Regingada
Regingada Compliance Suite · Your Digital Twin for DSA, AI Act & GDPR

Your Digital Twin for EU digital law.

It starts as cartography: EU digital law — the DSA, AI Act, GDPR, DMA and NIS2 — mapped into one interactive, source-grounded graph. That map is the foundation of your twin: you classify once, and the living model shows what applies and reports what changes. Built by a German lawyer specialised in EU digital regulation.

Non-EU provider? The twin flags the appointment duty — Appointed EU representation →

Software & appointed EU representation: Regingada UG (haftungsbeschränkt) · Legal advice exclusively: Kanzlei Theo Funk — separate mandate

The tour shows the actual suite interface — not a concept mockup.

Proof of substance

One graph. 824 nodes. Orientation across EU digital law.

No customer counts, no saved-hours claims — this is the corpus your twin runs on. The corpus figures here are rendered live in the suite: open the product and reconcile.

824
Source-grounded nodes

824 source-grounded nodes across five EU digital-law regimes.

Articles, recitals, obligations, case law and guidance — structured, linked and cross-referenced. Nothing rounded up for this page.

DSA AI Act GDPR DMA NIS2 Five regimes. One corpus. One render.

1,652 mapped relationships 92 curated cross-regulation links 12 L9 enforcement trackers 0 external loads by default

92 = the curated cross-regulation heatmap; the graph holds further cross-regime edges. Real numbers, no marketing math.

the suite KPI band as rendered in the product: 824 KORPUS-KNOTEN (nodes), 1652 EDGES, 5 REGIMES, 118 CROSS-REG-EDGES, 12 L9-TRACKER AKTIV
The suite KPI band — the same figures, the same render. Reconcile in the product.
The twin

What is your Digital Twin?

Not six separate tools — one model of your duties. You answer a compact five-question pre-wizard about your case; the Legal Map marks the obligation nodes that apply to you, live. That marked, living map is your twin: it shows what applies and reports what changes.

The Legal Map is the engine of your Digital Twin — a living model of EU digital law that turns your profile into individual, proactive and reactive orientation.

1

Your profile

You answer a compact five-question pre-wizard about your case — rule-based and reproducible, no account, no black box.

2

The map marks

The Legal Map marks the obligation nodes that apply to you — live, across all five regimes, each grounded to its legal source.

3

Your living twin

This marked, living map is your twin: it shows what applies and reports what changes. Change one input and the duties, deadlines and cross-regulation links move with it.

Regingada Compliance Suite welcome screen — 'What is your Digital Twin?' with the three steps (your profile, the map marks, your living twin) and the per-regime twin cards

The twin mirrors and orients — it does not advise. It shows which duties your inputs point to; it does not decide them, guarantee anything or take them on. The legal judgment and the handling of duties stay with the firm, in a separate mandate.

The suite

One suite. Five regimes.

Six modules build and feed one living twin — the Legal Map is the engine, the others are how the twin classifies, checks and plans. Every module reads from the same corpus above — not a marketing figure in sight.

Legal Map

824 nodes of EU digital law as one interactive graph — filter by regime, concept or case law.

the suite legal map canvas, dark theme: colored regime clusters with cross-regulation edges

Cross-Reg Heatmap

Where DSA, AI Act, GDPR, DMA and NIS2 overlap — curated links, not statistical guesses.

Cross-regulation heatmap cells: AI Act × GDPR matrix detail with curated hit cells

Obligation Cockpits

VLOP, Annex IV, DPIA, gatekeeper and cyber duties as working checklists — every obligation grounded to its legal source.

VLOP cockpit cards, dark theme: systemic risk assessment, risk mitigation, crisis response, independent audit

Cmd-K Research

Full-text and concept search across the entire corpus — works completely offline.

the suite command palette, dark theme: query 'liability' returns the subject facet Intermediary service liability plus offline corpus hits — DSA Art. 13(3), Chapter II, ECJ C-324/09 L'Oréal v eBay, DSA Art. 4(1)

AI Assistant

Optional Claude-powered explanations via a Cloudflare Worker. Strictly opt-in — the suite never requires it.

the suite AI assistant modal head, dark theme: locked opt-in gate — three steps (free intake call, access code, AI panel) before any request leaves the browser

Mandate Funnel

From anonymous self-check to a mandate-ready DRAFT artifact — the handoff to the firm is a deliberate, documented act.

the suite mandate funnel, dark theme: step status cards, regime-profile fill state and the step-2 handoff panel — DRAFT discipline notice visible in the product footer
Coverage

Every regime, full depth.

