AI Compliance Vendor Pricing in 2026: What 10 Vendors Actually Charge

Most AI compliance and governance vendors do not publish prices. We checked all 55 vendors in our directory. Only ten have pricing you can read on the open web without a sales call. Those ten are the focus of this guide. Everyone else is "contact us," and we explain at the end what that usually costs.

Every number below is sourced from the vendor's own pricing page, an AWS Marketplace listing, or a public open-source repository. No analyst estimates. No "we heard a customer say." If a price changes after publication, the per-vendor pricing page on this site carries the live verification date and the source URL for every tier.

The full pricing index lives at /pricing. Each row links to a per-vendor pricing breakdown with tiers, hidden costs, contract terms, alternatives at higher and lower price points, and a methodology footer.

The ten vendors with public pricing

Sorted by lowest published monthly price. "Free" means there is a genuine no-cost tier, not a trial. "From" is the lowest paid tier. Enterprise pricing on every vendor below is custom-quoted and only appears when the vendor publishes a hint of it.

That is the entire list as of May 2026. If you find a vendor in our directory with a public price we have missed, tell us and we will add it.

What the cheapest tier really gets you

Free tiers in this space split cleanly into two buckets: open-source projects that ship a SaaS layer for teams that do not want to self-host, and commercial vendors that offer a small free tier as a top of funnel for the paid plans.

[Promptfoo](/vendors/promptfoo) is the cleanest open-source play. The repository is free under an MIT-style license. The enterprise plan adds managed services, team collaboration, and advanced security features at custom pricing per their pricing page. Most teams running offline red-team evals from CI never touch the paid tier.

[Langfuse](/vendors/langfuse) publishes a four-step ladder on langfuse.com/pricing: a Hobby plan at $0/month, a Core plan at $29/month, a Pro plan at $199/month, and an Enterprise plan at $2,499/month. Each step adds longer data retention, more billable units, and more collaboration features. Self-hosting the open-source version stays free indefinitely.

[Arize AI](/vendors/arize-ai) runs two products in parallel. Phoenix is the open-source library, free. The Arize AX SaaS platform has a free tier, a Pro tier at $50 per month, and an enterprise tier with custom pricing on arize.com/pricing. For teams just starting LLM observability, Phoenix plus a local Postgres is usually enough for the first few months.

[Lakera](/vendors/lakera) sits on the security side of observability. The free tier on lakera.ai/pricing covers low-volume guardrail traffic. Production volumes move into a custom-priced enterprise plan that is not listed publicly, so you will need a sales conversation for any meaningful deployment.

[WhyLabs](/vendors/whylabs) is the one to watch. After the company's acquisition, the platform transitioned to a fully open-source model. The legacy SaaS pricing on the WhyLabs AWS Marketplace listing is still live: free for the smallest deployments, $100 per month for one production model, $200 per month for two models, and $8,333.33 per month ($100,000 per year) for the legacy enterprise tier. New teams should default to the open-source build unless you specifically need the managed dashboards from the legacy plans.

[Aporia](/vendors/aporia) was acquired by Coralogix, which means its pricing now sits inside Coralogix's Units (CU) model on coralogix.com/pricing. A CU costs $1.50 and covers a mix of logs, traces, metrics, and AI tokens. The free tier exists. Beyond that, you pay for actual telemetry consumed.

The middle of the market: $29 to $249 per month

Once you commit to a paid plan, the LLM observability vendors cluster between $29 and $249 per month for the smallest team tier. The differentiators are seats, trace retention, and how much usage you can run before overage charges kick in.

Langfuse Core at $29 per month, [LangSmith](/vendors/langsmith) Plus at $39 per month, and [Braintrust](/vendors/braintrust-ai) Pro at $249 per month are the three published per-seat or per-team prices on the LLM observability side. None of them publish a hard ceiling on the paid tier — every vendor scales to enterprise via overages or a custom quote.

LangSmith publishes the $39 per seat per month figure on langchain.com/pricing and adds usage charges for traces, deployments, and fleet runs. That makes the all-in cost very sensitive to how chatty your application is — a team running 10 million traces a month will pay materially more than the headline seat price suggests.

Braintrust at $249 per month per braintrust.dev/pricing is the highest published starting tier in this group. It also includes more telemetry headroom and a richer eval feature set than the cheaper LLM observability tools, which is why teams that want a structured eval workflow tend to land here.

Where compliance automation lives: Vanta and Drata

Compliance automation is a different shape of cost. [Vanta](/vendors/vanta) publishes annual prices on its AWS Marketplace listing: a Core plan at $14,000 per year, a Growth plan at $21,500 per year, and a Scale plan at $23,000 per year. The Marketplace tiers are bundles that include a specific list of compliance frameworks and modules — adding more frameworks or AI-specific add-ons pushes the price higher.

