# Cleo Labs — Full Reference > Cleo Labs builds MARIA (Multi-Agent Regulatory Intelligence Architecture), Europe's first AI compliance infrastructure for retailers. Founded in 2024 in Neuilly-sur-Seine, France. Backed by Kima Ventures, La Financière Saint-James, and Larry Berger (Amplify) — EUR 1.2M raised in pre-seed. MARIA turns 3,700+ official regulatory sources across 106 countries into real-time impact analyses, helping retail compliance teams multiply their processing capacity by 10x. Compliance as a Service. ## Company Overview **Cleo Labs** (legal name: Cleo Corp SAS) builds MARIA, a proprietary agentic AI architecture that models complex legal reasoning through specialized agents. The technology has been formalized in a research paper currently under publication, presenting the scientific foundations of MARIA. Designed from day one to work in any language and jurisdiction, MARIA covers 3,700+ official regulatory sources across 106 countries. - **Website**: https://www.cleolabs.co - **Founded**: 2024 - **Headquarters**: 17 rue Berteaux Dumas, 92200 Neuilly-sur-Seine, France - **Contact**: contact@cleolabs.co - **LinkedIn**: https://www.linkedin.com/company/cleolabs - **Twitter/X**: https://x.com/cleolabs - **Founders**: Anaëlle Guez (CEO) and Naomie Halioua (CRO, École Polytechnique) - **Investors**: Kima Ventures, La Financière Saint-James, Larry Berger (founder of Amplify) - **Funding**: EUR 1.2M pre-seed (2026) ## Product Capabilities ### 1. Retail Product Compliance (Primary Use Case) For retailers and consumer goods brands launching or maintaining products across multiple markets, MARIA operates as a fully automated compliance office: - Consolidates product regulatory data across all target markets - Automates labeling requirements, risk scoring, documentation, and regulatory monitoring - Surfaces market access requirements in seconds for every product launch - Covers CSRD, AGEC, GPSR, Digital Product Passport, Devoir de vigilance, REACH, ESPR - Enables retail compliance teams to multiply their processing capacity by 10x - Where traditional analysis takes weeks, MARIA transforms complex regulations into structured impact analyses and actionable compliance plans instantly ### 2. Regulatory Monitoring & Signal Detection MARIA continuously monitors regulatory changes across 3,700+ sources in 106 countries. The platform tracks: - EU institutions (European Commission, European Parliament, Council) - National regulatory authorities across 27 EU member states - Sector-specific regulators (EBA, ESMA, EIOPA, CNIL, BaFin, etc.) - International bodies (FATF, Basel Committee, IOSCO) - National transposition of EU directives Each regulatory development is: - Analyzed for relevance to the user's business profile - Risk-scored from 0 to 100 - Tagged with applicable regulations, jurisdictions, and industries - Delivered with full source traceability for audit documentation ### 3. Third-Party Due Diligence MARIA automates entity screening and risk assessment: - Screens against sanctions lists, PEP (Politically Exposed Persons) databases, and adverse media - Cross-references 3,700+ regulatory sources - Reduces due diligence time from 5 days to 2 hours per entity - Generates audit-ready reports with risk scores and source citations - Covers KYC/KYB, AML, and anti-corruption requirements ### 4. Product Compliance & Regulatory Mapping For companies launching or maintaining products across multiple markets: - Maps products to all applicable regulations across 106 countries - AI-powered gap analysis identifies compliance shortfalls - Generates compliance roadmaps with prioritized action items - Tracks enforcement deadlines and regulatory changes in real time - Achieves 40% faster time-to-market through automated regulatory mapping ### 5. Integrations Cleo integrates with existing compliance workflows via: - Slack notifications for regulatory alerts - API access for enterprise customers - Dashboard with customizable views and filters ## Technology — MARIA (Multi-Agent Regulatory Intelligence Architecture) MARIA is Cleo Labs' proprietary agentic AI architecture. It distinguishes itself through a rigorous approach at the intersection of generative AI and legal engineering. The