EU AI Act · Sanctions from Q3 2026

Discover what's really happening inside your organization.

Before you can govern AI, you need to see it. Metrica finds shadow AI, maps compliance gaps, and turns guessing into evidence — in days, not quarters.

Start Free Assessment→ See how it works

No credit card · Results in under a week · SOC 2 · GDPR

Discovery · ACME Corp · Live APR 19, 2026 · 14:32 UTC

AI Footprint

47 tools · 12 depts

23 of these were unknown to IT before this assessment started.

Marketing

9 tools · 2 high-risk

Customer Support

7 tools · 3 high-risk

Legal

4 tools · 1 medium

Engineering

12 tools · 2 medium

Finance

3 tools · 0 high-risk

5 tools · 1 medium

Flagged gaps

8 critical

Ranked by severity against your active frameworks.

CRITICAL No DPIA for CV screening tool GDPR Art. 35

CRITICAL High-risk AI, no human oversight EU AI Act Art. 14

MEDIUM Vendor processes PII, no DPA GDPR Art. 28

MEDIUM Training data lineage unknown ISO 42001

LOW Policy not acknowledged by 3 staff Internal

The problem

You can't govern what you haven't found.

Most AI inside organizations was never procured, approved, or logged. By the time auditors ask, you're reconstructing it from Slack threads and invoice trails. There's a better way.

The tools people actually use

Procurement has one list. Reality has another. The gap is usually 4×.

Where AI runs unsupervised

Copy-pasted prompts in free-tier accounts. No audit trail. Real customer data.

Policies nobody follows

A policy that nobody acknowledges is a policy that nobody enforces.

Vendors without due diligence

One signed DPA, twelve sub-processors. Your audit chain stops at vendor #1.

How it works

From blind spots to action, in three steps.

Start in minutes, not weeks. No SDK, no integration project, no six-month rollout. Just answers.

Launch a Discovery

Send a guided survey — or an AI-led conversation — to the teams doing the work. They tell you what tools, systems, and data they actually touch.

See the real picture

Findings auto-map to EU AI Act, GDPR, NIS2, ISO 42001. Severity ranked, owner suggested, evidence attached.

Act on what matters

A prioritized plan, executive-ready reports, and a clear path from first discovery to continuous compliance.

métrica · Discover

See what your organization is really doing — and what risks it creates.

Discover is the entry point. Eight capabilities that turn a survey into a compliance-grade map of your AI estate.

Guided discovery surveys

Structured questionnaires that reach every team and department.

AI-powered conversations

Advanced mode: a chat with AI that digs deeper and detects hidden risks.

Automatic risk mapping

Responses map to regulatory frameworks the moment they arrive.

Gap analysis

A clear view of where you comply, where you don't, and what's missing.

Risk classification

AI systems categorized by risk level under the EU AI Act.

Prioritized action plans

Know what to fix first based on regulatory urgency and real impact.

Maturity assessment

Not pass/fail. Understand how mature your posture actually is.

Executive reports

PDF-ready for boards, auditors, and regulators. In one click.

Mapped out-of-the-box against

EU AI ActGDPRNIS2DORAISO 27001ISO 42001CRAENS

The path forward

Start free. Hand off the heavy lifting to a partner.

01 · START HERE

métrica Discover

Tells you what's happening. Finds the AI. Maps the risk. Fast. Free.

02 · WHEN YOU'RE READY

métrica ECIJA

Our legal partner takes Discovery findings and turns them into real implementation: policies, controls, evidence, audits, and ongoing compliance work.

03 · OPERATIONAL LAYER

métrica Control

Orders IT operations — equipment, support, vendors, budgets.

Start Free Assessment→ Talk to ECIJA

Your first assessment

What you walk away with.

Not a PDF full of maybes. Artifacts your legal team, your board, and your auditor will actually use.

Compliance score

A single number the board understands.

Gap report with severity

Every finding, ranked, with its source.

Risk register

Structured, exportable, audit-ready.

Maturity assessment

Baseline to track against.

Prioritized remediation plan

What to fix first, who owns it.

Executive PDF

Ready to drop into the next board deck.

Our primary partner

Implementation delegated to ECIJA.

The free Discovery findings don't sit in a PDF: ECIJA, a leading EU tech law firm, picks up every qualified lead and delivers implementation, audit and ongoing compliance work. You run the assessment; they do the legal heavy lifting.

See how the ECIJA referral works →

1×

Primary legal partner: ECIJA.

100%

Of the paid compliance services are delivered by ECIJA, not Metrica.

Markup on your side. You pay ECIJA exactly what ECIJA charges — Metrica adds no margin. The referral commission is paid by ECIJA, not by you.

You can't fix what you haven't found.

Start with a free discovery assessment. See what's really happening in your organization — and what you need to do about it.

Start Free Assessment→ See pricing