Compliance with the European Regulation on Artificial Intelligence (AI Act)

The new European regulation on artificial intelligence imposes strict requirements to ensure the transparency, security, and ethics of AI systems. Prepare your company for compliance now to avoid costly penalties.
Make an appointment with an expert
TRUSTED BY

Why comply with the AI Act?

Build customer trust

By ensuring the transparency and ethics of your AI systems, you show your customers and partners that you are a responsible player, which improves your reputation.

Avoid financial penalties

Failure to comply with the AIR can result in fines of up to 7% of your global annual turnover or €35 million. Get compliant today to secure your finances.

Stay competitive

Anticipating the requirements of the AI Act allows you to adapt to technological developments and secure your place in the European market.
Important to note

What is the AI Act?

The AI Act, or Artificial Intelligence Regulation (AI Regulation), is an European regulation. Its objective is to regulate the use of artificial intelligence (AI) systems within the European Union to ensure that they are designed and used ethically, safely, and respectfully of individuals' fundamental rights. This legislation applies to all organizations, large or small, that use or develop AI systems on the European market.

Prevent penalties and potential consequences before they happen.

Speak with one of our GDPR experts

Risk levels

A risk-based approach on 4 levels: minimal risk (the majority of AISs), specific risk (chatbot or content generation), high risk (biometrics, automated decision-making), unacceptable risk (social scoring, predictive policing, etc.)

General purpose models

Depending on the risk level, transparency and security requirements differ. It creates a new category that seems impossible to associate with a risk level: general-purpose models (the first example of which is LLM). For these models, the requirements vary depending on the risk analysis to be conducted.

Supervisory authorities

Who will oversee its implementation? At the European level, it will be the European AI Committee, which brings together high-level representatives from each member state. In France, it will be one or more competent authorities, but the latter has not yet been specified. France has 12 months to decide.

Application schedule

From February 2025, the prohibitions on unacceptable systems will apply, but it will be necessary to wait until August 2, 2026 for all the provisions of the AIR to take full effect and be fully implemented in each sector concerned.

Compliance obligations for high-risk AI systems.

For companies using AI systems classified as high-risk, the AIR imposes strict requirements to ensure the security and transparency of the tools.

These measures are essential to protect users' fundamental rights and avoid the legal and financial risks associated with non-compliance with the AIR. By complying with these obligations, companies not only ensure legal compliance but also strengthen the trust of their users.
01

Audit and certification

AI systems must be audited and certified before being put on the market to ensure they comply with established standards.
02

Continuous monitoring

It is crucial to regularly monitor systems to ensure they meet security criteria throughout their use.
03

Complete documentation

The systems training processes must be fully documented, thus ensuring the integrity and transparency of the algorithms.

Our AI Act Compliance Consulting Services

We offer a full range of services to support you in your compliance process:
Make an appointment with an expert
1

Drafting policies and procedures

We help you develop a documentary corpus that complies with the requirements of the AI Act:
AI Management Policy : Drafting policies defining ethical and responsible practices.
Compliance Procedures: Development of operational procedures to ensure compliance at every stage, from design to development, evaluation, operation, and exploitation of AI.
Technical Documentation: Development of the required documentation, including technical specifications and user guides, particularly concerning data sourcing and exploitation.
2

Assessment tools

We offer advanced tools to assess and manage the risks associated with your AI systems:
Risk Assessment: Detailed risk analysis to identify potential vulnerabilities and impacts on fundamental rights.
Assessment Grids: Tools for classifying your systems according to their risk level (unacceptable, high, low, minimal).
Test grids: discrimination and robustness tests
3

Determination of associated governance

We assist you in establishing solid governance for AI management:
Designation of a Compliance Officer: Identification of a dedicated officer to carry out the requirements of the AI Act.
Team Structuring: Creation of a team integrating IT, legal and data management experts.
Creation of comitology: AIS validation committee, ethics or strategic committee, depending on your challenges.
4

Assessment of AI Systems (AIS)

