diff --git a/pitch-deck/app/pitch-print/[versionId]/_components/PrintAnnexSlides.tsx b/pitch-deck/app/pitch-print/[versionId]/_components/PrintAnnexSlides.tsx new file mode 100644 index 0000000..2ec8c29 --- /dev/null +++ b/pitch-deck/app/pitch-print/[versionId]/_components/PrintAnnexSlides.tsx @@ -0,0 +1,478 @@ +import { PrintPage, SectionTitle, PrintTable, COLORS } from './PrintLayout' +import { Language, FMResult } from '@/lib/types' + +interface SlideBase { lang: Language; pageNum: number; totalPages: number; versionName: string } + +const STRATEGY_PHASES_DE = [ + { title: 'Phase 1: Foundation', period: 'Aug 2026 – Jun 2027', team: '5 MA', arr: '75–150k EUR', items: ['Security Engineer + CE-Risikoingenieur als erste Hires', '5 Pilotkunden im Maschinenbau', 'Gründer verkaufen selbst', 'Product-Market Fit beweisen'] }, + { title: 'Phase 2: Traction', period: 'Jul 2027 – Jun 2028', team: '10 MA', arr: '0,5–1,2M EUR', items: ['Channel Manager für Bechtle/CANCOM', 'DevSecOps + KI-Ingenieur', 'Lösungsberater für Partner-Demos', 'Wiederholbarer Vertriebsprozess'] }, + { title: 'Phase 3: Scale', period: 'Jul 2028 – Jun 2029', team: '17→25 MA', arr: '2–4M EUR', items: ['Erster Direktvertrieb neben Channel', 'Compliance-Jurist für Glaubwürdigkeit', 'Security-Analyst / Pentester', 'VP Sales übernimmt vom CEO'] }, + { title: 'Phase 4: Leadership', period: 'Jul 2029 – Dez 2030', team: '25→35 MA', arr: '4–10M EUR', items: ['EU-Expansion (AT, CH, Benelux)', 'Enterprise-Vertrieb', 'Developer Relations (Snyk-Modell)', 'Break-Even oder Series A'] }, +] +const STRATEGY_PHASES_EN = [ + { title: 'Phase 1: Foundation', period: 'Aug 2026 – Jun 2027', team: '5 emp.', arr: '75–150k EUR', items: ['Security Engineer + CE Risk Engineer as first hires', '5 pilot customers in manufacturing', 'Founders sell themselves', 'Prove product-market fit'] }, + { title: 'Phase 2: Traction', period: 'Jul 2027 – Jun 2028', team: '10 emp.', arr: '0.5–1.2M EUR', items: ['Channel Manager for Bechtle/CANCOM', 'DevSecOps + AI engineer', 'Solutions engineer for partner demos', 'Repeatable sales process'] }, + { title: 'Phase 3: Scale', period: 'Jul 2028 – Jun 2029', team: '17→25 emp.', arr: '2–4M EUR', items: ['First direct sales alongside channel', 'Compliance lawyer for credibility', 'Security analyst / pentester', 'VP Sales takes over from CEO'] }, + { title: 'Phase 4: Leadership', period: 'Jul 2029 – Dez 2030', team: '25→35 emp.', arr: '4–10M EUR', items: ['EU expansion (AT, CH, Benelux)', 'Enterprise sales', 'Developer Relations (Snyk model)', 'Break-even or Series A'] }, +] + +export function PrintStrategyPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const phases = de ? STRATEGY_PHASES_DE : STRATEGY_PHASES_EN + return ( + + + {de ? 'Anhang · Strategie' : 'Appendix · Strategy'} + +
+ {[ + { c: '#ef4444', t: de ? 'Code Security' : 'Code Security', s: 'Snyk, Checkmarx, Veracode', q: de ? '„47 Schwachstellen gefunden. CRA-konform? Nicht unser Problem."' : '"Found 47 vulnerabilities. CRA compliant? Not our problem."' }, + { c: COLORS.indigo, t: 'BreakPilot COMPLAI', s: de ? 'Verbindet beides' : 'Combines both', q: de ? '„Code gescannt, SBOM generiert, CRA gemappt, TOM aktualisiert, CE-Ordner fertig."' : '"Code scanned, SBOM generated, CRA mapped, TOM updated, CE folder ready."' }, + { c: '#06b6d4', t: de ? 'Compliance' : 'Compliance', s: 'DataGuard, Vanta, Drata', q: de ? '„Dokumentation fertig. Code sicher? Brauchen Sie ein anderes Tool."' : '"Documentation done. Code secure? You need a different tool."' }, + ].map(b => ( +
+

{b.t}

+

{b.s}

+

{b.q}

+
+ ))} +
+

{de ? 'Firmenaufbau in 4 Phasen' : 'Company Building in 4 Phases'}

+
+ {phases.map(p => ( +
+

{p.title}

+

{p.period}

+
+ {p.team}{p.arr} +
+
    + {p.items.map(i =>
  • {i}
    • )} +
+
+ ))} +
+
+
+

CANCOM Cloud Marketplace

+

{de ? 'TecDAX · ~5.800 MA · 120+ SaaS-Produkte' : 'TecDAX · ~5,800 emp. · 120+ SaaS products'}

+

{de ? 'Formales ISV-Partnerprogramm, Marketplace-Listing in 3-6 Monaten, hunderte CANCOM-Vertriebsmitarbeiter co-sellen.' : 'Formal ISV partner program, marketplace listing in 3-6 months, hundreds of CANCOM reps co-sell.'}

+
+
+

Bechtle Systemhäuser

+

{de ? '15.000 MA · 85+ Standorte · 6,3 Mrd. EUR · 70.000 Kunden' : '15,000 emp. · 85+ locations · EUR 6.3B · 70,000 customers'}

+

{de ? 'Regionaler Einstieg mit lokalem Systemhaus, Champion evangelisiert intern, nationale Listung nach Pilot-Erfolg (12-18 Monate).' : 'Regional entry with local system house, champion evangelizes internally, national listing after pilot success (12-18 months).'}

+
+
+

+ {de ? '* CANCOM und Bechtle sind geplante Distributionspartner. Eine Kontaktaufnahme ist noch nicht erfolgt.' : '* CANCOM and Bechtle are planned distribution partners. No contact has been made yet.'} +

+ + ) +} + +export function PrintFinanzplanPage({ fmResults, lang, pageNum, totalPages, versionName }: SlideBase & { fmResults: FMResult[] }) { + const de = lang === 'de' + const byYear = new Map() + for (const r of fmResults) { + if (!byYear.has(r.year)) byYear.set(r.year, []) + byYear.get(r.year)!.push(r) + } + const years = Array.from(byYear.entries()).sort(([a], [b]) => a - b).map(([year, rows]) => { + const last = rows[rows.length - 1] + const revenue = rows.reduce((s, r) => s + r.revenue_eur, 0) + return { + year, + revenue, + customers: last?.total_customers ?? 0, + employees: last?.employees_count ?? 0, + arr: last?.arr_eur ?? 0, + mrr: last?.mrr_eur ?? 0, + } + }) + const fmt = (n: number) => { + const abs = Math.abs(n) + if (abs >= 1_000_000) return `${(n / 1_000_000).toLocaleString('de-DE', { maximumFractionDigits: 1 })}M` + if (abs >= 1_000) return `${(n / 1_000).toLocaleString('de-DE', { maximumFractionDigits: 0 })}k` + return n.toLocaleString('de-DE') + } + const maxRev = Math.max(1, ...years.map(y => y.revenue)) + return ( + + + {de ? 'Anhang · Finanzplan' : 'Appendix · Financial Plan'} + + {years.length === 0 ? ( +
+

+ {de + ? 'Detaillierter Finanzplan (Umsatz, GuV, Liquidität, Personal, Kunden, Investitionen) ist im Investorenportal und im L-Bank Excel-Template verfügbar. Diese PDF-Version zeigt nur die annualisierten Kennzahlen aus dem Finanzmodell.' + : 'Detailed financial plan (revenue, P&L, liquidity, personnel, customers, capex) is available in the investor portal and L-Bank Excel template. This PDF version shows only annualized KPIs from the financial model.'} +

+
+ ) : ( + <> +
+ [ + {y.year}, + `${fmt(y.revenue)} EUR`, + `${fmt(y.arr)} EUR`, + `${fmt(y.mrr)} EUR`, + y.customers.toString(), + y.employees.toString(), + ])} + colWidths={['10%', '20%', '20%', '20%', '15%', '15%']} + /> +
+
+

