01 · FIXED SCOPE · 4 WEEKS
Know exactly where your organisation stands before August 2026 which AI systems you operate,
how they classify, and what you must do next. Delivered in four structured weeks.
WHAT IT IS
Most organisations deploying AI in 2026 do not have a complete picture of which systems they operate, which of those qualify as high-risk under the EU AI Act, and which obligations now apply to them. The AI Act Readiness Sprint is designed to close that gap systematically, within a fixed timeline, and with documented outputs that your board and legal counsel can rely on.
The Sprint is delivered entirely remotely, inside your Microsoft 365 environment. Every output is structured, version-controlled, and archived in your SharePoint Evidence Vault before handover.
Every AI tool, system, and model in use across your organisation identified, described, and classified by EU AI Act risk level prohibited, high-risk, limited-risk, or minimal-risk. Delivered as a structured Microsoft Lists register inside your tenant.
Your current governance posture documentation, assessments, controls, and oversight structures assessed against the obligations that apply to your specific AI systems under Annexes III and IV of the EU AI Act.
For each AI system classified as high-risk, the requirement for a Fundamental Rights Impact Assessment (FRIA) and Data Protection Impact Assessment (DPIA) is identified, scoped, and prioritised.
A structured action plan for 0–30, 30–90, and 90–180 days sequenced by legal obligation, resource requirement, and enforcement timeline. Formatted for board presentation and milestone tracking.
A concise, board-ready document summarising the findings, obligations, and recommended next steps written for decision-makers, not legal specialists.
HOW IT WORKS
A comprehensive intake questionnaire captures your AI systems, data flows, governance structures, and existing documentation. Estimated time from your team: 2–3 hours. All responses handled under NDA from first contact.
Your AI systems are mapped against EU AI Act Annexes II and III. Governance gaps are identified against Articles 9, 10, 11, 13, 14, and 27 obligations. FRIA and DPIA requirements flagged for each system.
Your AI inventory is built as a structured Microsoft Lists register inside your tenant — with risk classifications, system owners, and assessment status populated from the analysis. Auditor-accessible from day one.
A 90-minute executive session walks your leadership team through the findings. The compliance roadmap and board summary are delivered within 24 hours of the session. Everything archived in SharePoint.
The Readiness Sprint is the right starting point for any organisation that is uncertain about its AI Act exposure whether that uncertainty is about which systems qualify as high-risk, what documentation is already in place, or what needs to happen before August 2026.
An AI system is being developed or procured — you need to know the classification before it goes live.
An investor or acquirer has raised AI governance as a due diligence requirement and you need a documented position quickly.
Leadership is aware of the AI Act deadline but does not have a structured view of the organisation’s actual exposure.
A supervisory authority has made an inquiry, or a sector regulator has issued guidance that applies to your AI use cases.