We carry out a comprehensive assessment of your AI systems:
AIS Mapping: Identification and classification of all existing and developing AI systems.
Compliance Analysis: Evaluation of systems to determine their risk level and regulatory compliance according to our analysis grids.
5

Development of a charter of uses for generative AI

We help you formalize a clear and secure framework for the use of generative AI tools within your organization:
Identification of internal uses: Analysis of current practices related to generative AI (ChatGPT, Copilot, etc.) in your teams.
Definition of rules and best practices: Drafting of a charter governing authorized use cases, limits to be respected, transparency obligations and legal vigilance points.
Raising awareness among teams: Support for the dissemination of the charter and the appropriation of the rules by employees.
6

Supervision of relationships between stakeholders

Defining Roles and Responsibilities: It is crucial to clarify the roles and responsibilities of each stakeholder (suppliers, users, importers, distributors) throughout the AI system lifecycle. This includes identifying the parties involved and properly allocating obligations.
Contractual Framework: Operators must establish clear contractual agreements that define the obligations and responsibilities of each party. Liability and recourse clauses must be carefully drafted to ensure a fair allocation of risks, taking into account the involvement of each operator.
Fair Risk Allocation: Contractual frameworks aim to ensure a fair risk allocation by identifying potential risks at each stage of the AI system's lifecycle. Contractual clauses must reflect this allocation in a balanced manner and include measures to mitigate or manage the identified risks.

Providing data compliance for
100+ leading organizations.

We help you turn your GDPR compliance into a competitive asset.

Our consultants guarantee successful GDPR compliance in 60 days with a customized action plan based on the unique needs of your organization.

Customized strategies for your organization.

We cater to what your organization needs, and focus on delivering the highest impact.

A partner that adapts to your needs.

No matter your situation we find a way to ensure you’re GDPR-compliant.

Constantly up to date.

Always on top of new rules and regulations to ensure you stay ahead of the curve.

Complete trust and transparency.

You’ll have total insight into what we’re doing every step of the way.
Your dedicated partner

Why choose DPO Consulting?

Our team of data protection and AI regulatory experts has extensive experience in AI regulations. We offer tailored support to meet the requirements of the AI Act, while ensuring your practices remain ethical and responsible.
Get in touch
1. Helping you map AI systems
The compliance obligations established by the AI Act apply to each AI system individually, not to your entire organization. That's why we conduct a comprehensive mapping of all your existing AI systems. Because these principles must be applied by design, we also ensure that all current or upcoming projects involving the use of AI are included.
2. Assessing the risk levels of AI systems and models
Each risk level has specific compliance requirements. That’s why we conduct a thorough risk assessment based on several criteria, including:

• Industry: e.g., banking, healthcare, entertainment, etc.
• Use case: Some AI, while considered high-risk, may have applications that are not, and therefore should not be classified as such.
• Power of the AI model.
• Types of data used: including personal data, sensitive data, etc.
3. Classifying AI systems by risk levels
After assessing your AI systems, we classify them according to their risk level: minimal, low, high, or unacceptable. If we determine that a risk is unacceptable, the product will be prohibited from commercialization. In other cases, we support you in implementing the necessary measures to authorize commercialization, such as a voluntary code of conduct (for minimal risks), the obligation to inform the user (for low risks), or rigorous compliance (for high risks).
Enhance your team

Bringing a high-risk system into compliance.

For high-risk systems, we guide your compliance process with the following steps:

1. Establish a risk management system: We implement appropriate measures to manage identified risks.
2. Validate data quality and avoid data discrimination: We test the AI system in a controlled environment to ensure the absence of bias and minimize discriminatory results.
3. Evaluate accuracy, robustness, and cybersecurity: We develop accuracy indicators and measures to correct for potential bias.
4. Ensure human control: We establish human oversight measures to reduce risks and allow users to trust these tools.
5. Respect the obligation of information and transparency: We guarantee the accessibility of archives throughout the lifetime of the AI system to ensure traceability and transparency.
6. Document the activities of AI systems: We implement a quality management system, including regulatory compliance, design, development, testing, and risk management.
7. Develop technical documentation: We design detailed system documentation.
8. Submit the declaration of conformity: Each high-risk AI system must have a declaration of conformity written, signed, and submitted to national authorities, with updates in case of changes.
9. Ensure CE marking: We verify that the CE marking is affixed in a visible, legible, and indelible manner, attesting to compliance with European requirements.
10. Proceed with registration : We register the organization that developed the AIS and the AIS itself in the EU database.