{de ? 'Umsatzwachstum' : 'Revenue growth'}

+ {years.map(y => ( +
+ {y.year} +
+
+
+ {fmt(y.revenue)} EUR +
+ ))} +
+ + )} +

+ {de ? '* Planzahlen aus dem internen Finanzmodell. SKR04-Kontenrahmen, monatliche Granularität. Detail-Tabs (GuV, Liquidität, Personalkosten, Kundenakquise) im Investor-Portal.' : '* Projections from internal financial model. SKR04 chart of accounts, monthly granularity. Detail tabs (P&L, liquidity, payroll, customer acquisition) in the investor portal.'} +

+ + ) +} + +const REG_DATA = { + de: [ + { name: 'DSGVO', full: 'EU 2016/679', deadline: 'Seit Mai 2018', fines: 'Bis 20 Mio. EUR / 4% Umsatz', reqs: ['VVT (Art. 30)', 'DSFA (Art. 35)', 'TOMs', 'Betroffenenrechte', 'AV-Verträge', 'DSB ab 20 MA', '72h-Meldepflicht'], help: ['Auto-VVT aus Unternehmensdaten', 'KI-gestützte DSFA', 'TOM-Generator', 'Self-Service Betroffenenportal', 'Audit-Trail'] }, + { name: 'AI Act', full: 'EU 2024/1689', deadline: 'Aug 2025 / 2026 / 2027', fines: 'Bis 35 Mio. EUR / 7% Umsatz', reqs: ['Risikoklassifizierung (Art. 6)', 'Konformitätsbewertung Hochrisiko (Art. 43)', 'Tech. Doku (Art. 11-13)', 'Menschliche Aufsicht (Art. 14)', 'EU-Datenbank-Registrierung (Art. 49)', 'GPAI-Pflichten (Art. 51-56)', 'FRIA (Art. 27)'], help: ['Auto-Risikoklassifizierung', 'Konformitäts-Checklisten', 'Template-basierte Doku', 'Audit-Vorbereitung', 'Monitoring Rechtsänderungen'] }, + { name: 'CRA', full: 'EU 2024/2847', deadline: 'Sep 2026 / Dez 2027', fines: 'Bis 15 Mio. EUR / 2,5% Umsatz', reqs: ['Security by Design', 'Schwachstellen-Mgmt über Lebenszyklus', 'SBOM für jedes Produkt', 'Kostenlose Security-Updates', '24h-Meldepflicht', 'Drittstellen-Bewertung kritisch', 'CE-Kennzeichnung Cyber'], help: ['Auto-SBOM aus Code-Repos', 'Kontinuierliches Vuln-Scanning (Trivy, Grype)', 'Security-Fixes via Cloud-LLM', 'CRA-Doku + Audit-Trail', 'Risikoanalysen Firmware'] }, + { name: 'NIS2', full: 'EU 2022/2555', deadline: 'NIS2UmsuCG 2025/26', fines: 'Bis 10 Mio. EUR / 2% Umsatz', reqs: ['Risikomgmt-Maßnahmen (Art. 21)', '24h Frühwarnung, 72h Bericht (Art. 23)', 'Business Continuity', 'Supply-Chain-Security', 'Geschäftsleiterhaftung', 'BSI-Registrierung', 'Regelmäßige Audits'], help: ['Policy-Generator nach BSI-Grundschutz', 'Incident-Response-Pläne', 'Supply-Chain-Risikoanalyse', 'Audit-Doku', 'NIS2-Readiness-Assessment'] }, + ], + en: [ + { name: 'GDPR', full: 'EU 2016/679', deadline: 'Since May 2018', fines: 'Up to EUR 20M / 4% revenue', reqs: ['RoPA (Art. 30)', 'DPIA (Art. 35)', 'TOMs', 'Data subject rights', 'DPAs', 'DPO from 20 emp.', '72h breach notification'], help: ['Auto-RoPA from company data', 'AI-powered DPIA', 'TOM generator', 'Self-service data subject portal', 'Audit trail'] }, + { name: 'AI Act', full: 'EU 2024/1689', deadline: 'Aug 2025 / 2026 / 2027', fines: 'Up to EUR 35M / 7% revenue', reqs: ['Risk classification (Art. 6)', 'Conformity assessment high-risk (Art. 43)', 'Technical doc (Art. 11-13)', 'Human oversight (Art. 14)', 'EU database registration (Art. 49)', 'GPAI obligations (Art. 51-56)', 'FRIA (Art. 27)'], help: ['Auto risk classification', 'Conformity checklists', 'Template-based docs', 'Audit prep', 'Regulatory change monitoring'] }, + { name: 'CRA', full: 'EU 2024/2847', deadline: 'Sep 2026 / Dec 2027', fines: 'Up to EUR 15M / 2.5% revenue', reqs: ['Security by design', 'Vuln mgmt across lifecycle', 'SBOM per product', 'Free security updates', '24h reporting', 'Third-party assessment critical', 'CE marking cyber'], help: ['Auto SBOM from code repos', 'Continuous vuln scanning (Trivy, Grype)', 'Security fixes via cloud LLM', 'CRA docs + audit trail', 'Firmware risk assessments'] }, + { name: 'NIS2', full: 'EU 2022/2555', deadline: 'NIS2 Act 2025/26', fines: 'Up to EUR 10M / 2% revenue', reqs: ['Risk mgmt measures (Art. 21)', '24h early warning, 72h report (Art. 23)', 'Business continuity', 'Supply chain security', 'Management liability', 'BSI registration', 'Regular audits'], help: ['Policy generator BSI standards', 'Incident response plans', 'Supply chain risk analysis', 'Audit docs', 'NIS2 readiness assessment'] }, + ], +} + +export function PrintRegulatoryPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const regs = de ? REG_DATA.de : REG_DATA.en + return ( + + + {de ? 'Anhang · Regulatorische Details' : 'Appendix · Regulatory Details'} + +
+ {regs.map(r => ( +
+
+

