AI Compliance
AI compliance without
the scare tactics.
If your team uses AI tools, the EU AI Act already applies to you. Most of what you owe is modest — but it's real, and it needs to be documented.
We check what actually applies to your business, fix the gaps with the lightest possible touch, and tell you plainly when you don't need more.
The 2026 Picture
What's actually changed — and what hasn't.
2026 has been a confusing year for AI regulation headlines. In May, the EU agreed to delay the AI Act's toughest obligations — for high-risk systems like hiring tools and credit scoring — from August 2026 to December 2027. A lot of businesses read that as "the AI Act got pushed back," took a breath, and moved on. The parts that apply to most SMEs didn't move.
EU AI Act — what's live now
AI literacy obligations have applied to every business using AI since February 2025. Transparency and disclosure rules follow in August 2026. The expensive, document-heavy obligations are reserved for high-risk systems most SMEs never touch.
Who this actually affects
If your team uses ChatGPT, Gemini, or Claude for client work, or you run a customer-facing chatbot, you have real (if modest) obligations under the Act — whether or not you built the AI yourself.
What it doesn't mean
Unless you're building or deploying AI for hiring decisions, credit scoring, or similarly regulated domains, you're very unlikely to face the heavy compliance machinery — conformity assessments, technical documentation files, notified body audits.
Why It Matters
The risks of non-compliance.
Non-compliance isn't really about a single catastrophic fine landing out of nowhere. For most small businesses, it's about not being able to show you took reasonable, documented steps when something else goes wrong.
Financial Penalties
EU AI Act fines are tiered: up to €35 million or 7% of global turnover for the most serious prohibited practices, down to €15 million or 3% for most other breaches, including transparency and literacy obligations. SMEs and startups are capped at the lower of the fixed amount or the percentage — a meaningful difference most articles leave out.
Reputational Damage
Public trust is fragile. A single compliance failure — exposed in the media — can permanently erode customer confidence and brand equity.
Operational Disruption
Regulators can mandate the suspension of AI systems. Sudden operational halts cost far more than proactive compliance investment.
Legal Liability
If an untrained employee causes harm using an AI tool — a data leak, a flawed decision sent to a client — the absence of a documented AI usage policy or training record makes that much harder to defend, regardless of whether a regulator ever gets involved.
What We Deliver
What we actually check — and fix.
End-to-end AI compliance, from initial risk assessment through to certification readiness and continuous monitoring.
AI Literacy & Usage Policy
We inventory every AI tool genuinely in use across your business (including the ones nobody officially approved), build a usage policy your team can actually follow, and deliver documented training that satisfies Article 4 — already a legal requirement, regardless of your size.
Transparency & Disclosure Audit
We check where Article 50 actually applies to you — chatbots, AI-generated content, synthetic media — and fix the gaps with the lightest possible touch. For most businesses, this is a one-line chatbot notice, not a redesign.
Risk Classification
We map your AI use against the Act's four risk tiers and tell you plainly whether anything you're doing strays into high-risk territory (hiring, credit, education) — and if it doesn't, we say so, instead of finding reasons to sell you more.
Ongoing Monitoring
EU guidance and codes of practice are still being finalised through 2027, and the high-risk systems list can expand. We keep your compliance posture current as the rules solidify, instead of leaving you with a one-time PDF.
Find out what actually applies to you
Book a free 30-minute compliance check. We'll look at how your business uses AI, tell you what the Act requires of you — and just as plainly, what it doesn't.