Deadline: August 2, 2026

EU AI Act Compliance for SMEs

The high-risk obligations kick in on August 2. If your AI systems are not classified, documented, and compliant by then, you are exposed.

We classify your AI systems by risk level, produce the documentation the regulation requires, and — if you need it — build compliant systems from scratch. One team, both jobs.

Talk to usStart with a £500 scoping review

CIPP/E certified. Fixed-price. No hourly billing.

What we do

Risk classification

Included in scoping review

We classify every AI system you run — prohibited, high-risk, limited, or minimal. This determines what documentation and processes you need. Most SMEs have a mix.

Conformity assessment (high-risk)

From £5,000

Technical documentation, risk management system, data governance practices, human oversight mechanisms, accuracy and robustness testing. The full package the regulation requires for high-risk AI.

Transparency documentation (limited risk)

From £1,500

AI disclosure notices, user-facing transparency, labelling requirements. What most chatbots and content generation tools need.

GDPR + AI Act combined

From £3,500

DPIA, DPA review, privacy notices, AI Act risk classification, and conformity documentation — all in one engagement. This is what most SMEs actually need.

The timeline

The AI Act is phased. Some obligations are already enforceable.

February 2, 2025

Enforceable

Prohibited AI practices banned

August 2, 2025

Enforceable

General-purpose AI model rules

August 2, 2026

4 months away

High-risk AI system obligations

August 2, 2027

Future

AI systems in Annex I products

Start here

AI Act Scoping Review — £500

We classify every AI system you run, identify what the regulation requires for each one, and give you a written action plan. One week, fixed price.

  • Risk classification of every AI system
  • Gap analysis against GDPR and AI Act requirements
  • Written report with prioritised recommendations
  • If you proceed to full compliance work, the £500 is deducted
Book a scoping review

Related reading

EU AI Act Compliance: What SMEs Must Do Before August 2026EU AI Act Conformity Assessment: Step-by-Step GuideAI Act Compliance Ireland: What Irish Businesses Need to KnowDo I Need a DPIA for My AI System?

Questions

Does the EU AI Act apply to UK businesses?

If your AI system affects EU residents — chatbot serving Irish customers, fraud detection covering European transactions, any AI output reaching the EU — it applies. The Act has extraterritorial reach, same as GDPR.

Is my chatbot high-risk?

Probably not. Most customer service chatbots are limited-risk — the main obligation is telling users they are talking to AI. High-risk applies to AI making significant decisions about people: credit scoring, recruitment, insurance pricing, eligibility assessments. We classify your system as part of the scoping review.

What does the £500 scoping review cover?

We classify every AI system you run by risk level, identify what documentation is needed, and give you a prioritised action plan. Written report, 1 week. If you proceed to full compliance work, the £500 is deducted.

I already have GDPR documentation. Does that help?

Significantly. DPIAs, DPAs, privacy notices, and retention policies all feed into AI Act compliance. The AI Act adds to GDPR — it does not replace it. If your GDPR house is in order, you are further along than most.

What happens if I do nothing before August 2?

Fines up to €35 million or 7% of global turnover for prohibited practices. Up to €15 million or 3% for other violations. More practically: the first enforcement actions will target businesses with no documentation at all. Having documentation — even imperfect — is materially better than having none.

August 2 is coming.

Fixed-price quote within 48 hours.

Get in touch