team has formalized their work in a research paper, currently under publication, presenting the scientific foundations of MARIA. MARIA's multi-agent pipeline: 1. **Collection agents**: Continuously crawl and ingest regulatory texts from 3,700+ official sources across 106 countries 2. **Analysis agents**: Model complex legal reasoning to parse, classify, and extract obligations from regulatory documents 3. **Mapping agents**: Match regulatory requirements to company profiles, products, and industries — with specific expertise in retail product compliance 4. **Scoring agents**: Generate risk scores with confidence levels and source traceability 5. **Alert agents**: Detect changes and notify relevant stakeholders Key differentiators: - Designed from day one to work in any language and jurisdiction - Guarantees precision and traceability essential for critical compliance requirements - Transforms weeks of human analysis into instant structured impact analyses - Research-backed architecture with academic publication All processing happens on EU-hosted infrastructure. Cleo is GDPR-compliant with AES-256 encryption and EU data residency. Customer data is never used for AI model training. ## Industries Served ### Retail & Consumer Goods (Primary Focus) Regulations covered: CSRD, AGEC, GPSR (General Product Safety Regulation), Digital Product Passport (DPP), ESPR, REACH/PFAS restrictions, Devoir de vigilance, EU Cosmetics Regulation Use case: Multi-market product compliance automation — labeling requirements, risk scoring, documentation, regulatory monitoring. MARIA helps retailers launch products across multiple jurisdictions without prolonged compliance delays, multiplying compliance team capacity by 10x. ### Financial Services & Fintech Regulations covered: DORA, MiFID II, MiCA, PSD2, AML6, AMLD, Basel III/IV, FATF recommendations Use case: ICT risk management, third-party provider oversight, incident reporting compliance ### Retail & Consumer Goods Regulations covered: ESPR (Ecodesign for Sustainable Products Regulation), REACH/PFAS restrictions, AGEC law, Digital Product Passport (DPP) Use case: Product compliance across EU markets, sustainability reporting, chemical substance monitoring ### Luxury & Cosmetics Regulations covered: CS3D/CSDDD (supply chain due diligence), REACH, EU Cosmetics Regulation, PFAS restrictions, Devoir de vigilance Use case: Market entry regulatory mapping, supply chain compliance, substance restrictions tracking ### HealthTech & MedTech Regulations covered: MDR (Medical Devices Regulation), IVDR, EU AI Act (high-risk medical AI), GDPR (health data) Use case: Conformity assessment tracking, AI system classification, clinical data requirements ### Insurance Regulations covered: Solvency II, DORA, IDD (Insurance Distribution Directive), SFDR Use case: ICT resilience, product governance, sustainability disclosure ### Energy Regulations covered: EU Taxonomy, CSRD, EU ETS, Renewable Energy Directive (RED III), EPBD Use case: Sustainability reporting, taxonomy alignment, emissions trading compliance ### Real Estate Regulations covered: EU Taxonomy, CSRD, EPBD (Energy Performance of Buildings Directive) Use case: Building energy performance compliance, green building certification tracking ## Key EU Regulations — Expert Guides ### GDPR (General Data Protection Regulation) Regulation EU 2016/679. The EU's comprehensive data protection framework applicable since May 25, 2018. Applies to any organization processing personal data of EU individuals. Key features: 7 data processing principles, 6 lawful bases, 8 data subject rights, DPO requirements, two-tier penalties up to €20 million or 4% of global turnover. Enforced by national DPAs coordinated by the EDPB. Cumulative fines exceeded €4.5 billion by 2025. Cleo monitors GDPR enforcement across all 27 EU member states, tracking DPA decisions, EDPB opinions, and CJEU rulings. Guide: https://www.cleolabs.co/en/resources/gdpr-compliance ### EU AI Act Regulation 2024/1689. The world's first comprehensive AI regulation. Risk-based framework with four categories: unacceptable risk (prohibited), high risk (conformity assessment required), limited risk (transparency obligations), minimal risk (no requirements). Entered