AI Compliance

Pick Your Plan — Stay AI Act Ready.
Whether preparing for market entry or ensuring ongoing compliance, businesses gain expert guidance, clear deliverables, and peace of mind — all tailored to their stage and goals.

Quick Start Overview

AI Act Readiness
Pricing

Scope-based tiers for startups and scale-ups — pricing linked to system risk, number of use cases, and evidence depth, includes artifacts list and estimated effort.

Learn More

AI Act Readiness
Roadmap

Phased path to readiness — risk-tier classification, role mapping, conformity route, technical file, testing plan, human-oversight controls, and post-market monitoring.

Learn More

EU Market Entry for Non-EU Companies

Operational pathway for non-EU providers and deployers — representation service, importer/distributor handoffs, documentation and labeling flows.

Learn More

Pricing plan

Starter
30-Days
Startup Pre-seed / Series A or Small company
7000
What’s included:
Determining AI Act applicability
Risk Tiering
Identifying Compliance Gaps
Establishing Governance
Documentation
Get started
Launch
90-Days
Scaling startups or Small / Medium company
29 000
What’s included:
Everything in Starter package
Close high-risk gaps
Technical validation
Complete Annex IV
Embed governance into SDLC
Get started
Continuous Shield
Scaling startups or Small / Medium company
3500/month
What’s included:
Ongoing compliance ops
Incident playbook
Annual re-assessment
Updated Annex IV sections
Get started
Starter 30-Days
7000
Startup Pre-seed / Series A or Small company
Get started
Launch 90-Days
35 000
Scaling startups or Small / Medium company
Get started
Continuous Shield
3500/mo
Live in EU or going live this quarter releases
Get started
Determining AI Act applicability
Conformity Strategy
Risk Tiering
Identifying Compliance Gaps
Establishing initial  Governance
All Required Documentation
Registration Support
Close high-risk gaps
cross-circle Created with Sketch Beta.
Complete Annex IV
cross-circle Created with Sketch Beta.
Close high-risk gaps
cross-circle Created with Sketch Beta.
Technical validation
cross-circle Created with Sketch Beta.
Embed governance into SDLC
cross-circle Created with Sketch Beta.
Close high-risk gaps
cross-circle Created with Sketch Beta.
Continuous support
Ongoing compliance ops
cross-circle Created with Sketch Beta.
cross-circle Created with Sketch Beta.
Incident playbook
cross-circle Created with Sketch Beta.
cross-circle Created with Sketch Beta.
Annual re-assessment
cross-circle Created with Sketch Beta.
cross-circle Created with Sketch Beta.
Updated Annex IV sections
cross-circle Created with Sketch Beta.
cross-circle Created with Sketch Beta.
Training refresh
cross-circle Created with Sketch Beta.
cross-circle Created with Sketch Beta.
Get started
Get started
Get started

The symbol “ - ” indicates that the corresponding service or requirement is not applicable for this specific proposal

Who This Applies To

Applies to organizations that build, supply, or use AI systems in the EU—including non-EU companies serving EU users. Covers providers, deployers, importers, and distributors, with a focus on higher-risk use cases; expect role clarity, risk classification, a technical file, conformity steps, and ongoing monitoring.

What benefits of AI Act for business:

Market access & procurement

Risk and liability control

Trust and revenue enablement

Operational discipline at scale

AI Act Process Roadmap

number10

Risk Tiering & Confomity Route

Classify the system, choose the conformity path, confirm notified-body needs, and set a prioritized milestone plan.

number11

Technical Documentation, Data & Model Validation

Compile the technical file and generate traceable evidence from bias/robustness/accuracy testing.

number12

Human Oversight and Security

Oversight transparency with logging, access, security, incident response, and change control.

number13

Post-Market Monitoring

Set up feedback, drift and event logging, periodic reviews, retrainers, and compliance reports.

1. Risk Tiering & Confomity Route

Determine the system’s risk class, map roles and duties, select the conformity path and applicable standards, identify notified body, and generate a prioritized gap list with milestones.

Risk Tier Classification

Classifying each use case against the EU risk using intended purpose, context of use, affected users, and autonomy.