We certify nothing and badge nothing — we map. Five regimes, each down to article level.

DSA

Your DSA twin: shows which platform duties apply — service-by-service, intermediary up to VLOP — and reports what changes.

From notice to VLOP.

Art. 34/35 systemic-risk cockpit · notice-and-action, transparency and audit duties mapped.

Plus: service-by-service portfolio tiering · duty workspace with kanban and an owner per duty — who in your org handles which DSA obligation.

AI Act

Your AI Act twin: shows the classification of each AI system — prohibited, high-risk, transparency or GPAI, provider and deployer apart — and reports what changes.

Annex IV, operational.

GPAI gating (Art. 51–56) · applicability timeline · technical-documentation cockpit.

Plus: auto-classification per AI system — prohibited, high-risk, transparency or GPAI — with provider and deployer duties kept strictly apart.

GDPR

Your GDPR twin: shows which duties your processing profile triggers — DPIA, transfers, DPO, employee data — and reports what changes.

DPIA, mapped.

Art. 35/36 triggers with DSK lists · EDPB WP248 risk assessment · Art. 30 records.

Plus: processing records as structured input · conditional cockpits appear only when your profile triggers them — transfers, DPO, employee data.

DMA

Your DMA twin: shows your CPS portfolio and threshold status in one run — through to the Art. 15 report — and reports what changes.

Gatekeeper duties.

Art. 5/6/7 obligations · interoperability and self-preferencing rules in one cockpit.

Plus: one continuous run from CPS portfolio and threshold status to the Art. 15 report generator.

NIS2

Your NIS2 twin: shows whether your entity is essential or important — with 24 h / 72 h / 1-month reporting clocks — and reports what changes.

Cyber baseline.

Directive (EU) 2022/2555 · risk-management measures and reporting duties.

Plus: incident register with live 24 h / 72 h / 1-month reporting deadlines · supplier register with risk rating.

Cross-regulation

One measure. Many duties.

92 curated cross-regulation links

as rendered live in the suite — the curated heatmap selection; the graph holds further cross-regime edges

A risk assessment you run for the DSA can serve the AI Act and the GDPR too. the suite shows exactly where — the overlap a flat checklist misses.

  • Curated edges, lawyer-ratified — not AI guesswork at runtime.
  • Sources grounded down to CELEX identifiers.
  • Subject-matter grouping across regime borders.
Open the heatmap
Cross-regulation edge list, AI Act ⇔ GDPR: each curated edge with its CELEX source identifiers and pinpoint citations
the suite cross-regulation heatmap, dark theme: AI Act × GDPR matrix with 11 hits across 10 cells and the hit-count chip visible
The map

824 nodes. Zero black box.

Every node carries its legal source. Every edge says why it exists. The corpus is lawyer-curated and ratified, source-grounded down to CELEX — and the product shows its work.

  • Funk taxonomy — 51 legal concepts as cross-regime filters
  • CJEU case law with CELEX references on the node
  • Tri-lingual nodes — EN · DE · ZH
  • Runs fully offline by default — the only network paths are the opt-in AI request and your deliberate funnel submission
the suite legal map canvas, dark theme: colored regime clusters with cross-regulation edges

Live map canvas — dark theme, colored regime clusters, real corpus data

The cockpits

From article to action.

Reading the law is step one. the suite classifies your profile, triggers the duties indicated by your inputs, and puts them on a timeline — checklists, roadmaps and what-if scenarios a compliance team can actually run.

Every cockpit obligation grounded to its legal source
  • VLOP cockpit — DSA Art. 34/35/22/24/39
  • AI Act Annex IV cockpit with GPAI timeline
  • GDPR DPIA cockpit — Art. 35/36/30, DSK lists
  • DMA gatekeeper and NIS2 cyber cockpits
  • Applicability roadmaps with phases and dependencies — plus what-if scenarios
  • Duty benchmark against four model profiles — declared model-based, no market-data claims
the suite VLOP cockpit, dark theme: systemic obligations DSA Art. 33-58 with risk assessment, mitigation, crisis response and audit cards
AI Act roadmap timeline: phases from Active today (Prohibitions & GPAI) to Annex I harmonised products, plus the Regulatory Intelligence feed
From map to action

First the map. Then the work.

the suite doesn't stop at cartography. Five moves from first orientation to a documented handoff — four in the software, the fifth in the mandate.