{r.name}

+

{r.full}

+
+
+ 📅 {r.deadline}⚠ {r.fines} +
+
+
+

{de ? 'Anforderungen' : 'Requirements'}

+
    + {r.reqs.slice(0, 5).map(x =>
  • {x}
    • )} +
+
+
+

{de ? 'Wie wir helfen' : 'How we help'}

+
    + {r.help.slice(0, 5).map(x =>
  • {x}
    • )} +
+
+
+
+ ))} +
+ + ) +} + +const ARCH_NODES_DE = [ + { id: 'certifai', title: 'CERTifAI', sub: 'GenAI Mandantenportal', tech: 'Rust · Dioxus · MongoDB · Keycloak · SearXNG · LangGraph', services: ['LiteLLM Dashboard', 'LibreChat + SSO', 'LangGraph Agents', 'MCP Hub'] }, + { id: 'complai', title: 'COMPLAI', sub: 'Compliance & Audit', tech: 'Next.js 15 · FastAPI · Go/Gin · PostgreSQL · Qdrant', services: ['DSGVO / AI Act / NIS2 (70k+ Controls)', 'RAG Pipeline (75+ Quellen)', 'Control Pipeline (LLM)', 'MCP Client'] }, + { id: 'scanner', title: 'Compliance Scanner', sub: 'Code-Sicherheit', tech: 'Rust · Axum · MongoDB · Semgrep · Gitleaks · Syft', services: ['SAST / SBOM / CVE Pipeline', 'KI-Triage (LLM-Filter)', 'KI-Pentest (autonom)', 'MCP Server'] }, + { id: 'litellm', title: 'LiteLLM Proxy', sub: 'KI-Gateway & Guardrails', tech: 'OpenAI-API · Bearer Auth · Rate Limiting · PII-Filter', services: ['Token-Budget pro Mandant', 'PII Guardrails', 'SearXNG Web-Suche (anonym)', 'Namespace-Isolierung', 'Failover-Routing'] }, + { id: 'llm', title: 'LLM Inferenz', sub: 'Lokale Sprachmodelle', tech: 'Qwen3-32B · Qwen3-Coder-30B · DeepSeek-R1-8B · Ollama', services: ['Vollständig lokal', 'Air-Gap-fähig', 'GPU-optimiert'] }, + { id: 'embeddings', title: 'Embeddings', sub: 'Semantische Suche', tech: 'bge-m3 · Qdrant · Sentence-Transformers', services: ['RAG (75+ Quellen)', 'Multi-linguale Embeddings', '100% lokal'] }, + { id: 'tools', title: 'KI-Tools', sub: 'Web-Suche & MCP', tech: 'SearXNG · MCP Protocol · Semgrep API · Gitleaks API', services: ['Anonymisierte EU-Websuche', 'MCP Tools (Audit/Code)', 'Kein US-Anbieter'] }, +] +const ARCH_NODES_EN = [ + { id: 'certifai', title: 'CERTifAI', sub: 'GenAI Tenant Portal', tech: 'Rust · Dioxus · MongoDB · Keycloak · SearXNG · LangGraph', services: ['LiteLLM Dashboard', 'LibreChat + SSO', 'LangGraph Agents', 'MCP Hub'] }, + { id: 'complai', title: 'COMPLAI', sub: 'Compliance & Audit', tech: 'Next.js 15 · FastAPI · Go/Gin · PostgreSQL · Qdrant', services: ['GDPR / AI Act / NIS2 (70k+ controls)', 'RAG Pipeline (75+ sources)', 'Control Pipeline (LLM)', 'MCP Client'] }, + { id: 'scanner', title: 'Compliance Scanner', sub: 'Code Security', tech: 'Rust · Axum · MongoDB · Semgrep · Gitleaks · Syft', services: ['SAST / SBOM / CVE pipeline', 'AI triage (LLM filter)', 'AI pentest (autonomous)', 'MCP Server'] }, + { id: 'litellm', title: 'LiteLLM Proxy', sub: 'AI Gateway & Guardrails', tech: 'OpenAI API · Bearer Auth · Rate Limiting · PII filter', services: ['Token budget per tenant', 'PII guardrails', 'SearXNG web search (anon)', 'Namespace isolation', 'Failover routing'] }, + { id: 'llm', title: 'LLM Inference', sub: 'Local Language Models', tech: 'Qwen3-32B · Qwen3-Coder-30B · DeepSeek-R1-8B · Ollama', services: ['Fully local', 'Air-gap capable', 'GPU optimized'] }, + { id: 'embeddings', title: 'Embeddings', sub: 'Semantic Search', tech: 'bge-m3 · Qdrant · Sentence-Transformers', services: ['RAG (75+ sources)', 'Multi-lingual embeddings', '100% local'] }, + { id: 'tools', title: 'AI Tools', sub: 'Web Search & MCP', tech: 'SearXNG · MCP Protocol · Semgrep API · Gitleaks API', services: ['Anonymized EU web search', 'MCP tools (audit/code)', 'No US providers'] }, +] + +export function PrintArchitecturePage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const nodes = de ? ARCH_NODES_DE : ARCH_NODES_EN + return ( + + + {de ? 'Anhang · Systemarchitektur' : 'Appendix · System Architecture'} + +
+ {nodes.map(n => ( +
+
+

{n.title}

+

{n.sub}

+
+

{n.tech}

+
    + {n.services.map(s =>
  • {s}
    • )} +
+
+ ))} +
+ + ) +} + +export function PrintEngineeringPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const stats = [ + { v: '500K+', l: de ? 'Zeilen Code' : 'Lines of code', s: 'Go · Python · TypeScript' }, + { v: '385', l: de ? 'Dokumente im RAG' : 'Docs in RAG', s: 'EU · DACH · Frameworks · Urteile' }, + { v: '25K+', l: de ? 'Compliance Controls' : 'Compliance Controls', s: '6 Pipeline-Versionen' }, + ] + const langs = [ + { lang: 'TypeScript / TSX', pct: 49, loc: '235K', color: '#3b82f6' }, + { lang: 'Python', pct: 28, loc: '133K', color: '#eab308' }, + { lang: 'Go', pct: 23, loc: '113K', color: '#06b6d4' }, + ] + const devops = [ + { l: 'Gitea + Actions', d: de ? 'Self-hosted Git + CI/CD · Lint → Tests → Image-Build' : 'Self-hosted Git + CI/CD · Lint → Tests → Image build' }, + { l: 'orca', d: de ? 'Single-Binary Orchestrator (Rust) · Webhook-Deploy · Auto-TLS' : 'Single-binary orchestrator (Rust) · Webhook deploys · Auto-TLS' }, + { l: 'Private Registry', d: 'registry.meghsakha.com · Signed images · Per-commit tags' }, + { l: 'DevSecOps', d: 'Semgrep · Trivy · Gitleaks · CycloneDX SBOM' }, + { l: 'Infisical', d: de ? 'Secrets Mgmt · Rotation · RBAC · End-to-End-verschlüsselt' : 'Secrets mgmt · Rotation · RBAC · End-to-end encrypted' }, + { l: de ? 'EU-Cloud Infrastruktur' : 'EU Cloud Infrastructure', d: 'Hetzner · SysEleven (BSI) · PostgreSQL · Qdrant' }, + ] + return ( + + + {de ? 'Anhang · Engineering Deep Dive' : 'Appendix · Engineering Deep Dive'} + +
+ {stats.map(s => ( +
+

{s.v}

+

{s.l}

+

{s.s}

+
+ ))} +
+
+
+

{de ? 'Sprachen-Mix' : 'Language Mix'}

+
+ {langs.map(l =>
)} +
+ {langs.map(l => ( +
+ + + {l.lang} + + {l.loc}{l.pct}% +
+ ))} +
+
+

{de ? 'DevOps & Toolchain' : 'DevOps & Toolchain'}

+
+ {devops.map(t => ( +
+

{t.l}

+

{t.d}

+
+ ))} +
+
+
+

+ {de ? '100% EU-Cloud · Hetzner + SysEleven (BSI) · Keine US-Anbieter · Volle Datenkontrolle' : '100% EU Cloud · Hetzner + SysEleven (BSI) · No US providers · Full data control'} +

+ + ) +} + +const PIPELINE_STEPS = { + de: [ + { t: '1. Dokument-Ingestion', d: '380+ Rechtsquellen (EU/DACH). Strukturelles Chunking an Artikel-Grenzen. Lizenz-Klassifikation. Geschützte Quellen werden reformuliert.' }, + { t: '2. Control-Extraktion', d: 'LLM extrahiert Pflichten aus jedem Textabschnitt. 6 Pipeline-Versionen. ~97k Pflichten identifiziert. Atomic Control Composition.' }, + { t: '3. Deduplizierung', d: '97k Controls → 70k+ nach Dedup. Embedding-basierte Similarity. Cross-Regulation-Harmonisierung. Master Controls als Single Source of Truth.' }, + { t: '4. Hybrid Search & Beratung', d: 'Vektor + Keyword über alle Quellen gleichzeitig. Cross-Encoder Re-Ranking. Antworten mit Quellen-Attribution (Artikel + Absatz).' }, + ], + en: [ + { t: '1. Document Ingestion', d: '380+ legal sources (EU/DACH). Structural chunking at article boundaries. License classification. Protected standards are reformulated.' }, + { t: '2. Control Extraction', d: 'LLM extracts obligations from each section. 6 pipeline versions. ~97k duties identified. Atomic control composition.' }, + { t: '3. Deduplication', d: '97k controls → 70k+ after dedup. Embedding-based similarity. Cross-regulation harmonization. Master controls as single source of truth.' }, + { t: '4. Hybrid Search & Advisory', d: 'Vector + keyword across all sources simultaneously. Cross-encoder re-ranking. Answers with source attribution (article + paragraph).' }, + ], +} + +export function PrintAIPipelinePage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const stats = [ + { v: '380+', l: de ? 'Rechtsquellen' : 'Legal sources' }, + { v: '70k+', l: de ? 'Unique Controls' : 'Unique controls' }, + { v: '97k+', l: de ? 'Extrahierte Pflichten' : 'Extracted obligations' }, + { v: '6', l: de ? 'Pipeline-Versionen' : 'Pipeline versions' }, + ] + const agents = de + ? ['UCCA: Policy Engine (45 Regeln) + Eskalation E0–E3', 'Pflichten-Engine: Multi-Regulation (NIS2, DSGVO, AI Act, CRA, ...)', 'Compliance-Berater: Legal RAG + LLM Chatbot, 75+ Quellen', 'Dokument-Generator: AGB, DSE, AVV, DSFA, FRIA, BV …', 'DSFA-Agent: Art. 35 DSGVO, 16 Bundesländer-Leitlinien', 'Control-Pipeline: Auto-Extraktion aus neuen Rechtsquellen'] + : ['UCCA: Policy engine (45 rules) + escalation E0–E3', 'Obligations Engine: Multi-regulation (NIS2, GDPR, AI Act, CRA, ...)', 'Compliance Advisor: Legal RAG + LLM chatbot, 75+ sources', 'Document Generator: T&C, Privacy, DPA, DPIA, FRIA, Works Agreement …', 'DPIA Agent: Art. 35 GDPR, 16 federal state guidelines', 'Control Pipeline: Auto-extraction from new legal sources'] + const steps = de ? PIPELINE_STEPS.de : PIPELINE_STEPS.en + return ( + + + {de ? 'Anhang · KI-Pipeline Deep Dive' : 'Appendix · AI Pipeline Deep Dive'} + +
+ {stats.map(s => ( +
+

