Waiva® checks in real time how reliable an AI answer is. It spots when the AI starts to slip, makes things up, or tells you what you want to hear — with any AI system, without storing your data. Protected technology. Ready for enterprise use.
Matthias Braun is a banking economist (Frankfurt School of Finance & Management) — with more than 25 years in the financial industry: overall bank management, risk models for billion-euro portfolios, two BaFin audits. Plus years as responsible controller at a global market leader in drive technology.
What was missing was a tool: not one that filters or censors, but one that simply measures how structurally stable an AI response is. That gap turned into research — over 11,500 documented human–AI interactions, two published preprints, and finally Waiva®.
KI Innovation Award 2026 Finalist. Direct responses from Yoshua Bengio, Dirk Helbing, Joanna Bryson and James Yorke.
Article 26 of the AI Regulation (EU 2024/1689) obligates deployers — not providers — to actively monitor AI outputs. The Digital Omnibus (May 2026) shifted the application deadlines for high-risk AI to December 2027 (Annex III) and August 2028 (Annex I) — but did not change the requirements themselves.
The problem remains: what happens inside the black box is not controllable. Training, alignment, safeguards — all outside your reach. You are responsible for what comes out.
The postponement creates a window — for companies that prepare in a structured way now, instead of reacting under pressure in 2027. Waiva® sits at the one place you can control: between the AI output and the decision.
The safeguards built into AI models are the vendor's own controls. The EU AI Act requires more from the user: oversight that is independent of the AI vendor. Waiva® provides that independent check — traceable, reproducible, with no access to the model's internals. As a standalone solution or as a module for GRC platforms, systems integrators and internal compliance frameworks.
| AI Act requirement | Waiva® implementation |
|---|---|
| Monitor AI outputs | Real-time score per response |
| Detect anomalies | Several drift indicators, weighted |
| Ensure human oversight | Score visible before every decision |
| Ability to intervene | +1 correction impulse on drift |
| Document human oversight | Structured audit trail |
Rule-based, deterministic, reproducible — developed from 11,500+ analyzed human–AI interactions. No second model in the evaluation loop.
Waiva® tracks several signals at once — whether the AI is making things up, telling you what you want to hear, or acting with false confidence. Developed from over 11,500 documented cases.
A clear score makes the structural stability of a response instantly visible. Deliberately capped at 90: the last 10% of responsibility stay with the human — by design.
When drift is detected, Waiva® shows the matching counter-stimulus — the +1 impulse. Not as an instruction, but as orientation for the next input.
Every response is analyzed live. The signal appears while you are still reading — not afterwards.
ChatGPT, Claude, Gemini or another — Waiva® checks every AI answer the same way, without access to the AI itself. Ready for future AI systems too.
Waiva® only analyses briefly in memory. Nothing you ask, nothing the AI answers is stored. The data processing agreement with IONOS Germany is in place.
Waiva® measures not the AI itself but its answers — and therefore works with any system that produces text. Language AIs are only the beginning.
ChatGPT, Claude, Gemini and any other language AI — Waiva® checks them all the same way, without looking inside. Already implemented and tested.
✓ ImplementedRule-based systems, scoring models, hybrid AI approaches — anywhere answers are produced that humans base decisions on.
ApplicableSoon AI agents will make decisions with no human in the process. Waiva® checks here too: did the agent communicate reliably? Did it clearly signal uncertainty? The more autonomous the AI, the more important the check.
→ Strategic future fieldWaiva® is based on the +1 Principle — developed from 11,500+ documented human–AI interactions, published in two preprints.
„I think it could be a valuable insight."
„This sounds very interesting indeed, perhaps worth publishing."
„This is indeed cognate with the definition of ethics I have been working with for some time."
„The pattern you describe makes sense, and documenting it could be useful."
Prof. Yoshua Bengio (Mila, Turing Award 2018) forwarded the research to his team for AI Honesty Benchmarks.
Waiva® is verified and deployment-ready. The algorithm core runs deterministically and reproducibly, the interfaces are documented — ready for a partner's technical due diligence.
Waiva® combines a scientific foundation, secured IP protection (utility model + registered trademark) and a working demonstrator. What's missing: a partner with distribution strength to bring the potential to market.
You integrate the sReact technology into your existing product and bring it to market — under a clear, fair licensing model. No long development path: the core is finished.
The sReact engine complements your existing AI compliance platform or banking framework. Plug-in via REST API — no separate frontend, no new infrastructure required.
Joint validation studies, industry-specific calibration (banking, insurance, healthcare), academic cooperation. Ideal for institutions with their own AI research focus.
Long-term collaboration at the intersection of AI governance × EU AI Act × financial industry. Relevant for financial service providers, insurers and their IT service providers.
No presentation, no deck. A 30-minute call to find out whether it fits.
contact@waiva.appWaiva® does not verify facts. That stays with the human.
Waiva® does not rate people. Only responses.
Waiva® does not make decisions. You do.
Waiva® does not store content — technically guaranteed.
Waiva® does not monitor users. No logs, no profiles.
Waiva® does not intervene in responses. No filter, no block.
Waiva® analyzes responses, not people. Your usage stays private. Your decisions remain yours.
IONOS server, German law, GDPR DPA in place. No US data transfers.
Brief analysis in working memory only. Nothing is stored permanently — neither your questions nor the AI's answers.
SSH key only, Fail2ban, TLS 1.3, daily backups. IONOS infrastructure.
Guardrails and content filters act inside the AI itself or check for keywords. Waiva® sits behind the output — on your side. It analyses each response across several dimensions, understands its context and delivers reproducible results — without rewriting anything. You get a clear signal about stability before you act.
The cap is a philosophical design decision: Waiva® measures structural stability (the how), not factual correctness, contextual relevance or individual fit. Those dimensions require human judgment. A score of 100 would falsely signal "take it as is." That contradicts EU AI Act Art. 26 — and the founding idea of Waiva®.
Waiva® only checks the AI's finished answer, not how it was produced. That means it works with any AI — and is already prepared for future AI systems that don't yet exist today.
Art. 26 of the AI Regulation (EU 2024/1689) obligates companies that deploy AI systems to actively monitor outputs and to ensure human oversight. The Digital Omnibus (provisional agreement of 7 May 2026) shifted the application deadlines: high-risk AI under Annex III applies from 2 December 2027, embedded systems (Annex I) from 2 August 2028. The requirements themselves are unchanged. Waiva® is the technical implementation of this deployer duty: documented human oversight, built in a structured way now instead of under time pressure.
Primarily wherever AI answers feed into decision processes: finance (advisory, credit decisions, compliance), insurance (underwriting, claims), healthcare, public administration. Waiva® works regardless of what kind of AI answers it checks — which makes it adaptable to any industry.
Yes. Waiva® stores no data — neither content nor user profiles. The analysis happens briefly in working memory only. Hosting on German IONOS servers in Berlin, data processing agreement in place, TLS 1.3, no data stored — technically guaranteed.