Dike
Summary
Building EU AI Act compliance from scratch means months of engineering — hash-chained audit logs, PII redaction, human-oversight records, incident clocks — before you ship a single feature. Dike is the gateway proxy that puts that infrastructure between your application and your model provider with a one-line base URL change.
Route your OpenAI-compatible traffic through Dike and every prompt, retrieval step, and completion becomes a sealed, cryptographically verifiable audit record — the kind an auditor can check, not just a log you printed yourself. PII is stripped before anything touches storage, flagged responses queue for human sign-off, and when a serious incident fires, Dike opens the Article 73 case and starts the 15-day reporting clock automatically. The gateway is fail-open, so if audit storage goes unreachable, your requests still reach the model. The ceiling appears when your compliance requirements go beyond what a passive proxy can enforce — custom risk-scoring logic, multi-jurisdiction rules, or on-premises data residency all require architecture Dike does not currently offer.
Bottom line: The right call for an EU team shipping a RAG chatbot that needs audit-grade evidence without a compliance engineering sprint — less useful the moment your legal team asks for on-premises deployment or per-jurisdiction rule branching Dike's hosted gateway cannot express.
Pricing Plans
Subscription- Price
- €49/mo
- Free Tier
- Start free, scale as you grow
Starter
For small medium companies
- 10K traces/month
- Unlimited users
- API access
Enterprise
For large companies
- 100K traces/month
- Unlimited users
- API access
- SLA
View full pricing on d1k3.com →
Pricing may have changed since last verified. Check the official site for current plans.
Community Performance Report Card
No community ratings yet. Be the first to rate this tool!
Community Benchmarks Community
Sign in to submit a benchmarkNo community benchmarks yet. Be the first to share a real-world data point.
Pros
Sign in to edit- Hash-chained, tamper-evident audit records generated automatically for every call, so when an auditor asks for cryptographic proof that logs were not altered, you export a file instead of defending a claim.
- PII redacted at the gateway before anything is written to storage, which means GDPR exposure from prompt contents does not accumulate in your audit logs over the legally required 6-month retention window.
- Article 73 incident reporting opens a case and tracks the 15-day regulatory clock automatically, so serious incidents do not slip past the deadline while your team is still triaging.
- RAG-specific retrieval logging records which documents the model actually used per response, satisfying the Article 12(2) evidence requirement that a plain chat transcript cannot meet.
- Fail-open gateway design means an audit storage outage does not take down your production service — requests still reach the model provider, so compliance infrastructure does not become an availability liability.
Cons
Sign in to edit- No self-hosted deployment option exists; all traffic routes through Dike's hosted infrastructure. Teams whose security policy prohibits third-party proxies on the production inference path, or whose legal team requires data residency guarantees beyond EU-region cloud storage, cannot use Dike without a policy exception — and teams in that position typically move to building the compliance layer in-house or evaluating enterprise gateway vendors that offer on-premises deployment.
- The gateway is a passive proxy: it redacts, logs, blocks, and routes, but does not evaluate custom compliance rules. Teams needing per-user-role flagging logic, multi-jurisdiction rule sets, or dynamic risk scoring based on response content will reach the proxy's ceiling quickly and find themselves maintaining custom middleware on top of Dike — at which point they are running two systems.
- Dike is in closed beta at the time of writing; the vendor states teams must join a waitlist. Production availability, SLA commitments, and enterprise support terms are not publicly documented, which makes procurement sign-off harder for teams with formal vendor assessment requirements.
Community Reviews
Sign in to write a reviewNo reviews yet. Be the first to share your experience.
About
- Platforms
- Web gateway
- API Available
- Yes
- Self-Hosted
- No
- Last Updated
- 2026-07-08T08:23:48.177Z
Best For
Who it's for
- EU-based teams shipping LLM products
- RAG pipelines requiring audit-grade evidence
- Companies needing fail-open compliance proxy
- Teams avoiding months of custom compliance engineering
What it does well
- Making RAG chatbots EU AI Act compliant
- Generating tamper-evident audit logs for LLM calls
- Routing flagged responses for human review
- Automating Article 73 serious incident reporting
- Redacting PII from prompts before model access
Integrations
Discussion Community
Sign in to commentNo discussion yet. Sign in to start the conversation.
Compare Dike
Spotted incorrect or missing data? Join our community of contributors.
Sign Up to ContributeCommunity Notes & Tips Community
Sign in to contributeBe the first to contribute. General notes, observations, gotchas, and tips from people who use this tool day-to-day.
Frequently Asked Questions
- Is Dike free?
- Dike has a permanent free tier alongside paid upgrades (paid plans from €49/mo). You can keep using a baseline version indefinitely without paying.
- Is Dike open source?
- No — Dike is a closed-source tool. Source code is not publicly available.
- Does Dike have an API?
- Yes. Dike exposes a developer API. See the official documentation at https://d1k3.com for details.
- What platforms does Dike support?
- Dike is available on: Web gateway.
Hours Saved & ROI Stories Community
Sign in to contributeBe the first to contribute. Concrete time/cost savings, with context. e.g. "Cut my code review backlog from 4h to 45m per week."
Curated lists that include this category
Compliance for EU AI Act-regulated products demands evidence the auditor can verify, not just logs you claim are accurate. Dike sits as a proxy between your application and any OpenAI-compatible provider — OpenAI, Azure, Ollama, vLLM — intercepting every request. PII is redacted in-flight before storage, prompt injection attempts are blocked, responses flagged for human review are routed to an approval queue, and every event is written as a hash-chained, tamper-evident audit record. The vendor states the entire integration is a single base URL change; no SDK swap, no new dependencies.
The differentiating feature is the audit chain itself. Each record — prompt, retrieval, completion, human approval, incident — is sealed with a hash and chained to the previous record, so auditors can cryptographically confirm nothing was altered or deleted after the fact. For RAG pipelines specifically, Dike records which reference documents the model actually used to answer, satisfying the Article 12(2) requirement for retrieval evidence rather than just a chat transcript. Human oversight events — approvals, edits, overrides — are first-class log entries, exportable as the Article 14 answer instead of a narrative you have to write.
Dike fits EU-based teams that need compliance infrastructure fast and are comfortable with a hosted, cloud-only gateway. The fail-open design means audit storage failure never breaks production — requests pass through regardless. The constraint is that Dike is not self-hostable; teams with hard data-residency requirements beyond EU-region storage, or organizations that cannot route production traffic through a third-party proxy under their security policy, will need a different architecture. Similarly, teams needing custom compliance logic — branching rules based on user role, jurisdiction, or content classification — will find a passive proxy insufficient and end up building a layer on top.
Integration is a two-field change in any OpenAI-compatible SDK: set base_url to the Dike gateway endpoint and supply a Dike API key as the credential. The model parameter maps to your chosen downstream endpoint. Streaming is supported. The admin panel exposes trace browsing, audit log review, incident management, and evidence export — the outputs regulators will request under Articles 12, 14, 19, 26, and 73.