{s.v}

+

{s.l}

+
+ ))} +
+
+
+

{de ? 'RAG-Pipeline (4 Stufen)' : 'RAG Pipeline (4 stages)'}

+ {steps.map(s => ( +
+

{s.t}

+

{s.d}

+
+ ))} +
+
+

{de ? 'Compliance-Engines' : 'Compliance Engines'}

+
    + {agents.map(a => ( +
  • + + {a} +
    • + ))} +
+

+ {de ? 'Wahrheit = Regeln + Evidenz · LLM = Übersetzer. Qdrant · BGE-M3 · MinIO. 100% EU-Cloud.' : 'Truth = Rules + Evidence · LLM = Translator. Qdrant · BGE-M3 · MinIO. 100% EU Cloud.'} +

+
+
+ + ) +} + +const RISKS_DE = [ + { t: 'KI-Commoditisierung', sev: 'Hoch', sevColor: '#dc2626', timeline: '3-5 J.', d: 'LLMs senken Eintrittsbarrieren — Control-Generierung, DSFA-Erstellung, Policy-Templates werden Commodity.', m: 'Wir konkurrieren auf Layer 2-6: Integration, Auditierbarkeit, Workflows, EU-Hosting. KI ist Multiplikator, nicht Produkt.' }, + { t: 'US-Plattform-Expansion', sev: 'Mittel', sevColor: '#d97706', timeline: '2-4 J.', d: 'Microsoft Purview, Vanta oder Drata expandieren mit lokalisiertem EU-Angebot.', m: 'Struktureller Vorteil: 100% EU-Infrastruktur, kein US-SaaS, Betriebsrat-Fähigkeit. CLOUD Act ist Ausschlusskriterium.' }, + { t: 'Team-Risiko / Key-Person', sev: 'Mittel', sevColor: '#d97706', timeline: 'Jahr 1-2', d: 'Abhängigkeit von zwei Gründern in der Frühphase. Wissensverlust bei Ausfall.', m: 'Doku aller Prozesse in MkDocs. KI-Codebasis mit Tests. ESOP-Pool ab Hire 1. Frühe Einstellung Rechtsanwalt/DS.' }, + { t: 'Langsame Kundenakquise', sev: 'Mittel', sevColor: '#d97706', timeline: 'Jahr 1-3', d: 'B2B-Verkaufszyklen 3-9 Monate. Compliance-Budgets jährlich geplant.', m: 'Beratungsumsätze 5-30k/Mon überbrücken Anlauf. Channel (Bechtle/CANCOM) skaliert schneller. Land-and-Expand.' }, + { t: 'Regulatorische Änderungen', sev: 'Niedrig', sevColor: '#16a34a', timeline: 'Laufend', d: 'Neue EU-Gesetze erfordern Anpassung der Plattform.', m: 'Jede Änderung vergrößert unseren Markt. RAG-Pipeline indexiert neue Regularien in Tagen. 380+ schon im System.' }, + { t: 'Liquiditätsrisiko', sev: 'Niedrig', sevColor: '#16a34a', timeline: 'Jahr 1-2', d: 'Mit 200k Wandeldarlehen ist die Runway begrenzt. Ende 2027 nahe Null.', m: 'Organisches Wachstum durch Beratung. Break-Even 2029. Pre-Seed BW (L-Bank) verdoppelt Finanzierung auf 400k.' }, +] +const RISKS_EN = [ + { t: 'AI Commoditization', sev: 'High', sevColor: '#dc2626', timeline: '3-5 yrs', d: 'LLMs lower entry barriers — control generation, DPIA creation, policy templates become commodity.', m: 'We compete on Layers 2-6: integration, auditability, workflows, EU hosting. AI is multiplier, not product.' }, + { t: 'US Platform Expansion', sev: 'Medium', sevColor: '#d97706', timeline: '2-4 yrs', d: 'Microsoft Purview, Vanta or Drata expand with localized EU offering.', m: 'Structural advantage: 100% EU infra, no US SaaS, works council compliance. CLOUD Act is a deal-breaker.' }, + { t: 'Team Risk / Key Person', sev: 'Medium', sevColor: '#d97706', timeline: 'Year 1-2', d: 'Dependency on two founders. Knowledge loss in case of absence.', m: 'All processes documented in MkDocs. AI-assisted codebase with tests. ESOP pool from hire 1. Early lawyer hire.' }, + { t: 'Slow Customer Acquisition', sev: 'Medium', sevColor: '#d97706', timeline: 'Year 1-3', d: 'B2B sales cycles 3-9 months. Compliance budgets planned annually.', m: 'Consulting revenue 5-30k/month bridges ramp. Channel (Bechtle/CANCOM) scales faster. Land-and-expand.' }, + { t: 'Regulatory Changes', sev: 'Low', sevColor: '#16a34a', timeline: 'Ongoing', d: 'New EU laws require platform adaptation.', m: 'Every change enlarges our market. RAG pipeline indexes new regulations in days. 380+ already in system.' }, + { t: 'Liquidity Risk', sev: 'Low', sevColor: '#16a34a', timeline: 'Year 1-2', d: 'With 200k convertible loan, runway is limited. Near zero by end of 2027.', m: 'Organic growth via consulting. Break-even 2029. Pre-Seed BW (L-Bank) doubles funding to 400k.' }, +] + +export function PrintRisksPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const risks = de ? RISKS_DE : RISKS_EN + return ( + + + {de ? 'Risiken & Mitigation' : 'Risks & Mitigation'} + + [ + {r.t}, + {r.sev}, + r.timeline, + r.d, + {r.m}, + ])} + colWidths={['17%', '8%', '10%', '32%', '33%']} + /> +
+

+ {de + ? '„Wir konkurrieren nicht mit KI. Wir konkurrieren mit Teams, die KI besser einsetzen als wir. Deshalb bauen wir nicht das beste LLM, sondern die vertrauenswürdigste Compliance-Infrastruktur."' + : '"We don\'t compete with AI. We compete with teams that use AI better than we do. That is why we don\'t build the best LLM but the most trustworthy compliance infrastructure."'} +

