P08

Regulatory readiness

AI Compliance Check

Duration
1–2 days
Audience
for IT, data protection & management
Investment
from €2,500

The Goal

Establish structured clarity on where you stand regulatorily – measured against the EU AI Act, ISO 27001, Cyber Resilience Act (CRA), and GDPR – with a prioritised action plan before the obligations take effect.

When the check fits

  • When 'Governance & Compliance' is among your weakest action areas.
  • Before an AI solution goes into production.
  • When EU AI Act, CRA, and GDPR have not yet been systematically addressed.

How we work

Seven areas are reviewed: EU AI Act · AI Literacy (Art. 4) · Data Protection (GDPR) · Security, Hosting & CRA · Data & Model Governance · Documentation & Evidence · Third Parties & Contracts.

  1. 1

    AI inventory & scope

    Capture all AI systems in use and planned.

  2. 2

    Risk classification

    Classify each system under the EU AI Act.

  3. 3

    Gap analysis

    Determine the delta to EU AI Act, ISO 27001, CRA, and GDPR using structured checklists.

  4. 4

    Findings & risk assessment

    Document and assess findings per audit area.

  5. 5

    Action plan

    Prioritised, with owners and deadlines.

What you get

  • An AI inventory with risk classification under the EU AI Act.
  • A compliance report with findings per audit area (traffic-light overview).
  • A CRA applicability assessment.
  • An ISO 27001 readiness assessment.
  • A GDPR conformity check.
  • A prioritised action plan with deadlines and a management presentation.

Ready for the next step?

Start with the free Maturity Check or talk to us directly.