A two-week diagnostic of where you stand against the EU AI Act.
A fixed-scope, two-week diagnostic of where your organisation stands against the EU AI Act, mapped to high-risk classifications, the OECD AI Principles and ISO/IEC 42001. Document review, six stakeholder interviews, tool inventory, a 15–20 page gap report, a 90-minute board presentation, and a 12-week remediation roadmap.
When this is the right fit
If two or more of these are true, an Audit will move you further than another strategy workshop.
Your AI Act risk classification is unwritten
You use AI systems (procured or built) but cannot point to a document classifying each under Annex III risk tiers. That's the first question an auditor will ask.
No named AI governance owner
Article 26 expects one. 31% of European mid-market firms have a named owner; the other 69% need to close that gap before 2 August 2026.
Vendor due diligence is not documented
Your customers are about to start asking. Without an inventory, risk assessment and oversight record, you cannot answer their procurement questionnaires.
You want defensible answers, not opinions
Every finding is mapped to a specific Article, Annex or ISO/IEC 42001 clause. The report is built to be quoted in front of an audit committee, not to flatter.
Take the Index first.
Most engagements start from a real Index result, not a generic discovery call.