EU AI Act Readiness Audit
Ready for August 2, 2026? In three weeks you'll know for sure.
Investment scaled to number of AI systems in scope · Custom mini-proposal in 48 hours · 3 weeks
On August 2, 2026, obligations for high-risk AI systems take effect. Penalties up to €35M or 7% of global turnover.
What changes on August 2, 2026
From that date, AI systems classified as "high-risk" under the EU AI Act — Annex III — must be compliant. The list is long and likely touches sectors you already operate in: hiring, credit scoring, insurance underwriting, access management, education, law enforcement, critical infrastructure management.
The problem isn't regulation itself. The problem is that more than half of European companies don't have a systematic inventory of their AI systems in production. Not from negligence — but because AI has spread capillary in the past two years, inside HR applications, inside CRMs, inside marketing tools, inside credit scoring processes — and no one has ever mapped it.
The maximum penalty is €35 million or 7% of annual global turnover, whichever is higher. But even before the penalty, a single audit request from the regulator can shut down a production system.
Audit output
- Complete inventory of AI systems in production and roadmap for the next twelve months — not just formal projects, but also AI components inside third-party suppliers
- Risk classification for each system under the AI Act's four categories: prohibited, high, limited, minimal — with explicit motivation
- Detailed gap analysis for every high-risk system: what's already compliant, what's missing, what's critical
- Regulatory requirements mapping with calendar of 2026, 2027, 2028 deadlines
- Operational action plan with owners, timelines, costs, dependencies
- Technical documentation templates: conformity assessment, data governance, risk management, transparency obligations
- Budget estimate to close gaps, separated into "mandatory by deadline" and "recommended"
- Board briefing in executive presentation format
All delivered in a half-day handover session with General Counsel, CIO, and Chief Risk Officer present together.
How the three weeks unfold
Week 1 — Discovery & inventory
Two days on-site with IT, security, legal, business teams. We surface the "hidden" AI systems — those inside suppliers, inside SaaS components, inside processes nobody called AI before 2023.
Week 2 — Classification & gap analysis
Analytical work, integrated by AI Act legal specialists (subcontracted via PiirZ with lawyers specialized in European technology regulation). For each high-risk system, point-by-point gap analysis.
Week 3 — Action plan & handover
Prioritization workshop: what to do by August, what by year-end, what's "recommended but not mandatory." Budget estimate. Final session with all stakeholders.
This audit is for you if
- You have AI systems in production in regulated sectors: banking, insurance, healthcare, HR tech, edtech, access control, scoring, education
- You're General Counsel, Chief Risk Officer, CIO, Compliance Officer at a company with EU exposure
- Your company is classified as "deployer" or "provider" under the AI Act
- You need an independent audit, from an advisor who doesn't then sell you the compliance tools
Who it's not for
- Companies that don't operate in the EU and have no EU users (you're not subject)
- Companies using only low-risk AI (marketing chatbots, content generation) — a lighter audit suffices
- Those looking for a formal "stamp" — this audit is substantive, not cosmetic
How the investment works
Discovery call (30 minutes, free): we determine if you're in AI Act scope, how many systems need mapping, what deadline matters for you.
Written mini-proposal in 48 hours: scope, calendar, exact investment calibrated to the number of AI systems to audit.
Scoping call (60 minutes, if the mini-proposal is on track): we define specific systems, workshop stakeholders, possible legal AI Act support.
SOW + contract: signature and kickoff within 5 working days. Payment in two tranches, 50% at kickoff and 50% at handover.
Investment scales to the number of AI systems to map and classify (typical range 10-40), to jurisdictional complexity, to possible subcontracting to legal AI Act specialists. That's why there's no fixed price on the site — there's a fair price for your case.
Guarantee: if the audit reveals your company isn't in the AI Act scope, I refund 50% of the fee paid.
Frequently asked questions
Are three weeks really enough?
For a company with clear scope (single legal perimeter, around ten AI systems), yes. For multi-country or multi-entity groups, we can do a first perimeter in three weeks and iterate.
Do you have lawyers on the team?
Yes. The core of the audit I conduct myself. The specific legal-regulatory part is covered by specialized lawyers I work with through PiirZ Digital, chosen for AI Act + GDPR + cybersecurity specialization.
If you find critical gaps, can we work together on remediation?
Yes, but it's a separate service. The audit is independent by design — precisely to ensure that gaps I find aren't created to generate follow-on work for me.
What's the actual penalty risk in practice?
For large companies with media or regulatory exposure, high. The European regulator will use the first two years as "example years." You don't want to be one of the example cases.
Can we start before August 2 and still make it in time?
Yes, but the calendar tightens fast. If you sign by end of May, we finish by end of June and you have a month to implement the most critical fixes.
The deadline is fixed. The weeks aren't.
Fill in the pre-qualification form (5 questions, two minutes). If you're in AI Act scope, we book a discovery call and I send mini-proposal in 48 hours. If you're not in scope, I'll tell you explicitly — without selling an audit you don't need.
Request a proposal