[ SOLUTIONS ] / [ AI ACT COMPLIANCE IMPLEMENTATION ]

The AI Act, implemented in software, not just in policies.

EU Regulation 2024/1689 (AI Act) takes effect in August 2026. Anyone building or using high-risk AI (HR, credit scoring, biometric applications, healthcare) has to implement specific technical requirements. We build them into the software, not into documents nobody reads.

Let's talk
[ THE PROBLEM ]

What happens today.

The AI Act introduces for the first time in Europe a risk-based regulatory framework for AI systems. For 'high-risk' systems (HR, credit scoring, biometrics, some healthcare cases) specific technical requirements apply: user transparency, decision logging, bias evaluation, human oversight, robustness testing.

Many companies are preparing with policies, internal communications, and DPIA-like documents. The problem is that AI Act conformity requires concrete technical implementation in software: without that, the policy is paper. We work to move requirements from the document to the code.

AI policies not implemented in software are letters to the regulator. Compliance lives in the code.

[ HOW IT WORKS ]

The solution, broken into parts.

  • Risk classification + threat model

    We classify the AI system by AI Act risk level (prohibited, high risk, limited risk, minimal). For high-risk, threat model of specific risks (bias, manipulation, classification error, privacy loss).

  • Technical requirements implemented

    User transparency (explicit declaration of AI interaction), structured logging of AI decisions (input, output, confidence, model, version), bias evaluation on representative datasets, human oversight on critical flows, robustness testing with adversarial inputs.

  • Documentation + audit kit

    Technical documentation as required by the AI Act (Annex IV), exportable audit logs, evidence of tests run, versioned threat model, AI incident-management process. All ready for regulator or enterprise-customer audits.

[ WHO IT'S FOR ]

The typical profiles who benefit.

  • Companies developing or using AI in HR

    CV screening systems, automated video interviewing, performance evaluation, AI-supported promotion/dismissal decisions: all fall under high risk.

  • Fintech with AI credit scoring

    Credit scoring systems, fraud detection with automated decisions, customer risk classification: the AI Act requires explainability, human oversight, structured audit trail.

[ WHAT WE NEED ]

Transparency on what the client does.

Before we start we need a few accesses and decisions. All reasonable, no surprise asks.

  • System to bring into conformity

    • Technical description of the AI system (algorithms, training data, purpose)
    • Mapping of actual use cases (who uses it, for which decisions, with what implications)

  • Governance decisions

    • Internal risk owner (CISO, DPO, Compliance Officer)
    • Existing internal policies on AI, privacy, security
[ TIME AND COST ]

Indicative numbers, not quotes.

TIME
Typically 8-16 weeks for audit + remediation of an existing system. For new systems, we build compliance in from design.
COST
Range €25,000-80,000 depending on the complexity of the existing system and the starting point.
MODEL
Time & material for the audit phase, fixed milestones for the remediation.

Indicative numbers. For an accurate quote, let's talk.

[ FREQUENTLY ASKED ]

Answers to the most common questions.

Does my AI system fall under AI Act "high-risk"?

The AI Act lists high-risk use cases (Annex III): HR (screening, performance), credit scoring, identification biometrics, critical-infrastructure management, some law-enforcement and healthcare applications. Classification is case-by-case. We do an initial risk assessment to determine where your system falls.

When does the AI Act come into force?

The AI Act is in force with progressive application: prohibitions already active (February 2025), GPAI obligations from August 2025, high-risk requirements from August 2026. Non-conformity sanctions go up to 7% of global annual turnover or €35M, whichever is higher.

Do you also handle overall legal compliance?

No. We implement the technical requirements of the AI Act in software. Organizational, legal, and procedural compliance stays with your DPO/CISO/Compliance Officer. We work well alongside those roles: we deliver technical evidence, audit logs, technical documentation, support for third-party audits.

[ LET'S TALK ]

Recognize your case?

Write a couple of lines about your context. We'll reply within 24-48 hours with an initial assessment and a first orientation on time and cost.

Let's talk
[ RELATED SOLUTIONS ]
[ WHERE IT WORKS BEST ]
[ PARENT PILLAR ]
AI agents and LLM integration We don't replace your systems. We give you AI agents that integrate with them.