Skip to content
Rekognise
Worked examples

From discovery to verdict, four ways

Real Annex III categories, real connector flows, real evidence-pack outputs. Every flow is reproducible in a 30-minute demo.

Bank · CEE

Bank in CEE adopting Copilot

Minimal risk

Discover GitHub Copilot seats, classify as MINIMAL_RISK with the documentation a regulator expects.

  1. Connect GitHub & M365

    Read-only OAuth on the bank's GitHub Enterprise org and Microsoft 365 tenant pulls Copilot seat assignments and admin policies.

  2. Discover seats

    Rekognise enumerates 142 GitHub Copilot Business seats and 38 Copilot for M365 seats, mapped to active directory users.

  3. Classify against Annex III

    Generic developer productivity does not fall under any Annex III high-risk category. The rule book returns MINIMAL_RISK with a cited rationale.

  4. Document & sign off

    Two reviewers approve the verdict. The PDF evidence pack records the scan, the classification, the citation, and the reviewer signatures.

Fintech · Warsaw

Fintech using OpenAI for credit scoring

High risk

High-risk classification with the full Annex III obligation map.

  1. Connect OpenAI org

    OpenAI organisation API key (read-only) lets Rekognise enumerate projects, deployed models and per-project usage.

  2. Detect credit-scoring use

    System facts show GPT-4o is used in a credit-decision microservice. Annex III point 5 — access to essential private services — applies.

  3. Surface obligations

    Risk management system, data governance, technical documentation, transparency, human oversight, accuracy & robustness, post-market monitoring — all obligations rendered as a checklist.

  4. Track to evidence pack

    Each obligation becomes a workstream with status, owner and last-updated timestamp. The evidence pack includes the obligation matrix.

HR-tech · Prague

HR-tech screening CVs

High risk

Annex III point 4 (employment) — high-risk with strict documentation duties.

  1. Connect Anthropic & Azure

    Anthropic workspace and Azure OpenAI endpoint inventory show the model serving the CV-ranking pipeline.

  2. Map to Annex III point 4

    Recruitment, selection, promotion and termination decisions are explicitly listed as high-risk. Verdict: HIGH_RISK with the precise sub-point cited.

  3. Bias monitoring scaffolding

    Rekognise generates the data-governance template required by Article 10 and the bias-monitoring schedule required for Annex III point 4.

  4. Reviewer sign-off

    AI compliance officer countersigns. The system is now visible in the regulator-facing inventory with all Article 11 technical documentation slots filled.

Insurance · Budapest

Insurance using AWS Bedrock for claims triage

Discovered passively

Passive CloudTrail discovery surfaces a system the IT team didn't know existed; verdict approval flow handles it.

  1. Passive CloudTrail mining

    No one configured a Bedrock connector. CloudTrail still shows InvokeModel calls from a claims-processing Lambda — Rekognise flags the system.

  2. Auto-create system record

    A draft AI system record is created with provenance: 'Passive discovery via CloudTrail, account 84xxxx, function claims-triage-v3, 14,302 invocations / 30 days'.

  3. Owner triage

    The platform team is paged. They confirm the use case, attach the model card, and propose a HIGH_RISK verdict (Annex III — insurance pricing).

  4. Approval & evidence

    Reviewer 2 approves. Evidence pack and CSV row are generated. The shadow-AI count drops by one and the inventory is once again complete.

Your use case isn't here?

The Annex III rule book covers all ten high-risk categories — biometrics through democratic processes. Tell us your scenario and we'll walk through the verdict path with you.

Book a scenario walkthrough