Each service produces structured, auditable evidence not advisory reports.
Choose the depth that fits your current stage and regulatory timeline.
Each service produce structured, auditable evidence, not advisory reports. Choose the depth that fits your current stage and regulatory timeline.
Readiness Sprint
Inventory · Classification · Roadmap
Compliance-In-a-Box
Implementation · Evidence Vault · FRIAs
Governance-as-a-Service
Monitoring · Updates · Audit support
A four-week structured engagement that tells you exactly where you stand which AI systems you operate, how they classify under the EU AI Act, what governance obligations apply, and what you need to do before August 2026.
The Sprint ends with a prioritised compliance roadmap and a board-ready summary. All outputs are documented, version controlled, and structured for your AI risk register in Microsoft Lists.
Structured SharePoint site architecture with controlled permissions, version history, and labelled document libraries for every governance artefact type.
Configured Microsoft Lists with structured fields, status tracking, and automated deadline alerts all linked to the Evidence Vault.
FRIA intake, DSAR handling, and use case review flows built in Copilot Studio, triggered from Teams, logged to the Evidence Vault automatically.
Sensitivity labels, DLP policies, retention schedules, and audit log access configured and validated against regulatory requirements.
Priority assessments fully executed, reviewed, and archived with the auditor access protocol tested and operational before handover.
End-to-end deployment of your AI governance infrastructure inside Microsoft 365. By the end of the engagement, your Evidence Vault is live, your registers are populated, Purview controls are configured, and your first FRIAs are completed and archived.
Everything runs inside your existing tenant. No new vendor relationships, no additional software licences, no data leaving your environment. Auditor access is established from day one.
Structured SharePoint site architecture with controlled permissions, version history, and labelled document libraries for every governance artefact type.
Configured Microsoft Lists with structured fields, status tracking, and automated deadline alerts all linked to the Evidence Vault.
FRIA intake, DSAR handling, and use case review flows built in Copilot Studio, triggered from Teams, logged to the Evidence Vault automatically.
Sensitivity labels, DLP policies, retention schedules, and audit log access configured and validated against regulatory requirements.
Priority assessments fully executed, reviewed, and archived with the auditor access protocol tested and operational before handover.
Continuous AI governance: maintaining your registers, integrating regulatory updates, assessing new AI deployments, and providing ongoing audit support so your compliance infrastructure remains current as the AI Act is actively enforced.
The AI Act does not end with implementation. Enforcement begins in August 2026. New guidance, enforcement decisions, and Annex III interpretations will require governance adjustments. GaaS ensures you are not caught off-guard.
Regulatory updates, enforcement trends, and EDPB/AI Office guidance translated into specific governance actions for your organisation.
Any new AI deployment assessed, classified, and registered with FRIA or DPIA triggered automatically where required before go-live.
Structured review of your governance posture, open actions, register completeness, and Purview controls with a written summary for your board.
If a regulator inquires or an audit is initiated, we prepare the evidence dossier and support your team through the process — using the documentation already in place.