+
+ + ) +} + +const GLOSSARY = { + de: [ + { cat: 'Code Security & DevSecOps', color: '#ef4444', terms: [['SAST', 'Static Application Security Testing — Quellcode-Analyse'], ['DAST', 'Dynamic Application Security Testing — Laufzeit-Tests'], ['SBOM', 'Software Bill of Materials — Komponenten-Liste'], ['SCA', 'Software Composition Analysis'], ['DevSecOps', 'Sicherheit integriert in Entwicklung'], ['CI/CD', 'Automatisierte Build/Deploy-Pipeline']] }, + { cat: 'Compliance & Datenschutz', color: COLORS.indigo, terms: [['DSGVO', 'EU-Datenschutzverordnung seit Mai 2018'], ['VVT', 'Verzeichnis von Verarbeitungstätigkeiten'], ['TOMs', 'Technisch-Organisatorische Maßnahmen'], ['DSFA', 'Datenschutz-Folgenabschätzung'], ['DSR', 'Betroffenenrechte (Auskunft, Löschung)'], ['DSB', 'Datenschutzbeauftragter'], ['ISMS', 'Information Security Management System']] }, + { cat: 'EU-Regulierungen', color: '#06b6d4', terms: [['AI Act', 'KI-Verordnung EU 2024/1689 — Risikoklassen'], ['CRA', 'Cyber Resilience Act — SBOM-Pflicht'], ['NIS2', 'EU-Cybersicherheits-Richtlinie'], ['MVO', 'Maschinenverordnung 2023/1230'], ['Cloud Act', 'US-Gesetz für extraterritorialen Datenzugriff'], ['FISA 702', 'US-Überwachungsgesetz'], ['BDSG', 'Bundesdatenschutzgesetz'], ['TISAX', 'Automotive Security Standard'], ['BSI', 'Bundesamt für Sicherheit in der IT']] }, + { cat: 'Kennzahlen', color: '#10b981', terms: [['ARR', 'Annual Recurring Revenue'], ['MRR', 'Monthly Recurring Revenue'], ['CAC', 'Customer Acquisition Cost'], ['LTV', 'Lifetime Value'], ['ARPU', 'Avg. Revenue Per User'], ['SaaS', 'Software as a Service'], ['ESOP', 'Employee Stock Option Plan'], ['ROI', 'Return on Investment']] }, + { cat: 'Technologie', color: '#f59e0b', terms: [['RAG', 'Retrieval Augmented Generation'], ['LLM', 'Large Language Model'], ['UCCA', 'Use-Case Compliance Assessment'], ['FRIA', 'Fundamental Rights Impact Assessment'], ['SDK', 'Software Development Kit'], ['OWASP', 'Open Web Application Security Project'], ['NIST', 'US-Standardisierungsbehörde'], ['ENISA', 'EU-Agentur für Cybersicherheit'], ['CE', 'EU-Konformitätskennzeichnung'], ['RFQ', 'Request for Quotation']] }, + ], + en: [ + { cat: 'Code Security & DevSecOps', color: '#ef4444', terms: [['SAST', 'Static Application Security Testing — source code'], ['DAST', 'Dynamic Application Security Testing — runtime'], ['SBOM', 'Software Bill of Materials — component list'], ['SCA', 'Software Composition Analysis'], ['DevSecOps', 'Security integrated into development'], ['CI/CD', 'Automated build/deploy pipeline']] }, + { cat: 'Compliance & Data Protection', color: COLORS.indigo, terms: [['GDPR', 'EU data protection regulation since May 2018'], ['RoPA', 'Record of Processing Activities'], ['TOMs', 'Technical & Organizational Measures'], ['DPIA', 'Data Protection Impact Assessment'], ['DSR', 'Data subject rights (access, erasure)'], ['DPO', 'Data Protection Officer'], ['ISMS', 'Information Security Management System']] }, + { cat: 'EU Regulations', color: '#06b6d4', terms: [['AI Act', 'AI Regulation EU 2024/1689 — risk classes'], ['CRA', 'Cyber Resilience Act — SBOM mandatory'], ['NIS2', 'EU cybersecurity directive'], ['MVO', 'Machinery Regulation 2023/1230'], ['Cloud Act', 'US law for extraterritorial data access'], ['FISA 702', 'US surveillance law'], ['BDSG', 'German Federal Data Protection Act'], ['TISAX', 'Automotive security standard'], ['BSI', 'German Federal Office for IT Security']] }, + { cat: 'Business Metrics', color: '#10b981', terms: [['ARR', 'Annual Recurring Revenue'], ['MRR', 'Monthly Recurring Revenue'], ['CAC', 'Customer Acquisition Cost'], ['LTV', 'Lifetime Value'], ['ARPU', 'Avg. Revenue Per User'], ['SaaS', 'Software as a Service'], ['ESOP', 'Employee Stock Option Plan'], ['ROI', 'Return on Investment']] }, + { cat: 'Technology', color: '#f59e0b', terms: [['RAG', 'Retrieval Augmented Generation'], ['LLM', 'Large Language Model'], ['UCCA', 'Use-Case Compliance Assessment'], ['FRIA', 'Fundamental Rights Impact Assessment'], ['SDK', 'Software Development Kit'], ['OWASP', 'Open Web Application Security Project'], ['NIST', 'US standards body'], ['ENISA', 'EU Agency for Cybersecurity'], ['CE', 'EU conformity marking'], ['RFQ', 'Request for Quotation']] }, + ], +} + +export function PrintGlossaryPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const cats = de ? GLOSSARY.de : GLOSSARY.en + return ( + + + {de ? 'Anhang · Glossar & Abkürzungen' : 'Appendix · Glossary & Abbreviations'} + +
+ {cats.map(c => ( +
+

{c.cat}

+ + + {c.terms.map(([abbr, desc]) => ( + + + + + ))} + +
{abbr}{desc}
+
+ ))} +
+ + ) +} diff --git a/pitch-deck/app/pitch-print/[versionId]/_components/PrintDeck.tsx b/pitch-deck/app/pitch-print/[versionId]/_components/PrintDeck.tsx index 621424c..4e92351 100644 --- a/pitch-deck/app/pitch-print/[versionId]/_components/PrintDeck.tsx +++ b/pitch-deck/app/pitch-print/[versionId]/_components/PrintDeck.tsx @@ -2,8 +2,24 @@ import { useEffect } from 'react' import { Language, PitchData, FMResult, FMAssumption } from '@/lib/types' -import { PrintCoverPage, PrintProblemPage, PrintSolutionPage, PrintProductPage, PrintMarketPage, PrintTeamPage, PrintMilestonesPage, PrintTheAskPage } from './PrintCoreSlides' -import { PrintFinancialsPage, PrintAssumptionsPage, PrintCapTablePage, PrintDisclaimerPage, aggregateAnnualRows } from './PrintFinancialSlides' +import { + PrintCoverPage, PrintProblemPage, PrintSolutionPage, PrintProductPage, + PrintMarketPage, PrintTeamPage, PrintMilestonesPage, PrintTheAskPage, +} from './PrintCoreSlides' +import { + PrintFinancialsPage, PrintAssumptionsPage, PrintCapTablePage, + PrintDisclaimerPage, aggregateAnnualRows, +} from './PrintFinancialSlides' +import { + PrintExecutiveSummaryPage, PrintUSPPage, PrintRegulatoryLandscapePage, + PrintHowItWorksPage, PrintBusinessModelPage, PrintCompetitionPage, + PrintCustomerSavingsPage, +} from './PrintExtraSlides' +import { + PrintStrategyPage, PrintFinanzplanPage, PrintRegulatoryPage, + PrintArchitecturePage, PrintEngineeringPage, PrintAIPipelinePage, + PrintRisksPage, PrintGlossaryPage, +} from './PrintAnnexSlides' interface PrintDeckProps { pitchData: PitchData @@ -17,8 +33,10 @@ interface PrintDeckProps { export default function PrintDeck({ pitchData, versionName, fmResults, fmAssumptions, financial, lang }: PrintDeckProps) { const isWandeldarlehen = (pitchData.funding?.instrument || '').toLowerCase() === 'wandeldarlehen' const hasCapTable = financial && !isWandeldarlehen - const totalPages = financial ? (hasCapTable ? 13 : 12) : 9 const annualRows = aggregateAnnualRows(fmResults) + const hasFinancials = financial && annualRows.length > 0 + // Standard = 25 slides. Financial adds: detailed financials page + (optional) cap-table. + const totalPages = 25 + (hasFinancials ? 1 : 0) + (hasCapTable ? 1 : 0) const de = lang === 'de' useEffect(() => { @@ -26,7 +44,11 @@ export default function PrintDeck({ pitchData, versionName, fmResults, fmAssumpt return () => clearTimeout(t) }, []) - function p(n: number) { return { lang, pageNum: n, totalPages, versionName } } + let n = 0 + function p() { + n += 1 + return { lang, pageNum: n, totalPages, versionName } + } return ( <> @@ -58,29 +80,62 @@ export default function PrintDeck({ pitchData, versionName, fmResults, fmAssumpt
- - - - - - - - + {/* Slide order mirrors lib/slide-order.ts, minus intro-presenter, ai-qa, annex-sdk-demo. */} - {/* Page 9: standard last page OR financial annex start */} - {!financial && } - - {financial && ( - <> - {annualRows.length > 0 - ? - : - } - - {hasCapTable && } - - - )} + {/* 1. executive-summary */} + + {/* 2. cover (page 2 — uses its own layout; assign sequential number) */} + {(() => { n += 1; return })()} + {/* 3. problem */} + + {/* 4. solution */} + + {/* 5. usp */} + + {/* 6. regulatory-landscape */} + + {/* 7. product */} + + {/* 8. how-it-works */} + + {/* 9. market */} + + {/* 10. business-model */} + + {/* 11. traction (uses milestones table) */} + + {/* 12. competition */} + + {/* 13. team */} + + {/* 14. the-ask */} + + {/* 15. customer-savings */} + + {/* 16. annex-strategy */} + + {/* 17. annex-finanzplan */} + + {/* Financial-only: detailed P&L table */} + {hasFinancials && } + {/* 18. annex-assumptions */} + + {/* 19. annex-regulatory */} + + {/* 20. annex-architecture */} + + {/* 21. annex-engineering */} + + {/* 22. annex-aipipeline */} + + {/* 23. risks */} + + {/* 24. annex-glossary */} + + {/* Financial-only: cap table */} + {hasCapTable && } + {/* 25. legal-disclaimer */} +
) diff --git a/pitch-deck/app/pitch-print/[versionId]/_components/PrintExtraSlides.tsx b/pitch-deck/app/pitch-print/[versionId]/_components/PrintExtraSlides.tsx new file mode 100644 index 0000000..af5a1ab --- /dev/null +++ b/pitch-deck/app/pitch-print/[versionId]/_components/PrintExtraSlides.tsx @@ -0,0 +1,480 @@ +import { PrintPage, SectionTitle, PrintTable, Badge, COLORS } from './PrintLayout' +import { Language, PitchMarket, PitchFunding } from '@/lib/types' + +interface SlideBase { lang: Language; pageNum: number; totalPages: number; versionName: string } + +function fmtEur(n: number) { + const abs = Math.abs(n) + if (abs >= 1_000_000_000) return `${(n / 1_000_000_000).toLocaleString('de-DE', { maximumFractionDigits: 1 })}B EUR` + if (abs >= 1_000_000) return `${(n / 1_000_000).toLocaleString('de-DE', { maximumFractionDigits: 1 })}M EUR` + if (abs >= 1_000) return `${(n / 1_000).toLocaleString('de-DE', { maximumFractionDigits: 0 })}k EUR` + return `${n.toLocaleString('de-DE')} EUR` +} + +export function PrintExecutiveSummaryPage({ market, funding, lang, pageNum, totalPages, versionName }: SlideBase & { market: PitchMarket[]; funding: PitchFunding }) { + const de = lang === 'de' + const tam = market.find(m => m.market_segment === 'TAM') + const sam = market.find(m => m.market_segment === 'SAM') + const som = market.find(m => m.market_segment === 'SOM') + const moat = [ + { k: 'Traceability', v: de ? 'Gesetz → Control → Code' : 'Law → Control → Code' }, + { k: 'Continuous Engine', v: de ? 'Echtzeit bei jeder Änderung' : 'Real-time on every change' }, + { k: 'Compliance Optimizer', v: de ? 'Maximale KI-Nutzung im Rahmen' : 'Max AI use within regulations' }, + { k: 'EU-Trust Stack', v: de ? '100% EU, kein US-SaaS' : '100% EU, no US SaaS' }, + ] + const kpis = [ + { v: '25k+', l: de ? 'Controls' : 'Controls' }, + { v: '380+', l: de ? 'Regularien' : 'Regulations' }, + { v: '10', l: de ? 'Branchen' : 'Industries' }, + { v: '500K+', l: de ? 'Zeilen Code' : 'Lines of code' }, + { v: '80%', l: de ? 'Zeitersparnis' : 'Time saved' }, + { v: '10x', l: de ? 'Günstiger als Pentests' : 'Cheaper than pentests' }, + ] + return ( + + + Executive Summary + +
+
+