Conformity Route & Notified Body Needs

Pick the conformity route, align to harmonized standards, verify QMS readiness, and flag notified-body needs.

2. Technical Documentation, Data & Model Validation

Core evidence set — technical file (purpose, architecture, risks, controls) and data governance (provenance, quality, bias)—with traceability, test reports, and auditable records aligned to harmonized standards for procurement, NB review, and releases.

Technical Documentation

Purpose, architecture, risk summary, control mapping, and a traceability index linking requirements to tests and evidence.

Data Governance and Records

Provenance and lineage, quality and bias checks, retention/access rules, and auditable records across training, tuning, and deployment.

Model Testing and Robustness

Planned tests with accuracy, bias, and robustness metrics, and release gates with documented thresholds.

3. Human Oversight and Security

Safeguards for understandable, controllable AI — human-in/over-the-loop checks, clear disclosures, full logging & access control, secure dev/runtime, monitoring, and incident response with reporting.

Human Oversight & Transparency

Design clear decision checkpoints and escalations,  log rationale, and enable traceable review of high-impact outputs.

Cybersecurity & Incident Handling

Access management, continuous logging, incident playbooks for containment, evidence for notification and post-incident review.

4. Post-Market Monitoring

Keep the system on track — collect feedback and incident reports, run regular reviews, control retraining, and keep clear records.

Feedback & Incident Intake

Centralized channels for user feedback and incident reports with triage rules, severity levels, user notices, and linkage to logs and evidence.

Performance and Drift Monitoring

Use-case metrics and bias monitors with thresholds, alerts, and shadow checks to detect accuracy loss, misuse, or context change.

Periodic Review

Scheduled reviews, root-cause analysis, correctiv actions, retraining and change control, plus regulator/client reporting and retention of records.

EU Market Entry for
Non-EU Companies

Pathway for non-EU providers and deployers to enter the EU market: role mapping, EU representation service, importer/distributor handoffs, conformity route with technical file and labeling, post-market reporting lines.

Get Started

FAQs

Discover answers to your pressing questions about AI Act compliance services and requirements.

Contact
What is the EU AI Act — in one paragraph for product teams?

A risk-based rulebook for how AI is built and run in the EU. Teams classify use cases, map roles, choose a conformity path, prepare a technical file (purpose, data, tests, oversight, security), and monitor after launch with logs, incidents, and periodic reviews.

How long does AI Act readiness typically take?

Most focused products reach initial readiness in 2–3 months. That covers scoping, risk tiering, conformity route, a technical file foundation, core testing evidence, and a basic post-market plan. Broader portfolios or multiple high-risk use cases take longer.

When should preparation start?

Now. Readiness work stacks up fast—data mapping, test design, evidence generation, and process updates. Leaving it until late compresses tasks, raises cost and delivery risk, and can block enterprise deals or market entry.
Late starts often lead to incomplete technical files, rushed testing, limited availability for external reviews, and slower procurement cycles—making it hard to “do everything in a day.” Starting early spreads effort, reduces rework, and keeps launch or sales timelines on track.

Does this apply to non-EU companies serving EU users?

Yes. If EU users can access or use the system, the rules apply. Non-EU firms may need an EU representative and must meet the same documentation, testing, transparency, and monitoring duties.

Is our use case high-risk? What decides the tier?

Think impact and context. High-risk often means: consequential decisions, vulnerable users, autonomous operation, bias potential, or fundamental-rights impact. If several apply, treat it as high-risk until assessed.

Do we need a notified body, or is self-assessment enough?

It depends on the chosen route. Many high-risk systems can use internal control when aligned to standards and backed by a QMS. Third-party review is needed when standards aren’t used, when tied to other product laws, or when the route requires it.

What to do before and after launch?

Before: classify risk and roles, pick the route, build the technical file (data governance, testing, oversight, security), set instructions.
After: track KPIs and drift, handle incidents and feedback, run CAPA and controlled retraining, keep evidence up to date.

Choose Your Compliance Plan

Select a plan that fits your needs or contact us for a tailored consultation.

Get Started