EU AI Act Readiness Review.

The EU AI Act is enforceable. Fines reach €35M or 7% of global revenue.

The problem

The EU AI Act is the most comprehensive AI regulation in the world. It applies to companies with EU customers, employees, or processing of EU data, regardless of headquarters location.

Risk-based classification requires compliance across Unacceptable, High, Limited, and Minimal tiers. High-risk systems demand mandatory conformity assessments, extensive documentation, and ongoing monitoring. Penalties for non-compliance are severe.

Most organizations don’t even know which of their AI systems fall in scope, let alone which risk category they belong to. The readiness review answers those questions first.

What’s included

-AI system inventory with EU AI Act risk classification (Unacceptable, High, Limited, Minimal)

-Gap assessment against Act requirements for each risk category

-Documentation audit against mandatory documentation requirements

-Conformity assessment pathway analysis for high-risk systems

-Regulatory timeline mapping specific to your systems and obligations

-Remediation roadmap with prioritized actions and deadlines

What you get

-AI system classification report with risk levels per system

-Documentation gap analysis identifying missing mandatory documentation

-Compliance roadmap with phased milestones aligned to enforcement dates

-Executive briefing on regulatory exposure and business impact

-Template documentation to accelerate compliance efforts

Who this is for

-Companies with AI systems that touch EU data, customers, or employees

-Organizations using AI in high-risk areas: HR, credit, healthcare, or education

-US companies with EU subsidiaries or EU-based customers

-Legal and compliance teams responsible for regulatory readiness

Timeline

3–4 weeks

Structure

Fixed fee

Methodology

1. Inventory - Week 1

Catalog all AI systems, integrations, and use cases across the organization.

2. Classification - Week 2

Classify each AI system under the EU AI Act risk framework. Map obligations per category.

3. Gap Assessment - Week 3

Assess documentation, technical requirements, and process gaps against Act requirements.

4. Delivery - Week 4

Classification report, gap analysis, compliance roadmap, executive briefing, and template documentation.

FAQ

Does the EU AI Act apply to our US-based company?

Yes, if your AI systems affect EU citizens as customers, employees, or data subjects. The regulation has extraterritorial reach similar to GDPR.

What counts as a high-risk AI system?

Specified high-risk categories include AI used in employment and worker management, creditworthiness assessment, education, healthcare, law enforcement, and critical infrastructure.

When does enforcement begin?

Enforcement is already active for certain provisions, with full implementation phasing between 2025 and 2027.

Are we responsible for third-party AI systems we use?

Yes. As a 'deployer' under the Act, you have specific obligations even when using third-party AI systems. Responsibility cannot be outsourced.

Can you help us achieve full compliance, not just assess gaps?

Yes. Implementation support is available as a follow-on engagement after the initial readiness review.

Where this leads

The EU AI Act Readiness Review is one half of the AI Governance & Compliance engagement. When governance maturity is also in scope, that engagement adds NIST AI RMF and ISO 42001 assessment to the same review.

Book a 30-minute call to discuss your EU AI Act exposure and what a readiness review looks like for your organization.