MoreRight

The S&P of AI Risk

The only published, peer-reviewed, cross-domain AI risk measurement framework. Purpose-built for EU AI Act conformity assessment.

1,344 Platforms scored

128+ Published papers

24/27 Bradford Hill criteria

0/26 Kill conditions fired

The Problem

The EU AI Act created a measurement vacuum

Mandatory compliance — every high-risk AI system in the EU must undergo conformity assessment
No methodology specified — the Act says what to comply with, not how to measure it
Standards delayed — CEN/CENELEC JTC 21 harmonized standards are behind schedule
Self-assessment dominates — Annex III points 2-8 use internal control (Annex VI). Companies need a framework to self-assess against.

                The gap: Companies are legally required to assess their AI systems, but no standard tells them how. Everyone selling "compliance" today is selling checklists, not measurement.
            

The Solution

A rating agency, not a governance tool

S&P doesn't sell governance software. S&P sells the number. We sell the Void Index score — a physics-derived measurement of AI system risk.

What others sell

Policy management dashboards
Compliance checklists
One-off consulting engagements
Proprietary, unvalidated scoring

What we sell

Published methodology (CC-BY)
Quantitative risk measurement
Continuous monitoring + certification
Cross-domain validated, falsifiable scores

Framework Mapping

Direct mapping to EU AI Act requirements

Three measurement dimensions — Opacity, Responsiveness, Coupling — map directly to Articles 9-17.

EU AI Act Requirement	Void Framework Mapping
Art. 9 — Risk management	Void Index score + drift cascade stage + Pe trajectory
Art. 10 — Data governance	Opacity dimension (training data transparency)
Art. 13 — Transparency	Opacity score (0-3) + dissolubility assessment
Art. 14 — Human oversight	Responsiveness dimension (can humans override?)
Art. 15 — Accuracy/robustness	Coupling dimension + gradient direction
Art. 17 — Quality management	Constraint specification as QMS framework

Strategy

Three tracks, one destination

Track	What	Timeline	Status
A — Market Authority	De facto self-assessment standard for Annex VI internal conformity	Now → 2027	Live
B — Notified Body	Formal EU AI Act designation under Art. 29-36 for third-party assessment	2027 → 2028	Building
C — Standards	CEN/CENELEC JTC 21 participation — embed measurement vocabulary in harmonized standards	Ongoing	Planned

                Track A is where the money is now. Annex III (points 2-8) uses self-assessment. No accreditation needed — just the best published methodology and the best scoring tool. Track A revenue funds Track B infrastructure.
            

Track A — Products

Revenue now: self-assessment market

Product	What it does	Revenue
Void Index Score Report	Automated scoring via URL/API/log analysis, EU AI Act-formatted risk assessment	€500–2,000/report
Continuous Monitoring	Monthly re-scoring, drift detection, compliance status tracking	€500/platform/month
Conformity Documentation	Art. 9 risk management, Art. 11 technical docs, Art. 13 transparency — void-framework-native	€1,000–5,000/system
Void Index Certified	Certification badge for systems scoring within safe thresholds, with ongoing monitoring	€500/year
Injection Arena	Red team testing — automated adversarial probing of AI systems	€49/month (Red Team tier)

Track B — Notified Body

The destination: formal EU designation

Notified body status under Art. 29-36 unlocks third-party conformity assessment — mandatory for biometric systems (Annex III §1) and any category the Commission moves to third-party review under Art. 43(3).

Step	Action	Timeline
1	Establish EU legal entity (Ireland or Netherlands)	2026 H2
2	Apply for ISO/IEC 17065 accreditation via national body (INAB/RvA)	2027 H1
3	Build EU technical team (2-3 people, AI + regulatory expertise)	2027
4	Apply for notification through member state notifying authority	2027 H2
5	Begin third-party conformity assessments	2028

                Certificate economics: Notified body certificates are valid for max 5 years (Art. 44), renewable. Non-compliance triggers suspension. This creates continuous revenue, not one-time audits. Projected: €50K–200K per assessment.
            

