- Duration
- 1–2 days
- Audience
- for IT, data protection & management
- Investment
- from €2,500
The Goal
Establish structured clarity on where you stand regulatorily – measured against the EU AI Act, ISO 27001, Cyber Resilience Act (CRA), and GDPR – with a prioritised action plan before the obligations take effect.
When the check fits
- › When 'Governance & Compliance' is among your weakest action areas.
- › Before an AI solution goes into production.
- › When EU AI Act, CRA, and GDPR have not yet been systematically addressed.
How we work
Seven areas are reviewed: EU AI Act · AI Literacy (Art. 4) · Data Protection (GDPR) · Security, Hosting & CRA · Data & Model Governance · Documentation & Evidence · Third Parties & Contracts.
- 1
AI inventory & scope
Capture all AI systems in use and planned.
- 2
Risk classification
Classify each system under the EU AI Act.
- 3
Gap analysis
Determine the delta to EU AI Act, ISO 27001, CRA, and GDPR using structured checklists.
- 4
Findings & risk assessment
Document and assess findings per audit area.
- 5
Action plan
Prioritised, with owners and deadlines.
What you get
- ✓ An AI inventory with risk classification under the EU AI Act.
- ✓ A compliance report with findings per audit area (traffic-light overview).
- ✓ A CRA applicability assessment.
- ✓ An ISO 27001 readiness assessment.
- ✓ A GDPR conformity check.
- ✓ A prioritised action plan with deadlines and a management presentation.
Ready for the next step?
Start with the free Maturity Check or talk to us directly.