Service

AI Governance & Documentation

AI system inventory, risk classification, and governance documentation — for deployers as well as developers.

The EU AI Act creates compliance obligations for organisations that develop, deploy, or use AI systems. Many organisations are deployers — and deployers of high-risk applications carry direct obligations under Article 26, not only developers. We assess which systems in your organisation fall under the Act, classify their risk level, design a proportionate governance framework, and produce the technical and policy documentation required.

What the engagement produces

AI system inventory documenting all AI systems and their use contexts within your organisation.

EU AI Act applicability assessment — which obligations apply to which systems.

Risk classification for each system under the Act's prohibited, high-risk, and limited-risk categories.

Governance framework designed proportionate to your risk profile and operational context.

Technical documentation templates for high-risk systems, ready for internal adaptation.

Internal AI use policy documentation aligned to your governance framework.

What is out of scope

Ongoing AI governance monitoring (available as a separate retainer engagement).

Technical implementation of AI systems or model development.

Legal advice on regulatory interpretation.

Third-party conformity assessment or certification.

Data protection impact assessments (separate service scope).

What you have when the engagement closes

A documented AI system inventory that reveals your full AI footprint and applicable obligations.

A risk classification that clarifies precisely what the EU AI Act requires of your organisation.

A governance framework that can be operationalised and maintained without ongoing advisory dependency.

Technical documentation templates that can be adapted as your organisation adopts new AI systems.

How the engagement is delivered

Inventory

We map existing and planned AI systems, their use contexts, and the actors involved in their deployment.

Classification

We apply EU AI Act risk levels, identify which systems are in scope, and determine compliance obligations.

Framework

We design a governance structure proportionate to your risk profile — practical, not over-engineered.

Documentation

We prepare the required technical documentation and internal policy documentation for each in-scope system.

Service

Start with an AI Act applicability review.

A scoping conversation establishes which AI systems are in scope and what the classification and documentation engagement would involve.

Review AI documentation readiness