Your team uses AI every day.
Do you know what it costs you?

VetoShield gives IT leaders central visibility into AI tool usage, enforces your approved tool list, and generates the compliance evidence auditors actually ask for. Built on the same local-first extension trusted by individual users.

Talk to us See what you get
Aug 2, 2026 — EU AI Act deadline 55+ AI tools covered No MDM required
The Problem

Shadow AI is the default. Compliance is not.

The HR manager

Klara pastes 140 candidate CVs — including disability status and nationality — into her personal ChatGPT to rank applicants. No DPA, no consent, no audit trail. One incident triggers GDPR Art. 9 and AI Act Annex III.

The developer

Max debugs a customer API integration by pasting error logs into Claude. The logs contain API keys, customer email addresses, and OAuth tokens. Credential exposure + GDPR breach. No evidence that controls existed.

The finance controller

Anna uploads vendor contracts and revenue forecasts to ChatGPT for summarization. Named counterparties, payment terms, commercial secrets. No approved workflow, no retention controls.

These aren't hypothetical. They happened at Samsung within 20 days of allowing ChatGPT.

What You Get

See it. Control it. Prove it.

Discover

Which AI tools are your employees actually using? A lightweight browser extension detects usage across ChatGPT, Claude, Gemini, Copilot, and 55+ AI tools. Living inventory — updated in real time.

Control

Set your approved tool list centrally. New tools default to a friendly coaching notice: "This isn't on your approved list yet. Request access or use an approved alternative." Blocking is opt-in, not default.

Prove

Timestamped, checksummed compliance evidence. AI tool inventory, policy decision logs, and training records. One-click export as CSV + JSON for auditors and enterprise clients.

Report

Admin dashboard with organization-wide visibility: tools detected, policy compliance, seat activity, and liveness tracking. Designed for IT leads managing AI risk across teams.

Trust

We see where your team goes. We never see what they say.

What we collect

Destination domain (chatgpt.com, claude.ai, etc.)
Timestamp
Pseudonymized user identifier
Policy decision (allowed / warned / blocked)

What we never collect

Prompt content
Clipboard or file uploads
Page titles or full URLs
Keystrokes or screenshots
Any content whatsoever
VetoShield is metadata-only by design. This isn't a future promise — it's an architectural decision. The browser extension doesn't request content access permissions. You can verify this in the Chrome Web Store listing.
EU AI Act

Not US DLP with a GDPR sticker.
Built in the EU, for the EU.

Works council ready

Ships with a draft Betriebsvereinbarung, employee notification templates, and DPIA starter. Deployment doesn't die in legal review.

EU data residency

All synced data stored and processed in the EU. No transatlantic transfers.

Jurisdiction-aware templates

AI Acceptable Use Policy, risk classification guidance, and compliance evidence mapped to AI Act articles — in German, Dutch, and English.

Timeline

The deadline is real.

Feb 2025
AI literacy obligations active
Aug 2025
GPAI governance obligations
Today
Mar 2026
Aug 2, 2026
Most AI Act obligations apply

The AI Act isn't coming. It's here. Most obligations apply in . The question isn't whether you'll comply — it's whether you can prove it when someone asks.

Fines: up to EUR 35M / 7% turnover for prohibited practices. Up to EUR 15M / 3% for other AI Act breaches. GDPR fines apply independently — they stack.

For You

Built for the companies every enterprise vendor ignores.

For Partners

MSPs and IT service providers

You manage IT for 20-50 SME clients. Every meeting now includes "what should we do about AI?" VetoShield gives you a multi-tenant dashboard, weekly reports, and a new recurring revenue line. Deploy to a client in 15 minutes via your existing RMM.

"AI governance as a managed service."
Direct

IT leads and office managers

You're the person who got told "make sure we're covered." You don't have a compliance team. VetoShield gives you a browser extension your employees won't notice, a policy your DPO can sign off on, and an evidence pack for the next time an auditor, insurer, or enterprise client asks.

Pricing

One product. Simple pricing. No surprises.

Free during early access
For Partners

MSP Partners

EUR 5-6
per user / month (wholesale) — free during early access
  • Multi-tenant dashboard
  • Weekly reports per client
  • Bulk policy templates
  • NFR license for your team (up to 50 users)
  • Partner onboarding support
Become a partner

Direct

EUR 8-12
per user / month — free during early access
  • Full dashboard access
  • All compliance exports
  • AI policy + legal template pack
  • Email support
Get early access

Free during early access — no credit card required. Pricing above applies after launch. No per-feature gating — every customer gets everything.

Questions

Frequently asked

VetoShield collects metadata only (which AI domains employees visit), not content. This is comparable to existing web filtering and security tooling. However, in Germany and the Netherlands, even metadata monitoring can require works council consultation depending on your specific setup. We ship a draft Betriebsvereinbarung and employee notification templates to streamline this process. We recommend reviewing with your legal counsel.
Purview requires E5 licensing (EUR 50+/user/month), covers only Microsoft tools (Copilot), and doesn't generate AI Act-specific compliance evidence. VetoShield covers 55+ AI tools across providers, costs a fraction, deploys in minutes without MDM, and produces the evidence artifacts regulators and enterprise clients actually ask for.
We detect standalone AI tools accessed via known domains. Embedded AI features that route through first-party domains (e.g., Notion AI appearing as notion.so) are not distinguishable at the domain level. We're transparent about this — and it's on our roadmap.
Yes, always. Transparency is non-negotiable — both legally and culturally. Employees see a coaching notice when they visit an unapproved AI tool, and they can see their own usage in a personal dashboard. We provide employee communication templates in German, Dutch, and English.
Domain-level metadata only (which AI tool, when, pseudonymized user ID, policy decision). No prompts, no content, no files. All data stored in the EU. Our DPA and sub-processor list are available on request.
Yes, but it's opt-in and not our recommended default. We default to "warn" mode — a coaching notice that guides employees to approved alternatives. Blocking is available per tool for organizations that need it. We include a deployment checklist covering works council consultation requirements where applicable.