The product name as employees know it, e.g. ChatGPT, GitHub Copilot.
The primary domain. Used for Shadow AI detection matching and automated security scoring.
Generative AI: chatbots and LLMs. Developer Tool: code assistants. Data Science Platform: ML training and experiment tracking.
Legal counsel's assessment of this tool's contractual, liability, and compliance posture. Security score is set automatically — Legal Risk is the one input you provide.
None / Unknown
No legal review has been conducted, or the tool is too new to assess. Legal counsel has not evaluated this tool's contractual, liability, or compliance posture.
Limited
Legal has reviewed the tool but identified material gaps — missing DPA, unfavorable data retention clauses, or unresolved indemnification terms. Use is permitted with documented exceptions.
Moderate
Legal has reviewed and approved the tool with standard contractual protections in place. A DPA exists, liability terms are acceptable, and the tool meets baseline compliance requirements.
Significant
Legal has fully vetted the tool. Enterprise agreement executed, DPA in place, IP ownership terms favorable, indemnification clauses acceptable, and the tool is cleared for broad organizational use.
Select all regulations that apply to how this tool is used. Any flag caps the Realis Score at 40 (Urgent tier), requiring immediate review.
EU AI Act
High-risk AI tasks under the EU AI Act (HR, biometrics, law enforcement, critical infrastructure).
HIPAA
Tool processes or has access to US protected health information (PHI).
FERPA
Tool processes US student education records.
CPRA
Tool processes personal data of California residents.
PECR
Tool involves electronic communications data of UK residents.