We use only essential, cookie‑free logs by default. Turn on analytics to help us improve. Read our Privacy Policy.
Kenaz
EU AI Act

EU AI Act Compliance

For high-risk AI systems with an August 2026 deadline

The EU AI Act is the first comprehensive AI regulation in the world. High-risk system requirements take effect August 2, 2026. We help you classify your AI systems, identify compliance gaps, and build the documentation regulators expect.

Get an AI Act Readiness Review

The Deadline Reality

August 2, 2026

High-risk AI system obligations become enforceable. Non-compliance penalties reach €35M or 7% of global annual turnover — whichever is higher.

What triggers high-risk classification

AI systems used in: biometric identification, critical infrastructure, education and vocational training, employment and worker management, access to essential services, law enforcement, migration and border control, administration of justice.

What high-risk systems must demonstrate

Risk management system (Article 9), data governance (Article 10), technical documentation (Article 11), record-keeping (Article 12), transparency (Article 13), human oversight (Article 14), accuracy, robustness and cybersecurity (Article 15).

What happens after August 2026

Market surveillance authorities can request technical documentation, access to source code, and audit results. Systems that don't comply face withdrawal from the EU market.

What We Offer

Three engagement tiers — from risk classification to continuous compliance.

Gap Assessment

2–3 weeks

Risk classification of all AI systems. Identification of high-risk obligations that apply. Gap analysis against Articles 9–15. Executive summary with compliance roadmap.

Deliverable

Compliance gap report + risk classification matrix

Full Compliance Audit

6–8 weeks

Complete conformity assessment preparation. Technical documentation review against Annex IV. Robustness and cybersecurity testing powered by Mantis. Human oversight mechanism evaluation. Audit-ready compliance package.

Deliverable

Full audit report + technical remediation plan + board-ready documentation

Continuous Compliance

Ongoing

Annual compliance reassessment. Monitoring of regulatory guidance and enforcement actions. Updated documentation as systems evolve. Pre-audit preparation for market surveillance requests.

Deliverable

Quarterly compliance reviews + updated documentation + incident response support

What We Evaluate

Systematic assessment against every high-risk obligation.

Article 9

Risk Management System

Identification and analysis of known and foreseeable risks. Estimation and evaluation of risks from intended use and reasonably foreseeable misuse. Risk mitigation measures and their effectiveness.

Article 10

Data Governance

Training, validation and testing datasets — relevance, representativeness, completeness. Bias examination and mitigation. Data quality criteria and preprocessing decisions.

Article 11–12

Documentation & Logging

Technical documentation per Annex IV requirements. Automatic logging capabilities for traceability. Record-keeping sufficient for post-market monitoring.

Article 13

Transparency

Instructions for use that enable deployers to understand AI output. Clear disclosure of AI system capabilities and limitations. Interpretability appropriate to the system's purpose.

Article 14

Human Oversight

Mechanisms for effective human oversight during operation. Ability to understand, monitor, and override system decisions. Safeguards against automation bias and over-reliance.

Article 15

Accuracy, Robustness & Cybersecurity

Performance metrics and accuracy levels documented. Resilience against errors, faults, and adversarial attacks. Cybersecurity measures proportionate to risks — tested with Mantis dynamic red-teaming.

Article 15 robustness and cybersecurity testing powered by Mantis.

Assessment Process

From classification to compliance-ready documentation.

Discovery & Classification

Inventory all AI systems. Apply risk classification criteria. Identify which systems fall under high-risk obligations and which are exempt.

Technical Assessment

Deep dive into each high-risk system against Articles 9–15. Architecture review, data governance audit, robustness testing via Mantis platform. Identify every gap.

Gap Analysis & Scoring

Map findings to specific Articles and Annex requirements. Score gaps by severity and remediation effort. Prioritize based on enforcement risk.

Remediation Roadmap

Actionable plan with technical specifications for each gap. Quick wins, medium-term fixes, architectural changes. Timeline aligned with August 2026 deadline.

Documentation Package

Conformity assessment documentation. Technical documentation per Annex IV. Board-ready compliance summary. Ready for market surveillance authority requests.

What You Get

Risk Classification Report

  • Complete AI system inventory with classification rationale
  • High-risk / limited-risk / minimal-risk mapping per system
  • Exemption analysis where applicable
  • GPAI model obligations assessment (if applicable)

Compliance Gap Report

  • Per-system assessment against Articles 9–15
  • Severity scoring for each finding
  • Cross-reference with GDPR obligations where overlapping
  • Comparison with current enforcement guidance

Technical Remediation Plan

  • Prioritized fixes with effort and cost estimates
  • Architecture recommendations for compliance-by-design
  • Annex IV documentation templates and guidance
  • Timeline aligned with enforcement deadline

Executive & DPO Package

  • Board-ready compliance status overview
  • Regulatory risk quantification
  • Investment justification for compliance program
  • Market surveillance readiness checklist

Who Needs This

Organizations deploying AI systems in the EU market
Providers of high-risk AI systems under Annex III
Healthcare AI: clinical decision support, diagnostic systems, treatment recommendations
Financial services: credit scoring, fraud detection, algorithmic trading
HR technology: CV screening, performance evaluation, workforce management
Critical infrastructure: energy grid management, water treatment, transport systems
Companies using general-purpose AI models (GPAI) in high-risk contexts

Frequently Asked Questions

Our Platform

Mantis — AI Security Platform

Article 15 robustness and cybersecurity testing, powered by static analysis + dynamic red-teaming + AI validation.

Related Service

GDPR AI Compliance Audit

AI Act and GDPR overlap significantly. Combine both audits for efficiency and comprehensive coverage.

August 2026 is closer than you think

High-risk AI system obligations become enforceable in months, not years. Start with a gap assessment to know where you stand — and what it takes to get compliant.

Get an AI Act Readiness Review