Compliance Monitor
Legally Compliant Data Transfer with AI
Data spaces offer great innovation potential — but often lack straightforward ways to ensure legal compliance. The AI-powered compliance monitoring solution by MISSION KI and Xayn closes this gap: A specialized language model alerts data providers and recipients in real time to potential legal risks in data transfer — transparent, efficient, and freely available as open source under the MIT license.
The Challenge
A Regulatory Patchwork Meets Manual Processes
Data spaces enable secure, cross-sector data sharing — but ensuring legal compliance remains a key challenge. Organizations must make sure that all applicable regulations, contracts, and data protection policies are followed — often at significant time and resource costs.
To date, compliance checks are mostly manual, technically demanding, and not user-friendly. Particularly challenging is the multitude of regulatory requirements that must be considered when providing or using data — including EU regulations like the GDPR, DGA, or AI Act, national laws, industry-specific guidelines, and internal company policies.
This complexity meets a variety of technical implementation models, such as peer-to-peer frameworks or self-sovereign identity. While this diversity opens up new opportunities, it also demands flexible and interoperable compliance processes. Especially in highly regulated sectors like healthcare or finance, non-compliance risks not only damaging trust but may also lead to sanctions.
Our Solution
AI-Powered Real-Time Compliance Checking
Together with the Berlin-based AI startup Xayn, MISSION KI has developed a specialized language model trained on European data law requirements (including GDPR, Data Act, DORA). The model takes individual contracts into account, analyzes data transfers for approvals and policies, and flags potential risks or violations in real time.
This gives organizations a tool that automates compliance checks, boosts the efficiency of legal departments, and significantly simplifies the use of data spaces.
The language model is based on LLaMA 3.1 with 70 billion parameters and was trained on Deutsche Telekom’s cloud infrastructure. The application pipeline offers both chat and API access — and is fully open source.
"Our goal is to make AI not only powerful, but also trustworthy and legally compliant.
Our collaboration with MISSION KI shows how regulation and innovation can go hand in hand."
Dr. Leif-Nissen Lundbæk, CEO & Co-Founder of Xayn
Benefits
The NoxtuaCompliance language model was trained on a comprehensive, specialized legal text corpus — including European directives and regulations (notably the 3-R and 3-L documents from EUR-Lex) as well as national legislation from gesetze-im-internet.de.
NoxtuaCompliance addresses key risks typically associated with AI systems:
Data Protection: The model does not use personal data for training or application and can be operated entirely on-premises.
Cost Efficiency: By automating compliance checks, the model significantly reduces personnel effort in data transfer processes — especially for legal and IT departments.
Reliability: It delivers precise, traceable results for specialized compliance tasks, thanks to training on current, high-quality legal data.
Legal Certainty: The use of transparent, open-source datasets greatly minimizes the risk of copyright infringements.
In benchmarking against GPT-4o, NoxtuaCompliance demonstrated not only higher precision in specialized compliance tasks but also full adherence to the highest standards of data protection, transparency, and auditability.
LLM-Based Compliance for Any Architecture
Our solution works via a user-friendly, chat-based interface or through an API — and can be seamlessly integrated into a wide range of existing data space architectures.
It supports both contract finalization and ongoing data processes.
Practical Application
As a fictional practical example, consider the AI startup easyFix:
To develop AI-driven maintenance models, it needs highly specific engine and battery data from Deutsche Bahn. Both parties operate within the Mobility Data Space — and before any data is exchanged, NoxtuaCompliance automatically checks whether all relevant EU directives and regulations from EUR-Lex are met, national legal requirements from gesetze-im-internet.de are fulfilled, and the contractually agreed data usage conditions are compliant.
The result of this real-time compliance check is a fully transparent record of adherence to all legal requirements, an automated risk assessment with an integrated early warning system, and a significant reduction in the legal review workload on both sides.
These features can be easily applied to other sectors — such as finance, energy, or public administration — and lay the foundation for scalable, trustworthy data sharing.
Who Benefits from These Solutions?
Our solution is designed for all data-processing organizations seeking to implement regulatory requirements efficiently and transparently — especially:
Companies in Regulated Sectors
For industries with strict requirements for legally compliant data exchange — such as healthcare, financial services, or the energy sector.
Data Space Operators
Automated compliance checks enhance the existing service offering.
Startups and SMEs
For organizations that regularly handle sensitive or third-party data — even without an in-house legal department.
Public Authorities and Research Institutions
For the structured documentation of contractually governed data processes.
Thanks to its open-source approach, the system can be individually customized and integrated into existing data infrastructures.
Roadmap
Planned Developments
Model Distillation
For resource-efficient use cases (edge devices, mobile applications, SMEs)
Integration into Additional Data Spaces
for example, via the MDS Connector or other data marketplaces.
Expansion of the Training Base
to include additional legal texts, commentaries, and industry-specific clauses.
Community Testing Phases
to further optimize usability and output quality.
Implementation & Costs at a Glance
Depending on your technical environment and the level of support you require, there are three ways to integrate the Compliance Monitor into your organization — from self-hosting to a fully managed service.
Get Involved & Help Us Evolve
The application is available as open source:
Test the system within your organization
Share feedback on model use and integration
Become a pilot partner for new use cases
Recommend the tool or integrate it into your data space governance
Project Partners
