KAIA explained

Last updated: May 13, 2026

KAIA (Kertos Artificial Intelligence Agent) is Kertos’ AI-powered assistant that supports users in navigating complex compliance workflows across data privacy, information security, and the EU AI Act. Built into the Kertos platform, KAIA acts as a context-aware guide, answering questions, performing autofill actions, and helping teams streamline certification processes like ISO 27001 and GDPR. 

Purpose

KAIA is developed to help legal, privacy, and security teams efficiently handle compliance by:

  • Reducing manual research and repetitive tasks

  • Providing contextual guidance and detailed answers

  • Supporting onboarding, workflow navigation, and document preparation

Definition

We follow the ISO/IEC 22989 definition of an AI system:

"An engineered system that generates outputs (content, forecasts, recommendations, decisions) for a given set of human-defined objectives."

KAIA meets this definition through its proactive, knowledge-driven design and contextual assistance embedded directly into the Kertos platform.

Capabilities

  • Product & Compliance Q&A: 90%+ coverage of ISO 27001, GDPR, AI Act, and Kertos feature questions

  • Autofill System Setup: Enriches and fills vendor and systems data using internal and external sources

  • Context Awareness: Understands where the user is in the platform and tailors suggestions accordingly

  • User Guidance: Guides through step-by-step compliance workflows (starting with ISO 27001)

  • Company Context Awareness: Tailors answers based on your company specifications

  • Document Support: RoPA generation, risk catalog suggestions, policy drafting

  • Read Company Documents: KAIA can directly access and read the content stored on your Kertos platform — including Policies, Risks, Controls, Vendor Systems, Assets, Users, and Trainings. This allows KAIA to give you precise, company-specific answers.

Domain & Hosting

  • Hosted securely on AWS in Europe

  • All processing and storage comply with GDPR

  • Any future data transfers to the US (e.g., via Gemini) follow the EU-US Data Privacy Framework

Security & Ethics

  • Data Protection: No user data is used for model training

  • Bias Mitigation: Regular testing and feedback loops

  • Transparency: User feedback encouraged after each interaction

  • No Biometric Processing: KAIA does not use or store biometric data

Environmental Impact

KAIA runs on AWS, which is committed to achieving net-zero carbon emissions by 2040. By leveraging efficient cloud infrastructure and scaling model use based on demand, Kertos minimizes environmental impact while delivering reliable AI support.

EU AI Act Classification

KAIA is not considered a high-risk or prohibited system under the EU AI Act. It is subject to transparency obligationsunder Article 52 (AI systems interacting with natural persons).

FAQs
 

How is KAIA different from a general-purpose chatbot like ChatGPT?

Unlike general-purpose chatbots, KAIA is purpose-built for compliance. It combines expert knowledge across ISO 27001, GDPR, and the EU AI Act with direct access to your company's data on the Kertos platform — including your Policies, Risks, Controls, and more.

This means KAIA doesn't just answer compliance questions in general terms. It answers them in the context of yourcompany: what frameworks you're working towards, what policies you've defined, and where you are in your compliance journey.

KAIA also goes beyond conversation. It can autofill vendor and system data, guide you through certification workflows step by step, and draft policy documents — all directly inside the platform, without switching tools.

Can KAIA act on its own?

No. KAIA provides suggestions, autofills, and guidance, but the user is always in control and must approve or complete tasks manually.

Does KAIA store or learn from my data?

No user data is used for training. Interaction logs may be retained securely for limited periods to improve system performance, in line with our privacy policies.

What’s the difference between the chatbot and autofill parts of KAIA?

KAIA uses GPT-4.0 mini for chatbot interactions (e.g., Q&A) and Gemini for autofill features (e.g., vendors, systems). They’re connected via an orchestration layer to work seamlessly.