EU AI Act - Compliance and Risk Classification

Navigate EU AI Act requirements with confidence. From risk classification to conformity assessment - we make AI regulation practical.

What we offer

The EU AI Act (Regulation 2024/1689) is the world’s first comprehensive AI regulation. It introduces a risk-based classification system for AI systems, with requirements ranging from transparency obligations to full conformity assessments.

We help you cut through the regulatory complexity and build a practical compliance roadmap. Our EU AI Act consulting covers:

AI system inventory - mapping all AI systems in your organization, including third-party components
Risk classification - determining which of your AI systems fall under unacceptable, high, limited, or minimal risk categories
Gap analysis - identifying what you need to change to meet the requirements for each risk level
Documentation - building the technical documentation, risk management, and quality management systems required for high-risk AI
Conformity assessment - preparing for the assessment process required before high-risk AI systems can be placed on the market
Post-market monitoring - establishing the ongoing monitoring and reporting processes the regulation requires

Our approach

The EU AI Act is complex, but compliance doesn’t have to be overwhelming. We break it down into manageable steps:

AI system inventory - We help you identify and catalog every AI system in your organization, including those you might not think of as “AI.”
Risk classification - We determine the risk level for each system based on the regulation’s criteria. Many systems fall under minimal risk with only transparency requirements.
Gap analysis - For systems that need attention, we identify exactly what’s missing and what needs to change.
Compliance roadmap - We create a prioritized plan that aligns with the regulation’s phased enforcement timeline.
Implementation support - We work with your team to implement the required changes, from documentation to technical controls.

Why choose us

The EU AI Act doesn’t exist in isolation. It intersects with GDPR, the NIS2 Directive, and sector-specific regulations. Our experience with EU regulatory frameworks means we understand how these pieces fit together.

We also know ISO 42001. If you’re pursuing both ISO 42001 certification and EU AI Act compliance, there’s significant overlap. We’ll help you build a unified approach that satisfies both without duplicating work.

And honestly? Most of your AI systems probably fall under minimal or limited risk. We’ll tell you that upfront instead of inflating the scope to justify higher fees.

Key timelines

The EU AI Act entered into force in August 2024, with a phased enforcement schedule:

February 2025 - Prohibited AI practices take effect
August 2025 - General-purpose AI (GPAI) model requirements apply
August 2026 - High-risk AI system requirements become enforceable
Penalties - Up to 35 million EUR or 7% of global annual turnover

Next step

Not sure how the EU AI Act applies to your AI systems? Let’s have a conversation. We’ll help you understand your obligations - and if the honest answer is “you’re mostly fine,” we’ll tell you that too.

Let’s talk - no commitment, just clarity on where you stand.