The commercialization of a high-risk AI solution therefore requires rigorous and well-supervised compliance.
We make fantastic long-term partners.

As your designated GDPR compliance partner, we’re here to grow as you do and support your organizational needs accordingly.

READ STORIES FROM OUR EXISTING PARTNERS
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer
Fearlessness, curiosity, and a willingness to experiment are the cornerstones of our culture. We embrace challenges with courage, nurture curiosity to drive continuous improvement, and understand that both successes and failures are invaluable teachers. Every experience contributes to our collective growth and evolution.
Floyd Miles
UI/UX Designer

Our technical compliance requirements are based on 4 pillars

Speak with one of our GDPR experts

Risk Analysis

We conduct a risk assessment of AISs, focusing on potential impacts on health, safety and fundamental rights.

Technical Documentation

We write documentation detailing the operation and specifications of each AIS.

Quality Management

We implement a quality management system to monitor compliance through internal and external audits.

Human Control

We ensure that automated decisions can be challenged and corrected if necessary.

Get in touch with one of our GDPR compliance experts.

Whether you have a clear idea of your DPO needs or not, our team can help point you in the right direction and understand what needs to get done.
The data collected on this form are intended for DPO Consulting. They are used to process your request. They are also used for sending you our newsletter if you have consented to it by checking the box below. Mandatory data are indicated on the form by an asterisk. In accordance with the EU Regulation 2016/679 of 27 April 2016 on the protection of personal data and the amended Law "Informatique et Libertés" of 6 January 1978, you have the right to the access, rectification, deletion, portability as well as limitation and opposition to the processing of your personal data. You can exercise that right by sending an email to the following address: dpo@dpo-consulting.com.

For more information about the processing of your personal data by DPO Consulting, you can consult the Data Protection Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Commonly asked questions on the compliance with the AI Act.

Who is affected by the AIR?

All companies and organizations operating within the European Union that use artificial intelligence systems are affected by the AIR. Companies developing, marketing, or using AI classified as "high-risk" will have to comply with specific obligations.

From when will the AIR be applicable?

The AIR Regulation will be phased in gradually, with full implementation expected by 2026. Companies should start preparing now to be compliant by that date.

What are the penalties for non-compliance with the AIR?

Compliance with the AI Act is crucial to avoid severe penalties. Non-compliant companies face fines of up to 7% of their global annual revenue or €35 million, depending on the severity of the violations. These penalties are designed to ensure compliance with the AIR's strict requirements for high-risk AI systems.

Stay up to date on all the latest data privacy and GDPR compliance news.
Your email address will be used to send you our newsletter as well as information concerning the activity and news of DPO Consulting. You can unsubscribe at any time by clicking on the unsubscribe link in the emails. To find out more about your rights, see our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
About us
Our expertise
myDPO
Contact us
contact@dpo-consulting.com
+33 (0)1 55 06 16 86
50, Avenue des Champs-Elysées, 75008, Paris, France
Outsourced DPOInternational DPODPO AssistanceEU RepresentativeUK RepresentativeData privacy training
Clinical Trial ComplianceGDPR Compliance auditPrivacy Impact Assessments (PIA)Digital transformationMulti regulatory complianceUK GDPR, UK DPA, & DUAA
Cybersecurity Compliance
CISO as a serviceCybersecurity maturity assessmentProject support
AI Act Compliance
AI Maturity assessmentAI Act training
DPO Consulting © 2024 All Rights Reserved |
Terms of Use
|
Privacy Policy
|
Cookie Policy
|
Legal Notice
Let’s create an experience as remarkable as your business
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Main pages
CMS Pages
Utility
Templates
hi@byq.studio
@byqstudio
+1 600 600 000