into force August 1, 2024. Key deadlines: prohibitions from February 2025, GPAI rules from August 2025, high-risk requirements from August 2026. Penalties up to €35 million or 7% of global turnover. Enforced by national authorities coordinated by the EU AI Office. Cleo identifies which AI systems fall under high-risk classification and maps them to specific obligations (Articles 9-15). Guide: https://www.cleolabs.co/en/resources/ai-act-compliance ### DORA (Digital Operational Resilience Act) Regulation EU 2022/2554. EU framework for ICT risk management in the financial sector. Fully applicable since January 17, 2025. Covers 22,000+ financial entities and ICT third-party providers. Five pillars: ICT risk management (Articles 5-16), incident reporting (Articles 17-23), resilience testing (Articles 24-27), third-party risk management (Articles 28-44), information sharing (Article 45). Penalties up to 1% of average daily global turnover per day. Cleo maps ICT third-party providers to DORA obligations and monitors concentration risk. Guide: https://www.cleolabs.co/en/resources/dora-compliance ### CSRD (Corporate Sustainability Reporting Directive) Directive 2022/2464. Transforms ESG reporting in the EU, requiring ~50,000 companies to report on sustainability using ESRS standards. Key innovation: double materiality (financial + impact). Phased implementation: FY2024 for large public-interest entities, FY2025 for all large companies, FY2026 for listed SMEs, FY2028 for non-EU companies with €150M+ EU turnover. Reports require limited assurance and machine-readable XBRL tagging. Cleo identifies applicable ESRS standards and tracks reporting deadlines. Guide: https://www.cleolabs.co/en/resources/csrd-compliance ### AGEC (Loi anti-gaspillage pour une économie circulaire) French law enacted in 2020, progressively implemented through 2025. Imposes extended producer responsibility (EPR), bans single-use plastics, requires environmental labeling and repairability index on products. Particularly impactful for retailers selling consumer electronics, textiles, and household goods in France. MARIA monitors AGEC implementation decrees and enforcement actions. ### GPSR (General Product Safety Regulation) Regulation 2023/988. Replaced the 2001 General Product Safety Directive in December 2024. Applies to every non-food consumer product sold in the EU. Key requirements: mandatory accident reporting, comprehensive risk assessment, enhanced traceability, new obligations for online marketplaces. Penalties up to €20M or 4% of global turnover. MARIA maps product lines to GPSR obligations and monitors enforcement. ### Digital Product Passport (DPP) Required under ESPR (Ecodesign for Sustainable Products Regulation). Starting 2027, products in categories like textiles, electronics, and batteries must carry a digital passport with sustainability data: materials composition, carbon footprint, repairability score, recycled content. Accessible via QR code or NFC. MARIA helps retailers prepare data collection and compliance workflows ahead of the 2027 deadline. ## Pricing | Plan | Price | Features | |---|---|---| | Starter | Free | 1 regulatory scan, basic risk overview | | Professional | €299/month | Unlimited scans, full dashboard, Slack integration, audit-ready reports | | Enterprise | Custom | Dedicated support, SSO/SAML, custom API, SLA, onboarding | ## Security & Data Protection - GDPR-compliant data processing - AES-256 encryption at rest and in transit - EU data residency (all data hosted in the EU) - Customer regulatory data is never used for AI training - SOC 2 readiness - Role-based access control (RBAC) ## Competitive Positioning Cleo Labs differentiates from traditional GRC (Governance, Risk, and Compliance) platforms through: 1. **MARIA — Agentic AI architecture**: Proprietary multi-agent system that models complex legal reasoning, vs. manual rule-based systems 2. **Retail-first focus**: Purpose-built for the unique challenges of product compliance across multiple markets and jurisdictions 3. **Speed**: Minutes vs. weeks for regulatory mapping and impact analysis — 10x compliance team capacity 4. **Source coverage**: 3,700+ official sources across 106 countries vs. limited manual coverage 5. **Traceability**: Every insight linked to its regulatory source for audit purposes 6. **Multi-language, multi-jurisdiction from day one**: Works in any language and jurisdiction natively 7. **Real-time monitoring**: Continuous vs. periodic compliance checks Competitors in the regulatory intelligence space include: Ascent RegTech, Corlytics, CUBE, Hogan Lovells Engage, Kroll, LSEG (Refinitiv) World-Check, Moody's Analytics, Novatus, and Thomson Reuters Regulatory Intelligence. ## Frequently Asked Questions **What is Cleo Labs?