The Anti-Consultant Consultant
AI governance that makes sense - not just an ethics statement on your website.
Hi, I'm Lyudmil Arkov, and I'm probably not the AI governance consultant you're expecting.
I don't speak in abstract ethics frameworks. I won't drown you in philosophical white papers. And I definitely won't disappear the moment your AI management system looks good on paper.
What I will do? Make AI governance genuinely meaningful for your business.
From phone support to AI governance partner
Twenty-two years ago, I started on a phone support desk at a telecommunications company. Not exactly the typical origin story for a governance consultant, right? But the path through technical support, system administration, and eventually information security leadership taught me something important: real governance isn't about frameworks and standards - it's about understanding how technology and business actually work together.
My first ISO 27001 implementation happened almost by accident. As a system administrator, I was tasked with preparing the company for certification. No consultants, no roadmap - just me and a standard that seemed designed to confuse. But something clicked. I realized that ISO 27001 isn't about creating perfect documentation - it's about building a better business through systematic thinking about security.
After a decade helping companies implement ISO 27001, I watched AI transform every industry. ISO 42001 arrived as the natural next step - AI governance through the same systematic thinking that made ISO 27001 effective.
Over the past decade, I've implemented ISO 27001, SOC 2, TISAX, C5, Cyber Essentials, and more for companies ranging from 5-person startups to thousand-employee enterprises. Every implementation taught me something new - the same standard can transform a business in fundamentally different ways depending on who's applying it.
Why aims.consulting exists
The same problems I saw in information security are repeating in AI governance: expensive consultants, checkbox approaches, frameworks that don't fit. That's why I started aims.consulting - to bring the same boutique, relationship-first approach to AI management systems.
After years of seeing the same patterns, I kept running into:
- Companies spending fortunes on AI ethics consultants who speak in philosophy, not business
- Startups drowning in AI governance documentation they'll never actually use
- Compliance certificates gathering dust while actual AI risks remain unaddressed
- The dreaded "We passed the audit, so we're done, right?"
The 27kay connection
aims.consulting is part of the 27kay practice. We bring a decade of ISO management system expertise to the emerging field of AI governance. Same philosophy, new frontier.
Everything I learned building information security management systems - the importance of context, the danger of copy-paste policies, the value of continuous improvement - applies directly to AI governance. ISO 42001 isn't a departure from that work. It's its natural evolution.
The boutique approach
You work with me, not a junior associate. When you hire aims.consulting, you get two decades of IT experience and a decade of security expertise - not someone reading from a script.
Quality over quantity, always. I'd rather have 10 clients who trust me completely than 1,000 who don't know my name. This isn't about maximizing billable hours - it's about building lasting partnerships.
We start with an honest conversation. Our first meeting isn't about selling services - it's about whether you actually need AI governance right now and whether we're the right fit for each other. Sometimes the answer is no, and that's perfectly fine.
Continuous improvement, not checkbox compliance. If you just want a certificate to file away, I'm not your consultant. But if you see governance as a tool for building a better, more responsible AI practice? Let's talk.
How I work
Remote-first, async-native. I work with companies that live in 2026. That means Slack, Notion, Linear - whatever tools you're already using. No mandatory on-site visits, no timezone tyranny.
Available but not desperate. I'll be responsive and engaged, but I won't pretend I'm at your disposal 24/7. Sustainable relationships require boundaries.
Implementation without timeline pressure. Can we get ISO 42001 done in three weeks? Technically, maybe. Should we? Rarely. We'll move at the pace that makes sense for your business, not to chase arbitrary deadlines.
Reality check
A few truths that might surprise you:
- Not every company needs ISO 42001 right now
- Sometimes improving your AI governance practices is more important than getting certified
- The best AI control is often common sense, systematically applied
- AI governance can actually be - dare I say - interesting, when done right
Who thrives with us
My best client relationships share a few characteristics:
- Companies building AI products - who see governance as a growth enabler, not a necessary evil
- Organizations deploying AI systems - that value expertise without the corporate consulting experience
- Teams facing EU AI Act requirements - ready to improve continuously, not just pass an audit
- Organizations that appreciate straight talk - over consultant-speak
If you're reading this and thinking "finally, someone who gets it" - we should talk.
If you're thinking "I just want the cheapest, fastest certificate" - we probably shouldn't.
Let's have a conversation
Not sure if you need ISO 42001? Wondering whether your AI systems fall under the EU AI Act? Let's start with coffee - virtual or otherwise.
Book a free consultation →