1 · CLASSIFY

Quick check & classification

A five-question quick check per regime feeds a deterministic engine: DSA service tier up to VLOP, AI-Act risk class, DMA gatekeeper status, NIS2 essential or important. Rule-based and reproducible — no black box.

2 · CHECK

Obligation cockpit

Your profile triggers the duties indicated by your inputs — each with its article anchor, phase and concrete tasks. A benchmark compares your duty load against four model profiles, honestly declared as model-based.

3 · PLAN

Roadmap & what-if

Applicability timelines per regime, what-if scenarios — simulate VLOP scale or giving up the EU seat — and a horizon radar that watches beyond the five regimes.

4 · EVIDENCE

Evidence Vault & reports

Map each document to the duty it covers in the local Evidence Vault, then export cockpit reports as DOCX. Your files stay in the browser — no third-party upload.

5 · MANDATE

When it gets serious

Everything up to here is software: structured self-assessment, not legal advice. The appointed EU-representative function is available from Regingada UG (haftungsbeschränkt) under a separate representation contract; legal judgment and the legal handling of duties are the firm's work, under a separate mandate.

Visit Kanzlei Theo Funk →

The funnel

Self-check today. Mandate-ready tomorrow.

The honest boundary is the feature: software output is a DRAFT and says so on every page. FINAL exists only after a lawyer takes the mandate — and responsibility.

  • No account required
  • Your inputs stay in the browser until you decide to send
  • Artifact exported as DOCX — with a visible DRAFT footer
the suite mandate funnel, light theme: client workflow dashboard with step status, regime profile and the DRAFT discipline footer
1 · CHECK

Structured self-assessment

In the software. Anonymous, no account — decision support under GDPR and RDG discipline.

2 · DRAFT

DRAFT artifact

The software generates a DRAFT document — expressly not legal advice, and labeled as such.

3 · FINAL

Lawyer sign-off

Only Kanzlei Theo Funk turns a DRAFT into FINAL — after a separate engagement and full lawyer review.

Visit Kanzlei Theo Funk →

Use cases

Five archetypes. Zero invented customers.

No logos, no testimonials — instead, five synthetic demo personas built into the product. Each one is a complete walkthrough from classification to mandate handoff.

HR-AI provider

High-risk under Annex III no. 4 — the full provider duty stack, cleanly separated from deployer duties.

Marketplace at VLOP scale

Above 45 million users — once designated by the Commission — the DSA changes character: Art. 34/35 systemic-risk work in a dedicated cockpit.

Credit-scoring fintech

Art. 22 GDPR and Art. 22 AI Act are false friends — the suite keeps them apart, SCHUFA case law included.

SME deploying bought-in AI

Deployer duties under Art. 26 — and the honest line: the Annex IV documentation sits with your vendor, not with you.

Non-EU GPAI provider

Art. 53/55 model tiers plus the triple representation bundle — Art. 54 AI Act, Art. 13 DSA, Art. 27 GDPR — treated as one issue.

All five are demo scenarios with synthetic data — clearly labeled in the product. No real client data, ever.

Representation

Your appointed representative in the EU.

Established outside the EU? Several EU digital laws require you to appoint a representative inside the Union. Regingada UG (haftungsbeschränkt) — a lawyer-owned compliance operations company — can act as your appointed EU contact and coordination point. Legal advice, where needed, comes separately from the independent law firm Kanzlei Theo Funk, or from counsel of your choice.

Art. 27 GDPR

GDPR Representative

The EU representative for non-EU controllers and processors under Art. 27 GDPR — the point of contact for supervisory authorities and data subjects.

Art. 13 DSA

DSA Representative

The statutory addressee in the EU for non-EU intermediary services — for the Digital Services Coordinator, the Commission and the EBDS.

Art. 22 / 54 AI Act

AI Act Representative

The authorised representative for non-EU providers of high-risk AI systems (Art. 22) and GPAI models (Art. 54).

Art. 26(3) NIS2

NIS2 Representative

The EU representative for non-EU DNS, cloud, data-centre, CDN and other in-scope digital service providers — available on request.

One onboarding. Two clean contracts.