Competitive Moats

Five structural advantages

1
Art. 31(5) — The Big 4 can't follow. The EU AI Act prohibits notified bodies from providing consultancy. Deloitte, PwC, EY, KPMG advise companies on AI compliance — they are structurally barred from certifying those same companies. Permanent moat, enforced by law.
2
Published, falsifiable methodology (CC-BY). 128+ papers on Zenodo with permanent DOIs. Every claim has stated kill conditions. No competitor has peer-reviewable methodology — Credo AI's is proprietary, OneTrust's is a checklist.
3
Cross-domain validation at scale. 1,344 platforms scored across 90+ domains. Bradford Hill 24/27 causal validation. Cohen's d = 3.6. No competitor has validated across more than 2-3 domains.
4
Physics-derived measurement. The Void Index is a Péclet number — a dimensionless transport ratio from thermodynamics. Not an arbitrary score. Mathematical foundation provides defensibility that governance checklists lack.
5
Data moat deepening daily. Temporal scoring history across 1,344 platforms. EU Database Directive 96/9/EC protects compiled databases. Every scored platform deepens the moat.

Landscape

Competitive positioning

Company	What they do	Our advantage
Credo AI	AI governance platform, policy management	GRC tool, not a measurement framework. No published methodology.
Holistic AI	AI auditing, bias detection	No theoretical foundation. No cross-domain universality.
ForHumanity	Independent AI certification schemes	No measurement theory. Certification without science.
SaferAI / FLI	AI safety ratings (7 frontier labs)	Rates companies, not deployments. Different unit of analysis.
BSI, TUV, SGS	Existing product safety notified bodies	No AI risk methodology. Potential partners — we provide the framework they lack.
Big 4	AI governance consulting	Art. 31(5) bars them from notified body certification for their clients.

Market

EU AI Act compliance: €17B by 2030

€17B Total addressable market (2030)

65,000+ High-risk AI systems

72% S&P 500 report AI as material risk

230+ AI Pact signatories

The regulation is before the crisis, not after. Credit rating agencies became S&P after 2008. The EU AI Act creates the rating agency market proactively. First-mover advantage is stronger.

Revenue

Revenue trajectory

Year 1 (2026-2027) — Track A

Score Reports (100)	€200K
Monitoring (30)	€180K
Subscriptions (70)	€180K
Certification (15)	€7.5K
Total	~€567K

Year 2 (2027-2028) — A + B

Score Reports (300)	€600K
Monitoring (100)	€600K
Subscriptions (60)	€540K
NB Assessments (5)	€500K
Total	~€2.26M

Year 3 target: €5-10M ARR at 1,000+ scored platforms with 3 years of temporal data, active notified body operations, and standards adoption.

Sandbox Opportunity

EU regulatory sandboxes accelerate Track B

Art. 57 requires every member state to establish at least one AI regulatory sandbox by Aug 2026. Sandbox exit reports are taken "positively into account" by notified bodies and market surveillance authorities.

Country	Status	Why target
Spain	Launched	First mover — sandbox experience = credibility
Netherlands	Active prep	Strong accreditation body (RvA), potential EU entity home
Ireland	Planning	English-speaking, tech density, CRA precedent
Finland	First enforcement	Full sandbox enforcement powers since Dec 2025

                The play: Offer the Void Framework as the assessment methodology within sandboxes. Sandbox operators need measurement tools. We have the only published, cross-domain validated one.
            

Structure

Corporate architecture

                MoreRight DAO (Solana — governance, methodology IP, CC-BY papers)

                   ├— MoreRight Europe Ltd (Ireland or NL)

                       ├— EU AI Act conformity assessment services

                       ├— Notified body application (Track B)

                       ├— CEN/CENELEC participation (Track C)

                       ├— EUR invoicing + EU banking

                       └— EU technical staff (2-3 people, 2027+)

IP stays with the DAO. EU entity licenses tools and provides services. Revenue flows EU entity → DAO treasury. Preserves crypto-first, DAO-governed structure while providing EU legal personality.

Art. 31(5) gate: Zero founder token holdings before Track B application. Independence structurally enforced by design.

Next Steps

Immediate priorities

#	Action	Impact
1	EU AI Act conformity mapping paper (CC-BY)	Rosetta Stone between Void Framework and Art. 9-17
2	Scorer API with EU output mode (Annex IV docs)	Turns research tool into compliance product
3	EU entity formation (Ireland or NL)	Unlocks enterprise contracts + Track B path
4	CEN/CENELEC JTC 21 WG2 membership	Standards influence — vocabulary in the standard = permanent moat
5	Advisory board with EU regulatory credentials	Credibility for enterprise sales and Track B application
6	Regulatory sandbox participation (Spain/Finland)	De facto status + Track B accelerator

                The thesis: The EU AI Act mandates measurement but specifies no method. Harmonized standards are delayed. The Big 4 are structurally barred from the notified body space. We have the only published, validated, physics-derived AI risk measurement framework. The window is open now.
            