The Platform

From signal
to executable decision.

AUCTORITAS does not summarise. It does not alert. It structures what the environment imposes — and produces decisions directly usable in executive contexts.

The architecture

Four modules. One pipeline.

01 Signal

A regulatory development, a corporate event, a political shift or a narrative change enters the system.

02 Constraint

The signal is structured into a binding constraint: who is exposed, to what obligation, by when, with what consequence.

03 Scenarios

Three decision paths are generated — proactive, exposure, arbitrage — with probabilities and strategic implications.

04 Decision

The constraint is adapted to the organisation's specific profile: sector, size, geographic exposure, critical dependencies.

What AUCTORITAS produces

Every output follows the same invariant structure.

No editorial commentary. No hedging. A decision variable, a binding constraint, three structured trajectories, explicit invalidation conditions.

Decision variable

Map without delay critical TIC dependencies on extra-European hyperscalers and arbitrate between DORA-compliant contractual remediation, migration to qualified sovereign cloud, or hybrid architecture with tested exit strategy.

Operational resilience × High-risk AI · DORA + AI Act Exposure high
Who
European financial institutions and credit institutions in the eurozone using critical third-party TIC providers (non-EU hyperscalers) for cloud services or AI systems integrated into their critical functions.
Obligation
Comprehensive mapping of dependencies, documented exit strategies, mandatory contractual clauses (DORA Art. 28-30); direct supervision of critical TIC providers by European authorities (Art. 31). Qualification of high-risk AI systems embedded (AI Act Art. 6, Annex III) with governance, transparency, human oversight obligations.
Deadline
DORA fully applicable since 17 January 2025. AI Act: prohibitions from 2 February 2025, GPAI obligations from 2 August 2025, high-risk systems from 2 August 2026.
Sanction
National sanctions for financial entities (DORA Art. 50-54); periodic penalty payments up to 1% of average daily worldwide turnover for critical TIC providers (Art. 35); cumulation possible with AI Act fines up to €35M or 7% of global turnover (Art. 99); ESAs supervisory measures and risk of authorisation withdrawal.

Verified sources · Regulation (EU) 2022/2554 (DORA) · Regulation (EU) 2024/1689 (AI Act) · DORA Art. 28-30, 50-54 · AI Act Art. 6, 26, 99 · Annex III §5b

55%
Anticipated migration to hybrid sovereign cloud · Proactive

The institution initiates partial migration of fine-tuned AI models towards an intermediate sovereign architecture (qualified European actors of intermediate architecture under SecNumCloud), while retaining hyperscalers for non-critical workloads under DORA Art. 28-30. Double-rail triggering renegotiation of reversibility clauses and a differentiating advantage with regulators.

30%
Maintain hyperscalers and bet on regulatory tolerance · Exposure

The institution maintains its current architecture, betting on a graduated application. This position exposes to a cumulative non-compliance risk that may trigger AI Act sanctions up to €35M or 7% of global turnover (Art. 99) and corrective DORA measures imposed by the competent authority.

15%
Sectoral coalition for regulatory clarification · Arbitrage

The institution joins a coordinated approach to obtain from European authorities guidelines on the DORA × AI Act articulation, while negotiating reinforced contractual clauses on auditability and portability.

Invalidation conditions
  • The hyperscaler is not designated CTPP (Critical Third-Party Provider) by the ESAs under DORA Art. 31.
  • The cloud or AI services concerned do not support any critical or important function within the meaning of DORA Art. 3(22).
  • The financial entity has a tested exit strategy and a documented multi-cloud or sovereign architecture eliminating substantial dependency.
How it works

Three invariant pillars.

01

Verified legal sources

Every constraint is sourced from EUR-Lex, Légifrance, and primary regulatory texts. Citations are exact, dated, verifiable. No hallucination. No approximation.

02

Four dimensions of power

Regulatory, corporate, political, and cognitive constraints are analysed simultaneously. Most organisations track one. AUCTORITAS structures all four.

03

Organisational adaptation

Every constraint is adapted to your organisation's sector, size, geography, and specific exposure. The sanction is calculated on your turnover. The deadline is calibrated to your situation.

Continue

01 · Section

Home

The paradigm

Four dimensions of power. A new class of decision intelligence.

Explore 03 · Section

Use cases

Constraints already active

AI Act, DORA, FDI screening, institutional narratives — situations where the obligation precedes the formal acknowledgment.

Explore 04 · Section

About

Founder and doctrine

Maître Hannan Otmani · Avocate au Barreau de Paris · Over two decades within international legal directorates.

Explore
Access

See AUCTORITAS
in action.

Get in touch for a calibrated demonstration. We generate a live analysis on a situation directly relevant to your organisation.

By institutional access · Platform available in French and English