A chatbot writes you a Declaration. We write you one you can sign.

Step 1 — Scope

It starts from a fixed catalogue of ten EU regulations — not the model’s imagination

Before a word is drafted, your product is classified against a fixed catalogue of ten EU regulations — CRA, GDPR, RED, MDR, LVD, EMC, RoHS, REACH, the AI Act and the Machinery Regulation. The model is constrained by a typed schema so it can only choose IDs from that catalogue; it is structurally unable to invent a directive number or cite a regulation that does not exist. The exact regulation numbers and EUR-Lex links come from a static, human-checked map, never from the model — the AI decides whether a regulation applies, it never gets to decide what the regulation is. If the classification call fails, a deterministic rule set takes over (radio to RED, mains power to LVD, personal data to GDPR) so the wizard never dead-ends. Confidence is capped at 0.95, so anything not obviously in scope is flagged for a human.

• Hallucinated directive numbers are structurally impossible, not just unlikely — the schema permits nothing outside the ten.
• Regulation numbers and EUR-Lex URLs are read from a static map, never generated.
• A deterministic fallback guarantees the wizard never dead-ends, even if the model is down.

Step 2 — Ground

Every claim is grounded in the law and in your own engineering data

For every section, retrieval runs against two corpora in the same query: the public EU regulation text, and your organisation’s own uploaded files — schematics, BOMs, datasheets, test reports — chunked, embedded with Mistral Embed (1024 dimensions) and indexed in a private, per-organisation vector store. When you have uploaded files, retrieval pulls roughly 70 per cent of its slots from the regulation text and the rest from your own documents, and the two source types are labelled differently so the model knows whether it is citing law or citing your hardware. So a Declaration can cite not just “CRA Article 13” but a specific component from your actual BOM. This is the part a chatbot cannot reach: it has no persistent, per-tenant index of your private design data. To match it you would paste every datasheet into every prompt — and even then nothing isolates your files from the next customer. Cenitia enforces that isolation in the database: retrieval is filtered by organisation ID through row-level security, so a search never crosses a tenant boundary, and a competitor reading the same public regulations cannot reproduce your document.

• Two corpora, one query: public EU regulation text plus your own privately-indexed engineering files.
• Per-organisation isolation is enforced by Postgres row-level security, not application convention — search never crosses tenant boundaries.
• The more of your own engineering files you upload, the more specific and defensible every document gets — your private index works only for you, and every future Declaration draws on it.

Step 3 — Verify

Triple-Check: it drafts, audits its own draft, then scores its confidence

Every section runs through three passes. Pass 1 (Structured Grounding) drafts the section at temperature 0.1 using only the retrieved sources, marking every factual or normative claim with a [Source N] reference; if a claim cannot be grounded, the model is instructed to write “Requires expert review” and explain why, rather than invent. Pass 2 (Chain-of-Verification) is the step no chat window performs: a second model call re-reads the draft against the same source chunks at temperature 0 and returns a structured verdict — which claims are supported, which are not, and a corrected rewrite with the unsupported claims dropped or rephrased. Pass 3 (Citation Reinforcement) deterministically resolves each [Source N] marker to its exact article or file, then combines explainable factors — the verification verdict, the number of flagged issues, citation density against the estimated claim count, whether any sources were retrieved at all, and the model’s own self-rating — into a single 0–1 confidence score whose formula is in the code, not a black box. Anything below 0.95 is automatically marked requires-review and surfaced for a human before the document can be signed.

• Pass 1 drafts with a [Source N] citation on every claim, at temperature 0.1.
• Pass 2 adversarially audits the draft against its own sources at temperature 0 — a second opinion a single chat turn never gives you.
• Pass 3 resolves citations to exact articles and combines explainable factors — verdict, flagged issues, citation density and the model’s self-rating — into a 0–1 score; under 0.95 is held for a human.

Step 4 — Generate at document scale

Sections generate in parallel, score independently, and resume if interrupted

A Declaration of Conformity or Compliance Scope Document is decomposed into independent sections, each run through the full three-pass pipeline in parallel. If one section fails, the others continue — there is no all-or-nothing. Overall document confidence is the mean of the section scores, and a low-confidence section surfaces on its own for review without blocking the rest. A long generation is tracked section by section, so if the network drops mid-run it resumes from where it stopped rather than restarting from zero. A chatbot returns one monolithic block of text with one implicit, unscored confidence; Cenitia produces an auditable document with per-section evidence and a number on every part.

Step 5 — Sign

The signed file becomes independently verifiable by a Notified Body

Nothing auto-publishes. You read the flagged sections, edit, approve, then sign — drawn, typed or uploaded — and the signature locks. The signed Declaration is written to a PDF carrying a QR code that resolves to a unique public verification page: signer name, role, organisation and date, backed by an unguessable eight-character code (roughly one trillion combinations). A Notified Body, an inspector or your own customer can scan it and confirm the document is genuine without logging in and without taking your word for it. The signature and the QR code are immutable once signed — enforced by database triggers that reject changes for every role, including administrative access — and the PDF itself lives in a private, organisation-scoped store. A chatbot produces text you can edit forever and a third party cannot verify; this produces a permanently checkable artefact — which is the entire point of a Declaration of Conformity.

• Electronically signed and locked PDF with a public QR verification URL — no login required to check it.
• Eight-character base32 code, ~1 trillion combinations; signature and QR immutable once signed, enforced by database triggers for every role.
• Human-in-the-loop by construction: legal responsibility stays with a named person who saw the evidence.

Step 6 — Stay current

It keeps watching the law after you have signed

Regulations get amended. On a schedule, Cenitia re-fetches each tracked regulation’s upstream EUR-Lex page, computes a SHA-256 hash of the content, and detects an amendment by hash change. When one is detected, it finds every document that cites the changed regulation: non-signed Declarations are moved back to “in review”, already-signed ones are left intact but a notification lands in your organisation’s inbox — with the affected documents listed — so you decide whether to re-issue. Every check is logged with the content hash, byte size and last-modified header. A chatbot’s knowledge froze at its training cut-off; it cannot autonomously poll a URL, diff content, or change the state of your documents months after they were written. This is a background service touching your data, not a model answering a prompt — and it is the early warning you keep only while you remain a customer.