VetoShield covers 40+ AI tools across providers, costs a fraction, deploys in minutes without MDM, and produces the evidence artifacts regulators and enterprise clients actually ask for.
In v1, we detect standalone AI tools accessed via known domains. Embedded AI features that route through first-party domains (e.g., Notion AI appearing as notion.so) are not distinguishable at the domain level and are out of scope for v1. We're transparent about this — and it's on our roadmap.
Yes, always. Transparency is non-negotiable — both legally and culturally. Employees see a small coaching notice when they visit an unapproved AI tool, and they can see their own usage in a personal dashboard. We provide employee communication templates in German, Dutch, and English.
Domain-level metadata only (which AI tool, when, pseudonymized user ID, policy decision). No prompts, no content, no files. All data stored in AWS Frankfurt (eu-central-1). Our own DPA and sub-processor list are available on request.
Yes, but it's opt-in and not our recommended default. We default to "warn" mode — a coaching notice that guides employees to approved alternatives. Blocking is available per tool for organizations that need it. We include a deployment checklist covering works council consultation requirements where applicable.