+ {de + ? 'Kontinuierliches Sicherheitsscanning + intelligente Compliance-Automatisierung. Code absichern, Compliance skalierbar durchsetzen, volle Datensouveränität — gestützt auf 25.000+ atomare Prüfaspekte.' + : 'Continuous security scanning + intelligent compliance automation. Secure code, enforce compliance at scale, maintain data sovereignty — powered by 25,000+ atomic audit aspects.'} +

+
+ +
+

{de ? 'Unser MOAT' : 'Our MOAT'}

+
+ {moat.map(m => ( +
+

{m.k}

+

{m.v}

+
+ ))} +
+
+ +
+ {kpis.map(k => ( +
+

{k.v}

+

{k.l}

+
+ ))} +
+ +
+
+

{de ? 'Problem' : 'Problem'}

+
    +
  • {de ? 'Ohne KI Wettbewerbsfähigkeit verloren — mit US-KI Datenkontrolle verloren' : 'Without AI: lose competitiveness — with US AI: lose data control'}
    • +
  • {de ? 'AI Act, CRA, NIS2 zwingen 30.000+ Firmen in komplexe Compliance' : 'AI Act, CRA, NIS2 force 30,000+ firms into complex compliance'}
    • +
  • {de ? 'Hohe Pentest-/Audit-Kosten, jährliche statt kontinuierliche Prüfung' : 'High pentest/audit cost, annual instead of continuous checks'}
    • +
+
+
+

{de ? 'Lösung' : 'Solution'}

+
    +
  • {de ? 'Jede Code-Änderung automatisch geprüft (SAST/DAST/SBOM/Pentest)' : 'Every code change auto-checked (SAST/DAST/SBOM/pentest)'}
    • +
  • {de ? 'VVT, TOMs, DSFA, CE-Risikobeurteilung in Echtzeit' : 'RoPA, TOMs, DPIA, CE risk assessment in real time'}
    • +
  • {de ? 'EU-Hosting (DE/FR), Audit-Ready zu jedem Zeitpunkt' : 'EU hosting (DE/FR), audit-ready at any time'}
    • +
+
+
+ +
+
+

{de ? 'Zielmärkte' : 'Target markets'}

+

+ {de ? 'Maschinen- & Anlagenbau · Automotive · Zulieferer · Produzierende Unternehmen' : 'Machine & plant manufacturing · Automotive · Suppliers · Manufacturing'} +

+
+
+

{de ? 'Markt' : 'Market'}

+
TAM{tam ? fmtEur(tam.value_eur) : '—'}
+
SAM{sam ? fmtEur(sam.value_eur) : '—'}
+
SOM{som ? fmtEur(som.value_eur) : '—'}
+
+
+

{de ? 'Kundenersparnis KMU/Jahr' : 'SME savings/year'}

+

~55k EUR

+

{de ? 'Pentests, CE, Compliance-Zeit, Audit' : 'Pentests, CE, compliance time, audit'}

+
+
+ +
+

+ {de ? 'The Ask:' : 'The Ask:'}{' '} + {(() => { + const amount = Number(funding?.amount_eur) || 0 + const label = amount >= 1_000_000 ? `${(amount / 1_000_000).toFixed(1)} Mio. EUR` : `${Math.round(amount / 1000)}k EUR` + return `${label} ${funding?.instrument || 'Pre-Seed'} · ${funding?.round_name || 'Pre-Seed'}` + })()} +

+
+
+ + ) +} + +const USP_PILLARS = { + de: [ + { title: 'RFQ-Prüfung', body: 'Kunden-Anforderungsdokumente automatisch gegen Source-Code geprüft. Abweichungen erkannt, Änderungen vorgeschlagen.', stat: 'Antwortzeit 4,2h (war 12 Tage)' }, + { title: 'Prozess-Compliance', body: 'Vom Audit-Finding zum Ticket zur Code-Änderung — End-to-End automatisiert. Rollen, Fristen, Eskalation, Nachweise.', stat: '87% automatisierte Prozessschritte' }, + { title: 'Bidirektional', body: 'Compliance-Anforderungen fließen in den Code. Code-Änderungen aktualisieren die Compliance-Doku. Zero Drift.', stat: '0 Drift-Vorfälle seit März 2024' }, + { title: 'Kontinuierlich', body: 'Statt jährlicher Stichproben: Prüfung bei jeder Code-Änderung. Findings sofort zu Tickets mit Fix-Vorschlägen.', stat: '~2.400 Validierungen / Tag / Repo' }, + ], + en: [ + { title: 'RFQ Verification', body: 'Customer requirement docs automatically verified against current source code. Deviations detected, fixes proposed.', stat: 'Response time 4.2h (was 12 days)' }, + { title: 'Process Compliance', body: 'From audit finding to ticket to code change — fully automated. Roles, deadlines, escalation, evidence.', stat: '87% process steps automated' }, + { title: 'Bidirectional Sync', body: 'Compliance requirements flow into code. Code changes update compliance docs. Zero drift between worlds.', stat: '0 drift incidents since Mar-2024' }, + { title: 'Continuous, Not Yearly', body: 'Validation on every code change instead of annual checks. Findings as tickets with concrete fix proposals.', stat: '~2,400 validations / day / repo' }, + ], +} + +const USP_HOOD = { + de: [ + { title: 'End-to-End Traceability', body: 'Gesetz → Obligation → Control deterministisch mit Systemzustand und Code verknüpft. Revisionssicherer Evidence-Layer.' }, + { title: 'Continuous Compliance Engine', body: 'Validierung bei jeder Änderung (Code/IaC/Prozesse) mit auditierbaren Nachweisen in Echtzeit. Rule-Packs pro Framework.' }, + { title: 'Compliance Optimizer', body: 'Maximal zulässige Ausgestaltung jedes KI-Use-Cases. Constraint-Optimierung statt nur erlaubt/verboten — spart 20–200k EUR Anwaltskosten.' }, + { title: 'EU-Trust & Governance Stack', body: 'DSGVO · NIS-2 · DORA · EU AI Act · ISO 27001 · BSI C5 · EU-souveränes Hosting. Eine Plattform, ein Audit.' }, + ], + en: [ + { title: 'End-to-End Traceability', body: 'Law → Obligation → Control deterministically linked to system state and code. Audit-proof evidence layer.' }, + { title: 'Continuous Compliance Engine', body: 'Validation on every change (code/IaC/process) with auditable evidence in real time. Rule packs per framework.' }, + { title: 'Compliance Optimizer', body: 'Max permissible configuration of every AI use case. Constraint optimization beyond allowed/forbidden — replaces EUR 20–200k legal fees.' }, + { title: 'EU Trust & Governance Stack', body: 'GDPR · NIS-2 · DORA · EU AI Act · ISO 27001 · BSI C5 · EU-sovereign hosting. One platform, one audit.' }, + ], +} + +export function PrintUSPPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const pillars = de ? USP_PILLARS.de : USP_PILLARS.en + const hood = de ? USP_HOOD.de : USP_HOOD.en + return ( + + + {de ? 'Unsere USPs' : 'Our USPs'} + +
+
+

