AI Act readiness and gap analysis
Bring AI systems, roles, risks and missing evidence into one decision-ready roadmap. In 2 weeks we combine AI inventory, classification, vendor/DPIA/FRIA signals and leadership priorities.
Readiness sprint
2 weeks
From uncertainty to route
AI register baseline and system owners
Risk classification per AI system
DPIA/FRIA, vendor and Article 4 signals
30-60-90 day roadmap for decision-making
When this gap analysis fits
This hub is for organizations that know AI Act preparation is needed, but do not yet have a clear view of systems, roles, risks and evidence.
No full picture yet
AI tools, SaaS features and team-level solutions are spread across IT, procurement, privacy and the business.
Unclear risk class
There is uncertainty around high-risk, transparency duties, GPAI, provider/deployer role or low-risk documentation.
Decision-making is stuck
Leadership needs to know what comes first: register, FRIA/DPIA, vendor questions, training, policy or evidence pack.
What the gap analysis delivers
AI register baseline with system, purpose, owner, supplier and process context
Risk classification per system: prohibited, high-risk, transparency duty, GPAI or low risk
Provider/deployer signal and first role split for own systems, SaaS and suppliers
Gap matrix for governance, data, logging, human oversight, transparency and monitoring
DPIA/FRIA signals for AI systems that affect people, privacy or fundamental rights
Vendor evidence and contract questions for procurement, renewal or customer conversations
Article 4 and AI literacy signals for teams that work with or manage AI
30-60-90 day roadmap with priorities, owners, decision points and logical follow-up routes
Approach in 2 weeks
Scope and intake
We define business units, processes, suppliers, AI systems and decision questions that fit the first readiness scope.
Inventory and classification
We collect systems, roles, use cases and supplier information and assign each system a first AI Act route.
Gap matrix
We record where evidence is missing across governance, data, vendor evidence, DPIA/FRIA, human oversight, transparency and training.
Roadmap
We sequence actions into 30, 60 and 90 days, with owner, urgency, dependencies and decision points.
Leadership session
We present findings and decide whether the next step is register, FRIA/DPIA, vendor check, Article 4 Evidence Sprint or governance framework.
Routes we explicitly include
AI register and classification
Which systems exist, who owns them and which AI Act route is likely?
FRIA/DPIA and fundamental rights
Where do systems affect people, privacy, bias, access to services or employment relationships?
Vendor evidence and contracts
Which supplier claims, role split, documentation and contract points are missing?
Article 4 and leadership reporting
Which teams need demonstrable competence and what should leadership be able to read?
Who this works for
Legal, privacy and compliance
Teams that need to organize AI Act, GDPR, DPIA/FRIA and evidence building together.
IT, security and procurement
Teams that need grip on AI tools, SaaS features, model chains, vendor evidence and contracts.
Board and leadership
Teams that need a readable priority map instead of scattered risk notes.
HR, finance, public sector and product teams
Contexts where AI influences decisions about people, services, selection, credit or customer processes.
Afterwards you know
Which AI systems need priority
Which risk and obligation route is likely per system
Which evidence is missing and who should provide it
Where DPIA, FRIA, vendor check or training is needed
Which 30, 60 and 90 day actions are realistic
Logical next steps
AI inventory and register setup
For a compact inventory with owner, risk, evidence status and first actions.
View routeAI management readiness report
For leadership, board or MT that needs a readable risk heatmap and 30-60-90 day roadmap.
View routeFRIA/DPIA for AI systems
For systems that affect privacy, fundamental rights, bias or human oversight.
View routeAI vendor and contract check
For procurement, SaaS, contract renewal and enterprise customer questions.
View routeArticle 4 Evidence Sprint
For demonstrable AI literacy among teams that use or manage AI.
View routeHigh-risk AI guidelines
See the 8 Annex III domains with examples, evidence and practical PDF guides.
View routeFrequently asked questions
Is this legal advice or a conformity assessment?
No. This is a practical readiness and gap analysis. We structure systems, risks, signals and next steps so legal, privacy, IT and leadership can make focused decisions.
We do not know which AI systems we use yet. Is that a problem?
No. That is exactly when this is a logical first step. We use short interviews, tool overviews, procurement and privacy input to make the first register and key uncertainties visible.
How does this relate to AI inventory setup?
AI inventory setup is a compact register sprint. The readiness/gap analysis uses that register as a base, but adds classification, gap matrix, vendor/DPIA/FRIA signals and a leadership roadmap.
What if we have no high-risk AI?
That is still valuable. You then have substantiated which systems do not appear to follow a high-risk route and which duties remain, such as transparency, AI literacy, supplier control or policy.
How much internal time does this require?
Usually 2 to 4 short interviews, access to existing tool or supplier overviews and one review moment. We do most of the drafting.
Make your AI Act route concrete.
Start with the Gap Intake. That tells us which systems, suppliers and decision questions belong in the first readiness scope.