
Dike
A compliance gateway that turns EU AI Act obligations into audit-ready evidence
Gallery
About Dike
Dike is a compliance gateway for teams shipping AI products into the European Union. It sits between your application and whatever model provider you call, and it turns the paperwork the EU AI Act demands, meaning audit-grade logging, human-oversight records, and incident reporting, into something that happens automatically instead of something your engineers have to build from scratch over several months.
The problem it targets is specific and getting sharper. The AI Act puts real obligations on anyone deploying AI in the EU, and a lot of those obligations come down to proof. You need records that show what your system did, that a human was in the loop where required, and that you can report an incident inside a fixed window. Most teams either bolt this together by hand or discover the gap only when an auditor asks. Dike's pitch is blunt about that, promising everything the auditor will ask for and nothing your team has to build.
Mechanically it works as a proxy in front of your model calls. You change a single line, the base URL your OpenAI-style SDK points at, so requests flow through Dike on the way to providers like OpenAI, Azure, or a local Ollama instance. There's no new SDK to adopt and no rewrite of your app. As each request passes through, the gateway runs its compliance checks in-flight, and the company reports a median overhead of well under a millisecond, so the added latency is negligible in practice.
Inside that pass-through a lot happens. Dike redacts personal data like names, card numbers, and IDs before they reach the model, blocks calls that look like prompt injection or other malicious input, routes requests that need a person's sign-off into a human-oversight queue with tracked approvals, and marks AI-generated content. Every event is written into a hash-chained, tamper-evident audit record aimed squarely at the Act's Article 12 logging requirement, and retrieval-augmented and chatbot setups are covered too, with the document-retrieval steps tracked as part of the trail.
It also handles the part nobody wants to think about until it's too late. When something goes wrong, Dike gives you incident case management with the regulatory clock built in, including the fifteen-day reporting timeline tied to Article 73, so the deadline is tracked rather than missed. Storage stays inside the EU for GDPR reasons, with configurable retention, and the gateway is built fail-open, meaning that if the audit store is unreachable your traffic still passes through instead of going down.
The throughline across all of it is evidence. Each of these functions exists because the Act tends to ask not just whether you did the right thing but whether you can prove it after the fact, and a tamper-evident, time-ordered log is exactly the kind of artifact an auditor or regulator expects to see. By capturing that record as a side effect of traffic that's already flowing through the gateway, Dike lets a team stay compliant without standing up a separate logging pipeline, a redaction service, and an incident tracker as three more systems to own and maintain.
The obvious audience is EU-based AI product teams and companies that fall under the AI Act, especially smaller ones that can't spare months of engineering to stand up a compliance layer. For a small company, the realistic alternative is weeks or months of internal work to design the log schema, wire up redaction, build an approval flow, and set up incident tracking, all before writing a line of the actual product. Dike's argument is that most of that is undifferentiated plumbing every regulated AI team needs and none of them should have to reinvent. The framing throughout is that this should feel routine, described as one base-URL change with everything in between kept as evidence, and wiring it in is pitched as easier than adding analytics. That positioning is what separates it from heavyweight governance suites, since the entire onboarding is a config change rather than a project.
On access, Dike is in a closed beta that's free to join through a request form, with paid plans lined up behind it. The published tiers are a Starter plan at forty-nine euros a month for ten thousand traces and an Enterprise plan at one hundred ninety-nine euros a month for a hundred thousand traces, plus a custom option for unlimited volume. It's an early-stage product rather than a decade-old incumbent, but it's a working gateway with concrete pricing and a clear posture, and the team can be reached directly at hello@d1k3.com for beta access or questions.
Key Features
- Drop-in proxy via one base-URL change
- Automatic PII redaction
- Prompt-injection and malicious-call blocking
- Hash-chained tamper-evident audit trail
- Human-oversight approval routing
- Incident case management with reporting clock
Pros & Cons
What we like
- Wires in with a single config change
- Sub-millisecond median added latency
- EU-only storage with configurable retention
- Fail-open design keeps traffic flowing
Room for improvement
- No permanent free tier beyond the closed beta
- Scope is narrowed to EU AI Act compliance
- Early-stage product still in closed beta
- Requires routing model calls through a gateway
Frequently Asked Questions
What is Dike?
How do you set up Dike?
Is Dike free?
Who is Dike for?
Best For
Featured in
Alternatives to Dike
View all
1Password
Password and secrets manager for individuals, families, and developer teams with strong CLI and SSH agent support.
Clerk
Drop-in authentication and user management for modern apps

Tailscale
WireGuard-based mesh VPN that connects your devices, servers, and cloud resources into one private network in minutes.

BackPedal
UK bike theft protection that sends recovery agents after your stolen bike
Reviews (7)
Two months in, no regrets
Started using Dike casually, now it is pinned in my dock. The hash-chained tamper-evident audit trail is more useful than I expected. No regrets so far.
Genuinely impressed
Came to Dike after getting frustrated with what I had before. The human-oversight approval routing is more useful than I expected. Worth it for what I get out of it.
Quietly excellent
Three months of Dike later, here is what holds up. Their take on human-oversight approval routing is genuinely good. It just works, day after day, without surprises.
Genuinely impressed
Tried Dike on a side project first, then rolled it out everywhere. Where it really wins is sub-millisecond median added latency. Mostly using it for redacting personal data before it hits a model. Easy yes for anyone weighing the same trade offs.
Exactly what I needed
Have been running Dike for a while, here is where I land. What stands out is how it handles drop-in proxy via one base-url change.
Finally something that fits
Found Dike on a Show HN thread and I am glad I clicked. Their take on automatic pii redaction is genuinely good. The interface stays out of my way, which I appreciate. Recommending it to people in a similar spot.
Finally something that fits
Dike has quietly become part of my daily flow. The automatic pii redaction is more useful than I expected. It does what it says, which is rarer than it should be. Found it works best for managing an ai incident inside the reporting window. It earns its place in my stack.
Related Tools
Clerk
Drop-in authentication and user management for modern apps

Capsule
Send files with a short link, no accounts, optional end-to-end encryption, gone in an hour

Tailscale
WireGuard-based mesh VPN that connects your devices, servers, and cloud resources into one private network in minutes.

BackPedal
UK bike theft protection that sends recovery agents after your stolen bike