60 minutes. No charge. No sales pitch.
One fixed-scope engagement, whatever your starting point. You receive a written status report covering three layers:
No prerequisites. Works whether you have a full compliance team or no written policy at all. Scope and timeline are confirmed in writing before work begins.
60 minutes. No charge. No sales pitch.
For organisations building responsible AI use from the ground up. Most clients start here.
See what you get: AI policies · Training · Grievance channels
For deployers of high-risk systems under Annex III: credit scoring, candidate screening, insurance underwriting, education assessment, public services, biometrics.
See what you get: Compliance audit · FRIA methodology · Due diligence
If a FRIA we deliver fails Article 27 content requirements, we revise it at no charge.
Not sure which path fits? That is what the status call answers.
Staff use AI tools nobody approved, feeding company and client data into systems nobody assessed. The organisation cannot list which AI systems it actually runs.
AI use is governed by habit, not policy. When a client questionnaire, board, or regulator asks for the rules, there is nothing to show — and a verbal position is not governance.
No one can say who is responsible for a given AI system’s decisions — who approves deployment, who oversees outputs, who answers when something goes wrong.
The Status Check tells you which of these you have — and in what order to close them.
Enterprise procurement questionnaires, board risk committees, and insurance underwriters ask for AI governance evidence now — independent of any Brussels timeline. The dates below define when regulators act. Your market decides much earlier.
February 2, 2025 — In force
Social scoring, real-time biometric surveillance in public spaces, subliminal manipulation, exploitation of vulnerabilities. No grace period — these were banned from day one of application.
August 2, 2025 — In force
Providers of foundation models and large language models must publish technical documentation and meet copyright transparency requirements. Systemic-risk models face additional obligations: adversarial testing, incident reporting, cybersecurity measures.
August 2, 2026 — Binding
AI systems that interact with people must identify themselves as AI. AI-generated content must carry machine-readable disclosure. Deepfakes must be labeled. Emotion recognition and biometric categorisation systems must notify the people they process. Exception under the Omnibus: digital watermarking of AI-generated content (Article 50(2)) is extended to December 2, 2026.
December 2, 2027 — European Parliament voted June 16, 2026
Applies to: credit scoring · CV screening · insurance underwriting · education assessment · public services · biometric identification · law enforcement · migration · justice administration.
Deployer obligations (Article 26) include: operating the system according to the provider’s instructions, assigning trained human oversight, controlling input data, ongoing monitoring, log retention, and informing affected workers. Deployers that are public bodies, private entities providing public services, or providers of credit-scoring and life or health insurance risk-assessment systems must additionally complete a Fundamental Rights Impact Assessment (Article 27).
December 2, 2027 is the date for finished compliance — assessment, oversight design, documentation, and monitoring in place and operating — not the date to start.
(The European Parliament voted June 16, 2026 to shift this deadline to December 2, 2027 (423 for, 57 against). Council formal adoption and Official Journal publication are expected before August 2, 2026. Until OJ publication the amendment is not yet in force.)
The EU AI Act requires systematic AI systems analysis to meet all requirements. For this, you need more than checkbox audits that collapse under regulatory investigation.
We deliver scored severity, weighted likelihood, cumulative impact, and documented mitigation adequacy.
Dorothee Georg — LinkedInOne hour. You leave with your governance maturity picture, your three most critical gaps, and a clear first step. No sales pitch.
60 minutes. No charge. No sales pitch.
This website sets no cookies and runs no trackers. We collect your data only when you hand it to us, and we tell you exactly what happens to it. If we treat your data this way before you are a client, you know how we will treat your compliance file when you are one.
Read our privacy notice →