What This Is
No more back-and-forth with agencies.
One access request. One lookup. The complete execution record — approved content, verified creators, disclosed posts, processed payments — all in one place, all independently held.
Agencies and creators continue working in their existing tools — WhatsApp, Slack, Notion, DocuSign. CognitivaAV reads automatically in the background, captures every approval, disclosure, and payment event, and locks it into an immutable record.
When you access this portal, you are not reading a report prepared for you. You are reading the raw execution record — timestamped, cryptographically signed, impossible to edit after the fact.
No PDF attachments.
No 'we will send the documents tomorrow.'
The record is already there, waiting.
Authority Benefits
Six things you see. Instantly.
No training required. No new software. One access point — see the facts.
Creator Licence & Registration Status
Confirm the creator's registration status under any applicable Member-State regime — Loi 2023-451 (France), AGCOM 7/24/CONS (Italy), or other national frameworks — in one view.
Disclosure Compliance per Post per Platform
See whether sponsored content was tagged correctly — #ad, #werbung, #publi, #reclame — post by post, platform by platform, in the language required by the targeted Member State.
Approval Chain and Audit Trail
Every content approval captured: who reviewed, who signed off, when, what version was approved. Named actor, timestamped, cryptographically signed.
SEPA Payment and VAT Documentation
EUR payment records via SEPA Instant (10 seconds, EU Regulation 2024/886) linked to execution events via Stripe PSD2-licensed EU infrastructure. VAT metadata auto-generated per transaction.
Cross-Border Regulatory Clarity — 27 Member States
For campaigns spanning multiple Member States — a German brand, a French creator, a Dutch audience — see every creator, every market, every applicable rule set in a single lookup.
Immutable Independent Record
CognitivaAV holds the record in independent custody. The agency cannot edit it. The creator cannot edit it. What you see is what happened — signed, timestamped, audit-exportable in seconds.
How It Works
From campaign execution to verified record — automatically.
No one in the agency changes how they work. The record builds itself.
Agency runs the campaign
WhatsApp, Slack, email, DocuSign — their existing tools. No workflow change required.
CognitivaOS reads silently
AI captures approvals, disclosures, and payment events in real time as they happen.
Record is locked
Every event is timestamped, cryptographically signed, and held in independent custody — nobody can alter it.
Authority accesses the record
Authorised regulatory bodies access the full execution record directly. No requests, no waiting.
The Authority View
Everything on one screen. Nothing to interpret.
The lookup interface is designed for regulatory speed. Key compliance signals are immediately visible — green for compliant, amber for flagged.
Legal Review
38 EU rules. Plus Member State rules based on residency.
Two layers of coverage: the harmonised EU-level corpus (38 rules across 12 rule sets) applies to every EU campaign. On top of that, Member-State-specific rules activate automatically based on where the creator or primary audience is resident.
Status: DRAFT — these rule sets are a first draft for Counsel review. No admitted Counsel has yet attested to these rules. The four-eyes activation ceremony under §6.2 of the Counsel Brief has not yet taken place. Attestation letters available on request once activated.
Honest scope: CognitivaAV is a system of record — not a legal adviser, not a compliance officer, and not a regulatory guarantee. The agency retains full legal responsibility for its compliance obligations.
EEA Data Residency
All EU tenant data stays within the EEA.
No exceptions. No asterisks.
This is not a preference setting or a contractual promise. It is a hard architectural constraint built into the CognitivaOS federation model. Cross-border data movement outside the EEA is blocked at the infrastructure layer — not just the policy layer.
personal data classes that leave the EEA
EU/EEA deployment — in-region HSM, GDPR Article 25 by design
maximum cross-border token lifetime — public identity only
WHAT NEVER LEAVES EEA INFRASTRUCTURE
THE ONLY THING THAT EVER CROSSES A BORDER
Public identity layer only — no business data, no personal data, no payment records.
IN-REGION HSM · EEA DEPLOYMENT
Every ledger event generated by an EU tenant is signed by the EEA deployment's Hardware Security Module. The signing operation physically happens inside the EEA. The HSM private key never leaves the EEA region. GDPR Article 25 satisfied at the architecture layer.
WHATSAPP IMMEDIATE-PURGE RULE · MODULE CN v1.1
WhatsApp messages are processed in memory only. The AI reads the message, extracts the execution event, writes it to the EEA ledger, then immediately purges the message body. No WhatsApp message content persists in CognitivaOS storage. GDPR Article 5(1)(c) data minimisation and Article 5(1)(e) storage limitation satisfied by design.
Our Commitment
Not a report. A record.
Independent Custody
Records are held by Cognitiva, not the agency. No one in the campaign chain can modify, delete, or reorder what has been captured.
Real-Time, Not Retrospective
Events are captured as they happen — not compiled before an enforcement request. The timestamp is the moment the event occurred.
EEA Data Residency · GDPR by Design
All EU tenant data remains within the EEA. GDPR Chapter V transfer restrictions satisfied at the architecture layer. GDPR Article 25 satisfied by default.
Start Here
Start a lookup. See it for yourself.
Access is granted to authorised EU regulatory bodies — national DPAs, Digital Services Coordinators, consumer protection authorities, ESMA NCAs, and other competent authorities.
National DPAs · Digital Services Coordinators · Consumer Authorities · ESMA NCAs · Media Regulators · eu@cognitiva.systems