[Drata](/vendors/drata) does not list a number anywhere on drata.com/plans. The plan structure is visible — Starter, Growth, Premium, and Enterprise — but every tier is custom-quoted. Third-party procurement data on Vendr suggests the typical contract runs $15,000 to $60,000 per year, but we treat that as a directional reference rather than a verified rate.

If you are choosing between the two purely on published pricing, Vanta is more transparent and easier to budget. Drata becomes the better fit when you need the deeper audit-prep workflow and you are willing to spend the procurement cycle on a quote.

Hidden costs that do not show up in the headline

Every pricing page on this site lists hidden costs explicitly, because the headline tier is often the smaller part of the bill.

Common patterns we see:

For LLM observability vendors, the headline seat or platform fee almost always sits next to a per-trace, per-event, or per-token usage line. Langfuse and LangSmith both publish usage tiers; Coralogix's CU model puts everything on a single meter. A team running production traffic at scale will spend more on usage than on seats.

For compliance automation, the hidden costs are framework add-ons and integration hours. Vanta charges for additional frameworks beyond the bundle. Drata's quote depends on the number of frameworks and modules. Both vendors offer professional services for implementation, scoped separately from the subscription.

For the enterprise tier on every vendor on this list, the published price is a starting point. Volume commitments, multi-year discounts, and bundled professional services all move the final number. The per-vendor pricing pages document each vendor's contract terms (monthly, annual, multi-year) and known discount mechanics.

What the other 45 vendors actually cost

The 10 vendors above are the entire public-pricing universe of our 55-vendor directory. The other 45 fall into three rough cost bands, based on procurement data we have triangulated from public marketplace listings, analyst reports, and third-party procurement aggregators.

Sub-$25,000 per year tends to cover the smallest tier of compliance automation platforms aimed at SMB and lower mid-market, plus the open-source-adjacent observability vendors before they hit enterprise volumes. Scrut Automation publishes a Scrut AWS Marketplace listing from $15,000 per year as one data point.

$25,000 to $150,000 per year is the typical mid-market band for AI governance platforms aimed at enterprises that have not yet committed to the largest vendors. Modulos AI's Modulos AI pricing page lists a Foundations tier from CHF 15,000. The full Credo AI, Holistic AI, Fairly AI, Saidot, and OneTrust AI Governance enterprise quotes generally sit somewhere in this range, depending on use cases and number of AI systems registered.

$150,000 and above per year is enterprise governance platforms — ServiceNow AI Governance, Collibra AI Governance, IBM watsonx.governance Premium, OneTrust AI Governance Enterprise, and the more substantive deployments of Credo AI and Holistic AI. IBM publishes a watsonx.governance pricing page with a Standard SaaS rate at $0.60 per resource unit, which gives you a unit-cost anchor even though the full deployment cost still requires a quote.

Independent procurement data from Vendr suggests Drata on Vendr typically lands between $15,000 and $60,000 per year for SMB and lower mid-market, with larger deployments pushing well past that.

These ranges are directional, not quoted. Use them to set expectations before requesting a formal quote, and read the per-vendor pricing page on this site for the verified, sourced figures we do have.

How to use these numbers in a real procurement

A few habits that pay off.

Bring competitor quotes into every conversation. Even if you do not plan to switch, the existence of a credible alternative quote moves the discount conversation. The comparison pages on this site exist for exactly this reason — you can hand a sales team a head-to-head writeup of their nearest rival and ask them to match its strongest features.

Ask for the multi-year discount in writing before you ask for an annual one. Most vendors discount more aggressively when the contract length increases. Pinning the multi-year rate first gives you a floor when you re-negotiate to annual.

Treat the "starts at" number as a deposit. The headline tier covers the smallest realistic deployment. Frameworks, additional AI systems, additional integrations, and professional services all push the all-in number higher.

Verify the date of every published price. The "last verified" timestamp on every per-vendor pricing page on this site is the only number you should trust without re-checking the vendor's own page. We re-verify on a rolling 90-day cadence, but vendors update without notice.

What's next

The directory has 55 vendors. Ten of them have publishable prices. The pressure to publish is increasing — buyers want transparency before the sales call, and the EU AI Act high-risk deadline on August 2, 2026 is forcing procurement cycles to compress.

We will keep adding pricing records as vendors publish them. If your team has signed a deal you can confirm is representative, tell us and we will reach out for the verification details. We never publish private deal terms — only what the vendor has put on a public page.

For the live list, see /pricing. For a category-by-category map of the entire AI compliance market, see the AI Compliance Vendors buyer's map.