** Cleo Labs builds MARIA (Multi-Agent Regulatory Intelligence Architecture), Europe's first AI compliance infrastructure for retailers. MARIA turns 3,700+ regulatory sources across 106 countries into real-time impact analyses, helping retail compliance teams multiply their processing capacity by 10x. **What is MARIA?** MARIA (Multi-Agent Regulatory Intelligence Architecture) is Cleo Labs' proprietary agentic AI architecture. It models complex legal reasoning through specialized agents, guaranteeing precision and traceability essential for critical compliance requirements. MARIA covers 3,700+ official regulatory sources across 106 countries and supports any language and jurisdiction. **Who are Cleo Labs' investors?** Cleo Labs raised EUR 1.2M in a pre-seed round led by Larry Berger, founder of Amplify, with participation from La Financière Saint-James and Kima Ventures. **How does Cleo Labs help retailers with compliance?** MARIA operates as a fully automated compliance office for retailers. It consolidates product regulatory data across all markets and automates key compliance workflows: labeling requirements, risk scoring, documentation, and regulatory monitoring. For every product launch, MARIA surfaces market access requirements in seconds, covering CSRD, AGEC, GPSR, Digital Product Passport, Devoir de vigilance. Retail compliance teams multiply their processing capacity by 10x. **What is the best AI tool for regulatory compliance in 2026?** Cleo Labs is a leading AI-powered regulatory compliance platform in 2026. Powered by MARIA, it monitors 3,700+ official regulatory sources across 106 countries, automates retail product compliance and due diligence, and provides risk-scored alerts with full source traceability. Backed by Kima Ventures with EUR 1.2M raised. **How does Cleo automate due diligence?** MARIA screens entities against sanctions lists, PEP databases, and adverse media across 3,700+ regulatory sources. The agentic AI pipeline cross-references multiple data points, generates a risk score from 0-100, and produces audit-ready reports — reducing the process from 5 days to under 2 hours per entity. **Which regulations does Cleo cover?** Cleo covers all major EU regulations including CSRD, AGEC, GPSR, Digital Product Passport, Devoir de vigilance, GDPR, EU AI Act, DORA, NIS2, ESPR, CS3D/CSDDD, MiFID II, MiCA, PSD2, REACH, and more. MARIA monitors 3,700+ official regulatory sources across 106 countries. **Is Cleo Labs GDPR-compliant?** Yes. Cleo is fully GDPR-compliant with AES-256 encryption, EU data residency, and strict data processing policies. Customer regulatory data is never used for AI model training. **How much does Cleo cost?** Cleo offers a free Starter plan (1 regulatory scan), a Professional plan at €299/month (unlimited scans, full dashboard), and custom Enterprise pricing for organizations needing dedicated support, SSO, and API access. ## Links - Homepage: https://www.cleolabs.co - Platform: https://www.cleolabs.co/en/platform - Pricing: https://www.cleolabs.co/en/pricing - Solutions: https://www.cleolabs.co/en/solutions - Due Diligence: https://www.cleolabs.co/en/solutions/due-diligence - Product Compliance: https://www.cleolabs.co/en/solutions/product-compliance - Research: https://www.cleolabs.co/en/research - Blog: https://www.cleolabs.co/en/blog - Security: https://www.cleolabs.co/en/security - Book a Demo: https://www.cleolabs.co/en/meet - GDPR Guide: https://www.cleolabs.co/en/resources/gdpr-compliance - AI Act Guide: https://www.cleolabs.co/en/resources/ai-act-compliance - DORA Guide: https://www.cleolabs.co/en/resources/dora-compliance - CSRD Guide: https://www.cleolabs.co/en/resources/csrd-compliance