Request early access
← velarc.io

About this demo

What you're looking at, what's behind it, and how Velarc addresses EU AI Act compliance obligations.

The demo environment

You're viewing a live instance of Velarc running against a sample tenant — MediPath Technologies — a fictional healthtech company with realistic clinical AI use cases.

There's no login required. You're seeing the compliance officer and administrator view — the same view a CTO or audit lead would use to review AI activity across their organisation.

The traces in this demo were generated to simulate realistic clinical AI interactions. In a live deployment, each trace is captured in real time as it passes through the proxy.

The technology stack

Velarc is not a frontend demo. The backend is a production Java application running on dedicated infrastructure in Hetzner's EU-central data centre.

  • Backend Java 21 + Spring Boot 3.5
  • Database PostgreSQL 16
  • Frontend React 19 + TypeScript
  • Proxy Caddy + TLS
  • Hosting Hetzner, eu-central
  • Migrations Flyway
How the proxy works

When a healthtech application calls POST /v1/proxy/chat, Velarc intercepts the request, enriches it with business context — use case, business object, initiated by — forwards it to the AI provider, captures the response, and writes a structured audit trail.

All of this happens in a single synchronous call. The client application sees no difference in behaviour. The compliance layer is invisible to end users.

Engineering quality

Velarc is built with the same rigour we ask of our customers. The codebase has a comprehensive unit and integration test suite, and Playwright E2E tests run against the live application after every deployment.

OWASP dependency scanning runs on every build and fails on any vulnerability scoring 7.0 or above. Dependencies are monitored weekly via Dependabot. All infrastructure runs behind TLS with automatic certificate renewal.

EU AI Act compliance

Healthcare AI is explicitly classified as high-risk under Annex III of the EU AI Act. The enforcement deadline is 2 August 2026. Velarc is built to address two specific articles:

Article 12 — Record-keeping
High-risk AI systems must technically allow for the automatic recording of events throughout their lifetime, enabling traceability, risk identification, and post-market monitoring. Velarc implements this automatically for every proxy call — no manual instrumentation required.
Article 19 — Automatically generated logs
Providers must retain automatically generated logs for a minimum of six months. Velarc enforces configurable retention periods — six months on Starter, twelve months on Professional — with the audit store write-protected against modification or deletion.

Note: Velarc addresses the technical logging obligations under Articles 12 and 19. Full EU AI Act compliance for a high-risk AI system involves additional obligations including risk management, technical documentation, and human oversight processes that are the responsibility of the deploying organisation. We recommend taking independent legal advice on your specific compliance position.

Explore the live demo

Questions? hello@velarc.io