On August 2nd, 2026, the EU AI Act enters full enforcement. Every company deploying an AI system into EU markets will need to know exactly where their system sits in the regulatory framework — prohibited, high-risk, limited-risk, or minimal-risk — and have the documentation to prove it.
Most of them have no idea how to do this. And the companies that could help them don't want to.
That's why I'm building Stoneset.
The overarching purpose of Stoneset is to make EU AI Act compliance accessible to the companies that actually need it — Series A and growth-stage AI startups shipping product into Europe. Not Fortune 500 enterprises with in-house legal teams and seven-figure compliance budgets. The startups. The ones building real AI products, moving fast, and now staring down a regulatory framework that runs to 180 pages of legal text across 113 articles.
The EU AI Act is the world's first comprehensive AI regulation. It classifies AI systems into risk tiers, each with escalating compliance obligations. Get the classification wrong, and you're either over-investing in compliance you don't need or under-investing in compliance that could get you fined up to €35 million or 7% of global turnover. The stakes are not abstract.
The gap is enormous. The closest direct competitor, Enzai, targets Fortune 500 only with no self-serve motion. Their model is high-touch enterprise sales — six-figure contracts, months-long onboarding. Below that, there are a handful of anonymous tools (no named founders, no registered companies) offering surface-level checklists that wouldn't survive a regulator's first question. Between enterprise compliance consultancies that won't talk to you unless you're doing £50M+ in revenue and free-tier checkbox tools built by no one in particular, there is a massive vacuum. That vacuum is Stoneset's market.
Now, the obvious question: why would anyone trust a 21-year-old solo founder with no external funding to build the compliance layer for an industry worth billions?
Fair question. Here's the honest answer.
I come from regulated industry. I've spent years in UK construction and structural steel — UKCA/CE marking, BS EN 1090 execution classes, ISO 3834 welding quality, mill certificate traceability, RAMS, COSHH assessments, EH40 workplace exposure limits. I know what it looks like when compliance is done properly and what happens when it isn't. In construction, getting it wrong means structural failure, literal and legal. That background isn't decorative. It means I think about compliance as engineering, not theatre.
I'm also building the entire platform myself. No co-founders to align with. No contractors to manage. No advisory board to appease. Every line of code, every classification rule, every piece of documentation logic — it's mine to own and mine to ship. The stack is Next.js, Supabase, Vercel, Anthropic API, all hosted in Frankfurt for EU data residency. I'm on Claude Code as my primary development engine. The speed advantage of a solo technical founder against a committee-driven enterprise vendor is real, and it compounds.
And I'm not starting from zero. The classification wizard — 16 questions, 6 decision gates, deterministic Article-level placement — is already built and live. That's not a roadmap slide. It's production code, running at stoneset.ai.
Why deterministic classification matters
Most "AI compliance" tools are just wrappers around a large language model. You describe your system, the LLM guesses a risk category, and you get a PDF. The problem is obvious: LLMs hallucinate. They're probabilistic by design. And when the output is a regulatory classification that determines your compliance obligations — and your legal exposure — "probably high-risk" isn't good enough.
Stoneset's classification engine is deterministic. It walks through the EU AI Act's decision tree using structured questions with branching logic. Every path maps to a specific Article. Every output is traceable to the regulatory text. There's no ambiguity, no hallucination, no "it depends." You answer the questions, the engine places your system, and the classification holds up to scrutiny because the logic is auditable.
This is the core technical moat. Building a chat interface over an API is a weekend project. Building a legally defensible classification engine that maps to 113 articles of regulatory text is not.
The services bridge
Platform revenue takes time to compound. Meanwhile, AI startups with EU exposure need help now — and they'll pay for it. Stoneset offers Readiness Audits and Compliance Retainers as a services layer alongside the SaaS platform. The audits generate cash flow. The retainers create recurring revenue. Both feed intelligence back into the platform — every client engagement teaches us something about how real companies encounter real compliance gaps.
This isn't a distraction from the product. It's the product's training data.
The pricing gap
Enterprise compliance consultancies charge £20k-£50k+ for an AI Act readiness assessment. Stoneset's self-serve platform starts at £249/month for Starter, scales to £1,499/month for Scale tier. A Series A startup spending £3k-£18k/year on Stoneset gets better coverage than a one-off £30k consultancy engagement because the platform stays current as the regulation evolves and their AI systems change. The unit economics are obvious to the buyer.
The enforcement deadline
August 2, 2026. That's not a soft target. The EU has demonstrated with GDPR that it enforces its regulations aggressively and early. Companies that aren't compliant by enforcement day are exposed from day one. The urgency is structural and it's accelerating — every month closer to August, the pain of non-compliance becomes more concrete for every AI startup with EU customers.
I've been building ventures for years — SteelRadar for structural steel opportunity intelligence, RAMSReady for fabrication CRM with UKCA compliance automation. But Stoneset is different. The market timing is precise, the regulatory catalyst is certain, and the competitive gap is wide enough to drive a platform through.
The plan is not complicated:
- Build a deterministic classification engine that gets Article-level placement right every time — done
- Ship the full compliance documentation suite and onboard early customers before August 2026
- Use services revenue to fund platform development without external capital
- Become the default compliance layer for every AI startup shipping into the EU
I'm not trying to build the next horizontal compliance platform. I'm building the vertical tool that owns EU AI Act compliance for the companies that move fastest and have the most to lose. The enterprise consultancies are too slow and too expensive. The anonymous checkbox tools are too shallow and too unaccountable. Stoneset sits in the gap — named founder, registered company, deterministic logic, real documentation, priced for startups.
The window is open. The deadline is fixed. The product is live.
Let's see what happens.