EU AI Act Readiness Review

The EU AI Act is enforceable. Fines reach €35M or 7% of global revenue.

The problem

The EU AI Act is the most comprehensive AI regulation in the world. And it applies to your company if you have EU customers, EU employees, or process EU data — regardless of where you're headquartered.

The Act classifies AI systems by risk level, with specific requirements at each tier. High-risk systems face mandatory conformity assessments, extensive documentation requirements, and ongoing monitoring obligations. The fines for non-compliance are among the steepest in any regulatory framework.

Most organizations don't even know which of their AI systems fall in scope, let alone which risk category they belong to. You can't comply with requirements you haven't mapped.

What’s included

  • AI system inventory with EU AI Act risk classification (Unacceptable, High, Limited, Minimal)
  • Gap assessment against Act requirements for each risk category
  • Documentation audit against mandatory documentation requirements
  • Conformity assessment pathway analysis for high-risk systems
  • Regulatory timeline mapping specific to your systems and obligations
  • Remediation roadmap with prioritized actions and deadlines

What you get

  • AI system classification report with risk levels per system
  • Documentation gap analysis identifying missing mandatory documentation
  • Compliance roadmap with phased milestones aligned to enforcement dates
  • Executive briefing on regulatory exposure and business impact
  • Template documentation to accelerate compliance efforts

Who this is for

  • Companies with AI systems that touch EU data, customers, or employees
  • Organizations using AI in high-risk areas: HR, credit, healthcare, or education
  • US companies with EU subsidiaries or EU-based customers
  • Legal and compliance teams responsible for regulatory readiness

Timeline & investment

Timeline

3–4 weeks

Investment

$12,000–$30,000

Pricing

Fixed fee

Our approach

1

Inventory Week 1

Catalog all AI systems, integrations, and use cases across the organization.

2

Classification Week 2

Classify each AI system under the EU AI Act risk framework. Map obligations per category.

3

Gap Assessment Week 3

Assess documentation, technical requirements, and process gaps against Act requirements.

4

Delivery Week 4

Classification report, gap analysis, compliance roadmap, and executive briefing.

Frequently asked questions

Yes, if your AI systems affect EU citizens — whether they're customers, employees, or data subjects. The EU AI Act has extraterritorial reach, similar to GDPR. If you do business in or with the EU, you're likely in scope.

The Act defines specific high-risk categories: AI used in employment and worker management, creditworthiness assessment, education, healthcare, law enforcement, and critical infrastructure. If your AI touches any of these areas, it faces the most stringent requirements.

It's already live for some provisions. Full enforcement phases in between 2025 and 2027, with different requirements taking effect at different stages. The prohibited practices provisions are already enforceable. Waiting is not a strategy.

Yes. As a "deployer" under the Act, you have specific obligations even when using third-party AI systems. It's a shared responsibility model — the provider has obligations, and so do you. You can't outsource compliance.

Yes. Implementation support is available as a follow-on engagement. The readiness review gives you the roadmap — we can then help you execute it, including documentation, conformity assessment preparation, and ongoing monitoring setup.

Know where you stand before regulators ask

Book a 30-minute call to discuss your EU AI Act exposure and what a readiness review looks like for your organization.