{de ? 'Vier Säulen' : 'Four Pillars'}

+
+ {pillars.map(p => ( +
+

{p.title}

+

{p.body}

+

{p.stat}

+
+ ))} +
+
+
+

{de ? 'Under the Hood' : 'Under the Hood'}

+
+ {hood.map(h => ( +
+

{h.title}

+

{h.body}

+
+ ))} +
+
+
+

+ {de + ? '„Compliance ↔ Code · immer in Sync. Eine Plattform, eine geschlossene Schleife. Auditoren, Entwickler und Sales fragen denselben Graphen ab."' + : '"Compliance ↔ Code · always in sync. One platform, one closed loop. Auditors, engineers and sales all query the same graph."'} +

+
+
+ + ) +} + +const REG_KEY = [ + { id: 'GDPR', label: 'DSGVO', color: '#6366f1' }, + { id: 'AI_ACT', label: 'AI Act', color: '#a855f7' }, + { id: 'NIS2', label: 'NIS2', color: '#ef4444' }, + { id: 'CRA', label: 'CRA', color: '#f97316' }, + { id: 'MACHINERY_REG', label: 'Masch.-VO', color: '#22c55e' }, + { id: 'DATA_ACT', label: 'Data Act', color: '#06b6d4' }, + { id: 'BATTERIE_VO', label: 'Batt.-VO', color: '#f59e0b' }, +] +const REG_INDUSTRIES = [ + { de: 'Automobilindustrie', en: 'Automotive', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT', 'BATTERIE_VO'], totalDocs: 263 }, + { de: 'Maschinen- & Anlagenbau', en: 'Machinery & Plant Eng.', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT'], totalDocs: 266 }, + { de: 'Elektro- & Digitalindustrie', en: 'Electrical & Digital', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT', 'BATTERIE_VO'], totalDocs: 281 }, + { de: 'Chemie- & Prozessindustrie', en: 'Chemicals & Process', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT'], totalDocs: 250 }, + { de: 'Metallindustrie', en: 'Metal Industry', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT'], totalDocs: 246 }, + { de: 'Energie & Versorgung', en: 'Energy & Utilities', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT', 'BATTERIE_VO'], totalDocs: 256 }, + { de: 'Transport & Logistik', en: 'Transport & Logistics', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT'], totalDocs: 256 }, + { de: 'Handel', en: 'Retail & Commerce', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT'], totalDocs: 271 }, + { de: 'Konsumgüter & Lebensmittel', en: 'Consumer Goods & Food', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT', 'BATTERIE_VO'], totalDocs: 265 }, + { de: 'Bauwirtschaft', en: 'Construction', regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT'], totalDocs: 245 }, +] + +export function PrintRegulatoryLandscapePage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const kpis = [ + { v: '380+', l: de ? 'Gesetze im RAG' : 'Laws in RAG' }, + { v: '244', l: de ? 'Horizontal' : 'Horizontal' }, + { v: '65', l: de ? 'Branchen-spezifisch' : 'Industry-specific' }, + { v: '10', l: de ? 'Branchen' : 'Industries' }, + ] + return ( + + + {de ? 'Regulatorische Landschaft' : 'Regulatory Landscape'} + +
+ {kpis.map(k => ( +
+

{k.v}

+

{k.l}

+
+ ))} +
+ + + + + {REG_KEY.map(r => ( + + ))} + + + + + {REG_INDUSTRIES.map((ind, i) => ( + + + {REG_KEY.map(r => ( + + ))} + + + ))} + +
{de ? 'Branche' : 'Industry'}{r.label}{de ? 'Gesetze' : 'Laws'}
{de ? ind.de : ind.en} + {ind.regs.includes(r.id) + ? + : ·} + {ind.totalDocs}
+

+ {de + ? '244 Dokumente gelten horizontal für alle Branchen (DSGVO, BDSG, AI Act, NIS2, CRA, BetrVG, HGB, ...). Sektorspezifische Regulierungen kommen hinzu.' + : '244 documents apply horizontally to all industries (GDPR, BDSG, AI Act, NIS2, CRA, ...). Sector-specific regulations are added on top.'} +

+ + ) +} + +const HIW_STEPS_DE = [ + { n: '01', t: 'Cloud-Vertrag abschließen', d: 'BSI-zertifizierte Cloud in Deutschland. Fixe oder flexible Kosten.' }, + { n: '02', t: 'Code-Repos verbinden', d: 'Git-Repos, CI/CD Pipelines und Firmware-Projekte anbinden. Die KI scannt automatisch auf Schwachstellen und Compliance-Lücken bei jeder Änderung.' }, + { n: '03', t: 'Compliance & Security automatisieren', d: 'Kontinuierliche Code-Analyse, Pentesting und Risikoanalysen. VVT, TOMs, DSFA und CE-Dokumentation werden automatisch erstellt und aktualisiert.' }, + { n: '04', t: 'Audit vorbereiten', d: 'Alle Nachweise, Dokumente und Risikobeurteilungen auf Knopfdruck. Abweichungen nach dem Audit automatisch nachverfolgen mit Stichtagen und Eskalation.' }, +] +const HIW_STEPS_EN = [ + { n: '01', t: 'Sign Cloud Contract', d: 'BSI-certified cloud in Germany. Fixed or flexible costs.' }, + { n: '02', t: 'Connect Code Repos', d: 'Connect Git repos, CI/CD pipelines and firmware projects. The AI scans automatically for vulnerabilities and compliance gaps on every change.' }, + { n: '03', t: 'Automate Compliance & Security', d: 'Continuous code analysis, pentesting and risk assessments. RoPA, TOMs, DPIA and CE documentation are automatically created and updated.' }, + { n: '04', t: 'Prepare for Audit', d: 'All evidence, documents and risk assessments at the push of a button. Post-audit deviations automatically tracked with deadlines and escalation.' }, +] + +export function PrintHowItWorksPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const steps = de ? HIW_STEPS_DE : HIW_STEPS_EN + return ( + + + {de ? 'So funktioniert\'s' : 'How It Works'} + +
+ {steps.map((s, idx) => ( +
+
+ {s.n} +
+
+