Regingada UG (haftungsbeschränkt) provides the operational representative function. It does not provide legal advice. Optional legal advice is available from Kanzlei Theo Funk under a separate mandate, or from counsel of your choice. Both tracks can be onboarded in one coordinated process — two clear roles, two separate contracts. And where a matter requires it, they continue to work together — one under the representation contract, the other under the legal mandate, information shared only with your consent.

Representation: Regingada UG (haftungsbeschränkt)

Legal advice: Kanzlei Theo Funk, cooperating independent law firm — separate mandate, or counsel of your choice

  1. Scoping check Your scoping answers indicate which representative role is likely required. You submit your representative request to Regingada UG (haftungsbeschränkt).
  2. Optional legal support In the same flow, you may also request legal support from Kanzlei Theo Funk. One click, separate consent, separate legal mandate.
  3. Coordinated start The representative and the law firm start in coordination. Each role stays clear: representation by Regingada UG, legal advice by Kanzlei Theo Funk. After approval, representative and counsel work from the same timeline, with defined hand-offs instead of repeated explanations.

You do not have to brief your representative and your counsel twice — the hand-off is built in, with your consent.

Regingada UG is not a law firm and does not provide legal advice within the meaning of the German Legal Services Act (RDG). Its role is limited to the appointed representative function: regulatory contact handling, receipt and forwarding of correspondence, communication coordination and documentation. Legal assessment and advice require a separate legal mandate.

Built as two entities on purpose: dedicated representation and independent legal counsel, each with a clear role.

Appointed EU representative & software: Regingada UG (haftungsbeschränkt) — wholly owned by German attorney Theo Funk, no legal advice · Legal advice: independent law firm Kanzlei Theo Funk (RAK Bamberg) — separate mandate.

Lawyer-built

Software from a lawyer. Advice from his firm.

No customer logos, no invented testimonials. What we have instead: a founder who practices the law his software maps — and a boundary that protects you.

Regingada UG (haftungsbeschränkt)

  • Builds and operates the Regingada Compliance Suite
  • Appointed EU representative for non-EU providers (Art. 27 GDPR · Art. 13 DSA · Art. 22/54 AI Act) — under a separate representation contract
  • GDPR + RDG discipline: structured self-assessment and decision support
  • No legal advice — by design
  • Output: DRAFT artifacts, labeled as such
  • EU data discipline → Trust Center
Strict separation, by design

law firm Theo Funk

  • Rechtsanwalt · Rechtsanwaltskammer Bamberg
  • Takes mandates — under a separate engagement
  • Professional secrecy (§ 203 StGB) applies once you become a client
  • Signs off FINAL artifacts
  • Advises on EU representative obligations (Art. 27 GDPR · Art. 13 DSA · Art. 22 / 54 AI Act) and represents clients in administrative and fine proceedings
  • theofunklaw.com →
  • office@regingada.com

Software & appointed EU representation by Regingada UG (haftungsbeschränkt) · Legal advice exclusively by Kanzlei Theo Funk under separate mandate

When it gets serious, the roles stay clear: Regingada UG (haftungsbeschränkt) holds the appointed representative function — the named EU point of contact that receives authority correspondence and routes it, documented and without delay. Legal judgment stays with the firm, under a separate mandate: it advises on the obligations, accompanies audits and, where needed, proceedings. The software shows the duty; the representative routes the mail; the firm handles the law.

Portrait of Theo Funk, Rechtsanwalt, founder of Regingada UG (haftungsbeschränkt)
“Every mandate began the same way — re-tracing how five EU regimes interlock for that one client. So I built the software that does the mapping: it classifies, checks and plans. It surfaces the duties your inputs point to; it does not take on their handling. Where the duty is to name an EU representative, Regingada can take on that named operational role under its own contract — service of documents, authority routing and documentation, not legal advice. That remains my firm’s work in the mandate, together with the legal judgment.”
Theo Funk · Rechtsanwalt · Rechtsanwaltskammer Bamberg
Developers

The EU digital-law corpus, as an API.

Grounded, not generated: a curated, CELEX/ELI-citable, versioned corpus your app and your AI can call. A free key to start; Pro and Enterprise scale the limits. All three surfaces are built and verified — hosting and keys follow at launch.

Embed widget

A 43 KB widget. The Regingada quick check on your own site — one sandboxed iframe, no tracker scripts.

