# Rachel Kominsky, Director of Platform Engineering at Fieldstone Analytics — read of Compliance Scanner, 2026-06-23

> 11 years in software, last three running the platform team at a 180-person B2B SaaS shop in Chicago. We process HR data for mid-market companies, half our ARR comes from EU customers, and I spent most of Q1 trying to understand whether the EU AI Act actually applies to us.

## How I got here

Searched "EU AI Act AWS compliance scanner" sometime around 10pm after our legal counsel forwarded me a 47-page interpretation memo that raised more questions than it answered. We use CloudFormation templates, we have models running on SageMaker, and I genuinely do not know if we are in scope for Article 6 or Article 52. I clicked maybe five results. Most were consultancy landing pages with no pricing and a "book a call" CTA. This one showed up around result six or seven.

## What I clicked first

"Automated compliance audits for your AWS infrastructure" landed well. That's the sentence that got me to scroll. Then I saw the feature copy: "Detects non-compliant AWS resources against EU AI Act, NIST AI RMF, ISO 42001 frameworks in a single pass. No manual checklist reviews needed." That's a real sentence about a real pain. I was still reading.

"CloudFormation-Ready" is the one that made me sit up. We have maybe 60 templates in our IaC repo and shifting compliance checks left into the PR workflow is exactly where I'd want this to live.

## Where I paused

"Honest disclosure: we don't have live customers on this idea yet."

I read that sentence three times. I scrolled back up to confirm I was on a product page and not some other kind of page. Then I saw the "61/100 Adoptability" score and the "1 in 8 Meaningful-success odds (Fermi)" and the Year-1 take-home estimate of negative $23,820.

It took me a good minute to figure out what I was actually looking at. This is not a tool I can buy. This is an idea for a tool, packaged and sold to someone who wants to go build it. The "SOC 2 Type II Certified" badge in the procurement table is for the Wishdeal platform, not for a product that doesn't exist yet. That badge is doing a lot of misleading work above the fold.

## What I distrusted

The procurement table at the top. "SOC 2 Type II Certified / SSO / SAML / SCIM Included / Data residency / Implementation Support tier / Dedicated CSM / Yes." That reads like a SaaS vendor's feature comparison table. But there is no SaaS product. Those fields appear to be attributes of the studio's platform, not the thing I came here to buy.

I also don't know what "Scan Your Infrastructure" means operationally. Does it connect to my AWS account via a role? Does it read CloudFormation templates from a repo? Does it run as a CLI tool in CI? The page never says. For something touching my AWS environment, "how" is not a secondary question.

## What would convince me

If this were a real product: one real customer, named or anonymized, saying something specific. Not "reduced compliance overhead by 40%" but something like "we had 14 open findings after our initial scan, fixed 9 before our next board meeting, here is what that looked like." A screenshot of an actual report output. Anything showing what a finding looks like and what the remediation guidance actually says for an EU AI Act violation.

If this is an idea marketplace and I'm the builder audience: I want to see the ICP research. Who did you talk to? What did compliance leads at 100-300 person SaaS companies actually say when you described this to them? The Fermi math is interesting but the core question for me is whether anyone with AWS access and a compliance mandate would trust a new tool with their infrastructure. That trust-building problem is not addressed anywhere on the page.

## What I'd ask in an email reply

1. The page says "detects non-compliant AWS resources against EU AI Act." What does that actually mean technically? Are you mapping AWS resource configurations to specific EU AI Act articles, and if so which ones? Article 10 data governance requirements look very different from Article 13 transparency obligations and I don't know how either maps to an AWS resource config.

2. The SOC 2 badge: is that for the Wishdeal platform or for this specific product? If this product doesn't exist yet, what does that badge certify?

3. Is there a waitlist or anyone actually piloting this? I'd pay to be in a beta if the output is genuinely useful, but I'm not buying a $99 idea pack to build it myself.

## Verdict: on-the-fence

The underlying problem is real and I'd genuinely pay for a tool that solved it. But this page leads with product language and buries the "this is an idea, not a product" disclosure halfway down. If I hadn't scrolled past the feature section I would have left thinking this was a live tool I could trial. That gap between what the hero implies and what the disclosure says is the thing that makes me hesitant to engage.

---
*Memo by skeptic persona, generated 2026-06-23. Studio breaks own self-grading loop.*