{s.t}

+

{s.d}

+
+ {idx < steps.length - 1 && } +
+ ))} +
+ + ) +} + +const BM_TIERS_DE = [ + { name: 'Starter', target: 'Startups & Kleinstunternehmen', emp: '< 10', price: '3.600 EUR/Jahr', features: ['Code Security (SAST/DAST)', 'Compliance-Dokumente', 'Consent Management', '1 Anwendung'], highlight: false }, + { name: 'Professional', target: 'KMU & Mittelstand', emp: '10 – 250', price: '15.000 – 40.000 EUR/Jahr', features: ['Alle Module inkl. CE-Bewertung', 'Audit Manager End-to-End', 'AI Act Compliance (UCCA)', 'Unbegrenzte Anwendungen'], highlight: true }, + { name: 'Enterprise', target: 'Konzerne & OEMs', emp: '250+', price: 'ab 50.000 EUR/Jahr', features: ['Dedizierte Instanz', 'Custom Integrationen (SAP, MES)', 'SLA & Priority Support', 'Tender Matching & RFQ-Prüfung'], highlight: false }, +] +const BM_TIERS_EN = [ + { name: 'Starter', target: 'Startups & Micro', emp: '< 10', price: '3,600 EUR/yr', features: ['Code Security (SAST/DAST)', 'Compliance documents', 'Consent management', '1 application'], highlight: false }, + { name: 'Professional', target: 'SME & Mid-Market', emp: '10 – 250', price: '15,000 – 40,000 EUR/yr', features: ['All modules incl. CE assessment', 'Audit Manager end-to-end', 'AI Act Compliance (UCCA)', 'Unlimited applications'], highlight: true }, + { name: 'Enterprise', target: 'Enterprises & OEMs', emp: '250+', price: 'from 50,000 EUR/yr', features: ['Dedicated instance', 'Custom integrations (SAP, MES)', 'SLA & priority support', 'Tender matching & RFQ verification'], highlight: false }, +] + +export function PrintBusinessModelPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const tiers = de ? BM_TIERS_DE : BM_TIERS_EN + return ( + + + {de ? 'Geschäftsmodell' : 'Business Model'} + +
+ {tiers.map(t => ( +
+

{t.name}

+

{t.target}

+

{t.emp} {de ? 'Mitarbeiter' : 'employees'}

+

{t.price}

+
    + {t.features.map(f => ( +
  • + + {f} +
    • + ))} +
+
+ ))} +
+ + ) +} + +const COMP_COMPETITORS = [ + { name: 'Vanta', flag: 'US', founded: 2018, emp: '1.695', revenue: '$220M ARR', customers: '12.000', pricing: '$10K–80K/yr', ai: 'full' as const }, + { name: 'Drata', flag: 'US', founded: 2020, emp: '732', revenue: '$100M ARR', customers: '8.000', pricing: '$10K–100K/yr', ai: 'full' as const }, + { name: 'Sprinto', flag: 'IN', founded: 2020, emp: '316', revenue: '$38M ARR', customers: '3.000', pricing: '$6K–25K/yr', ai: 'full' as const }, + { name: 'DataGuard', flag: 'DE', founded: 2017, emp: '250', revenue: '~€52M', customers: '4.000', pricing: '€6K–24K+/yr', ai: 'partial' as const }, + { name: 'Proliance', flag: 'DE', founded: 2017, emp: '65', revenue: '~€3.9M', customers: '2.000', pricing: '€1.5K–5.7K/yr', ai: 'none' as const }, + { name: 'heyData', flag: 'DE', founded: 2020, emp: '58', revenue: '~€15M', customers: '2.000', pricing: '€1K–3.8K/yr', ai: 'partial' as const }, +] + +const COMP_USP_ROWS_DE = ['Code-Security + DevSecOps (6 Tools, SAST/DAST/SBOM/Container/Secrets/IaC)', 'LLM-Auto-Fix für gefundene Schwachstellen', 'Firmware & Embedded-Security', 'PII-Redaction LLM Gateway', 'RAG mit 25.000+ Sicherheitskontrollen', 'AI Act und CRA Compliance End-to-End', 'CE-Software-Risikobeurteilung nach Maschinen-VO', 'Whistleblower-Portal (HinSchG)', 'Maschinenbau-Branchenfokus', 'Self-Hosted / On-Premise möglich'] +const COMP_USP_ROWS_EN = ['Code security + DevSecOps (6 tools, SAST/DAST/SBOM/container/secrets/IaC)', 'LLM auto-fix for detected vulnerabilities', 'Firmware & embedded security', 'PII redaction LLM gateway', 'RAG with 25,000+ security controls', 'AI Act and CRA compliance end-to-end', 'CE software risk assessment per Machinery Regulation', 'Whistleblower portal (HinSchG)', 'Manufacturing industry focus', 'Self-hosted / on-premise possible'] + +export function PrintCompetitionPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const aiLabel = (a: 'full' | 'partial' | 'none') => a === 'full' ? (de ? 'Voll' : 'Full') : a === 'partial' ? (de ? 'Teil' : 'Partial') : (de ? 'Keine' : 'None') + const aiColor = (a: 'full' | 'partial' | 'none') => a === 'full' ? '#16a34a' : a === 'partial' ? '#d97706' : '#94a3b8' + return ( + + + {de ? 'Wettbewerb' : 'Competition'} + +
+
+

{de ? 'Wettbewerber-Übersicht' : 'Competitor Overview'}

+ [ + {c.flag} {c.name}, + c.founded.toString(), + c.emp, + c.revenue, + c.customers, + c.pricing, + {aiLabel(c.ai)}, + ])} + colWidths={['18%', '8%', '10%', '15%', '12%', '20%', '10%']} + /> +
+
+

{de ? 'Was nur BreakPilot hat' : 'BreakPilot-only features'}

+
    + {(de ? COMP_USP_ROWS_DE : COMP_USP_ROWS_EN).map(r => ( +
  • + + {r} +
    • + ))} +
+
+
+

+ {de + ? 'Weitere DACH-Anbieter: Secjur, Usercentrics, Caralegal, 2B Advice, OneTrust. Keiner kombiniert DSGVO + Code-Security + Self-Hosted KI.' + : 'Other DACH players: Secjur, Usercentrics, Caralegal, 2B Advice, OneTrust. None combines GDPR + code security + self-hosted AI.'} +

+ + ) +} + +const SAVINGS_DE = [ + { name: 'KMU (25 MA)', bp: '15.000 EUR/Jahr', without: '86.000', with: '31.000', save: '55.000', roi: '3,7x' }, + { name: 'Mittelstand (100 MA)', bp: '30.000 EUR/Jahr', without: '291.000', with: '98.000', save: '193.000', roi: '6,4x' }, + { name: 'Konzern (500+ MA)', bp: '50.000 EUR/Jahr', without: '1.190.000', with: '410.000', save: '780.000', roi: '15,6x' }, +] +const SAVINGS_EN = [ + { name: 'SME (25 emp.)', bp: 'EUR 15,000/yr', without: '86,000', with: '31,000', save: '55,000', roi: '3.7x' }, + { name: 'Mid-size (100 emp.)', bp: 'EUR 30,000/yr', without: '291,000', with: '98,000', save: '193,000', roi: '6.4x' }, + { name: 'Enterprise (500+ emp.)', bp: 'EUR 50,000/yr', without: '1,190,000', with: '410,000', save: '780,000', roi: '15.6x' }, +] +const SAVINGS_LINES_DE = ['Pentests (Anwendungen)', 'CE-SW-Risikobeurteilung', 'Compliance-Dokumentation', 'Produktivere Compliance-Arbeitszeit', 'Audit-Vorbereitung', 'Externe Berater / FTE / Strafvermeidung'] +const SAVINGS_LINES_EN = ['Pentests (applications)', 'CE SW risk assessment', 'Compliance documentation', 'More productive compliance time', 'Audit preparation', 'External consultants / FTE / penalty avoidance'] + +export function PrintCustomerSavingsPage({ lang, pageNum, totalPages, versionName }: SlideBase) { + const de = lang === 'de' + const rows = (de ? SAVINGS_DE : SAVINGS_EN).map(r => [ + {r.name}, + r.bp, + {r.without} €, + {r.with} €, + {r.save} €, + {r.roi}, + ]) + return ( + + + {de ? 'Kundenersparnis im Detail' : 'Customer Savings in Detail'} + +
+ +
+
+
+

{de ? 'Wo gespart wird' : 'Where savings come from'}

+
    + {(de ? SAVINGS_LINES_DE : SAVINGS_LINES_EN).map(l =>
  • {l}
    • )} +
+
+
+

{de ? 'Versteckter Hebel' : 'Hidden lever'}

+

+ {de + ? '„Der größte versteckte Kostentreiber ist Entwickler-Produktivität: ohne automatisierte Security-Tools verbringen Entwickler 19% ihrer Arbeitszeit mit Sicherheitsaufgaben statt mit Features." — IDC' + : '"The largest hidden cost driver is developer productivity: without automated security tools, developers spend 19% of their time on security tasks instead of features." — IDC'} +

+
+
+
+ {(de ? ['Pentests', 'CE-Risiko', 'Compliance-Zeit', 'Audit-Vorb.', 'Strafvermeidung'] : ['Pentests', 'CE risk', 'Compliance time', 'Audit prep', 'Penalty avoidance']).map(b => {b})} +
+ + ) +}