<script src="dcis-check.js" defer></script>
<dcis-check lang="en"></dcis-check>

Public API v1

Fail-closed by construction: a missing server-side key set returns 503, a missing or invalid client key 403 — never data.

GET /api/v1/search?regime=dsa
X-API-Key: <your-key>

MCP server

Plug the corpus into your AI assistant as a Model Context Protocol server — grounded answers instead of hallucinated articles.

{ "mcpServers": { "funk-eu-digital-law": {
    "command": "python",
    "args": ["mcp_server/server.py"] } } }
Radar

What moved in EU digital regulation.

A curated changelog: source, affected corpus nodes, one neutral orientation note per change — grounded in the same versioned corpus as the Suite and the API. Weekly e-mail digest with double opt-in in preparation.

  • DSADSA — clarification on points of contact (Art. 11)Concerns the authority-facing point of contact under Art. 11 DSA and its public information.
  • AI ActAI Act — prohibited practices (Chapter II)Relates to the catalogue of prohibited AI practices under Chapter II of the AI Act.
  • GDPRGDPR — Data Protection Impact Assessment (Art. 35)Concerns the thresholds and mandatory elements of the DPIA under Art. 35 GDPR.
All entries →

Orientation, not legal advice.

  • DSADSA — Praezisierung zu Kontaktstellen (Art. 11)Betrifft die Ausgestaltung der Behoerden-Kontaktstelle nach Art. 11 DSA und deren oeffentliche Angaben.
  • AI ActKI-VO — verbotene Praktiken (Kapitel II)Bezieht sich auf den Katalog verbotener KI-Praktiken nach Kapitel II der KI-VO.
  • GDPRDSGVO — Datenschutz-Folgenabschaetzung (Art. 35)Betrifft die Schwellen und Pflichtelemente der DSFA nach Art. 35 DSGVO.
Alle Einträge →

Orientierung, keine Rechtsberatung.

Plans

Free in full. Pay only for depth.

The Digital Twin is free — the full tool, every regime, offline, no account. Paid plans add tool and data depth: persistence, teams, monitoring, the Corpus API, white-label. They never add legal assessment — that stays with Kanzlei Theo Funk, in a mandate.

Twin

€0
free, in full

The full Digital Twin — offline, in your browser.

  • All five regimes · 824-node Legal Map
  • Cross-regulation heatmap & cockpits
  • Cmd-K search · opt-in AI
  • Free Corpus-API key (read-only)
Start free
Most popular

Workspace Solo

€24 / month

Your twin, saved and synced.

  • Save & sync across devices
  • Versioned cockpit snapshots
  • PDF / JSON export, brand-free
  • Pro Corpus-API key + hosted MCP
Join the waitlist

Workspace Team

€59 / seat / month

Compliance as a team.

  • Shared cockpits · roles & rights
  • Team audit trail · evidence vault
  • Includes one monitoring feed
  • Priority support
Join the waitlist

Monitoring

€199 / regime / month

Your twin watches ahead.

  • Enforcement & horizon alerts
  • Triggered by corpus change
  • Cross-regulation impact hints
  • Reports what changed — for review by RA Funk
Join the waitlist

Regingada for Firms

White-label for firms & consultancies.

  • Your branding & subdomain
  • Corpus API at scale · remote MCP
  • SSO · DPA/AVV · EU residency (Frankfurt)
  • Partner margin & certified-partner tiers
Custom
white-label · sales-led
Book a demo
In 80 seconds

See how free and paid fit together.

Every plan is software. The appointed EU-representative function is a separate contract with Regingada UG (haftungsbeschränkt). Legal advice is a separate mandate with Kanzlei Theo Funk. Three clear lanes, one honest boundary.

Indicative launch pricing · net of VAT · public launch in preparation.

Trust

No badge wall. Real answers.

EU data discipline No tracking, no ads Strict software ↔ mandate boundary Visit the Trust Center →
RCS

Map your obligations.

Five regimes, one map, an honest boundary. Public launch in preparation — the firm is reachable today.

And when it gets serious: the appointed EU-representative function (Art. 27 GDPR, Art. 13 DSA, Art. 22 / 54 AI Act) — by Regingada UG (haftungsbeschränkt) under a separate representation contract. Legal strategy, audits and proceedings — by the firm, in the mandate.

Legal advice is provided solely by the independent law firm Kanzlei Theo Funk under a separate engagement — not by Regingada UG.