AI Data Governance Advisory

EU AI Act transparency obligations enforceable from 2 August 2026.

AI governance that protects your people, your data, and your business.

Most organisations do not know what AI they have, what it can access, or who is responsible for it. We answer all three questions and give you a plan to fix what we find.

Deep Microsoft ecosystem expertise. EU AI Act compliance specialists. Vendor-agnostic governance methodology.

EU AI Act Enforcement Timeline
February 2025, AI Literacy and Prohibited AI
In Force

Already enforceable. If you have not acted, you are already exposed.

August 2, 2026, Transparency Obligations
No Extension

Weeks away. Customers and employees must be told when they are interacting with AI. No grace period.

December 2, 2027, High-Risk AI Compliance
Act Now

Minimum 12 to 18 months to implement correctly. Organisations starting now are already late.

Your path with Greyguard

One connected path. From first assessment to sustained compliance.

Most clients start with Compass. Everything else follows from what it surfaces.

01
Start here

Compass

A guided AI governance assessment across 13 governance domains. Verified by Greyguard compliance and legal specialists. Board-ready report.

02
2 to 4 weeks

Full Assessment & Technical Audit

Five-phase engagement involving technical, legal, compliance, and leadership teams. 105 questions across 13 governance domains. Validates findings and produces a complete risk picture.

03
Roadmap delivery

Remediation & Implementation

We work through the remediation roadmap with the right specialists for each gap, policy drafting, technical controls, and board reporting structures.

04
From €2,000 / month

Ongoing Governance Retainer

Monthly advisory, quarterly governance reviews, regulatory monitoring, and structured board reporting. Keeps your programme current as regulations and the AI landscape evolve.

Introducing Compass

Step 1, Start here · Launching soon

Your AI compliance posture, in one view.

Compass is your starting point. A guided AI governance assessment that gives your organisation a clear, verified picture of where you stand across 13 governance domains, from AI inventory and shadow AI through to agentic systems and sector-specific regulatory obligations. Every gap is mapped to the specific regulatory article it violates. The output is a board-ready report reviewed by Greyguard compliance and legal specialists before it reaches you. From there, Greyguard can help you close every gap we find.

Limited early access • Launching 2026

The gaps we find. Every time.

Shadow AI and ungoverned tools

Employees are using AI tools that have never been approved, sharing company data with systems no one has assessed. We find them, document them, and give you a plan to bring them under control.

Exposed data and excessive permissions

AI tools surface HR records, legal files, and financial data to people who should never see them. The root cause is permissions that were never designed with AI in mind. We identify every exposure and tell you exactly what to fix.

No named accountability

The EU AI Act requires a named individual accountable for every high-risk AI system. Most organisations cannot answer that question today. We define who owns what, with the authority and access to act on it.

Sector-specific coverage

Built-in modules for regulated sectors

Sector-specific modules cover the additional regulatory obligations that apply to Financial Services and Payments organisations, DORA, the EBA loan-origination guidelines (EBA/GL/2020/06), AMLD6, and PSD2, and Healthcare and Life Sciences organisations, EU MDR, clinical validation requirements, and patient safety obligations. These modules activate based on your sector and are included in the assessment at no additional cost.

Sector module

Financial Services & Payments

DORA · EBA/GL/2020/06 · AMLD6 · PSD2

Sector module

Healthcare & Life Sciences

EU MDR 2017/745 · Clinical validation · Patient safety obligations

Our process

Every Greyguard engagement starts with Compass, a guided assessment across 13 AI governance domains that gives you a verified picture of where you stand. From there, we work with your team to close what we find: deeper technical audit, remediation support, and an ongoing retainer to keep your governance programme current as regulations evolve. One process. One partner. From first assessment to sustained compliance.

Engagements start from €15,000 for mid-sized organisations.

Frameworks we assess against

Your full AI data governance posture, not just EU AI Act readiness

Greyguard assesses your organisation against the complete regulatory and framework landscape that applies to you.

EU AI Act (Regulation EU 2024/1689)GDPR (Regulation EU 2016/679)DORA (Regulation EU 2022/2554)NIS2 (Directive EU 2022/2555)EU MDR (Regulation EU 2017/745)AMLD6 (Directive EU 2018/1673)EBA Guidelines (EBA/GL/2020/06)PSD2 (Directive EU 2015/2366)ISO 42001:2023 (supporting standard)NIST AI RMF (supporting standard)

Why Greyguard

We start from zero

We map what you actually have

Not what you think you have. Every tool, every agent, every shadow AI use case, including the ones your employees are running without approval.

Independent advisors

Advisors, not resellers

Our only interest is giving you an accurate picture of your exposure and a realistic plan to close it.

What we hear from the field

CIOs, CISOs, and Heads of IT across Europe. Different industries. Same story.

We rolled out an AI assistant to 4,000 people in two weeks. It took six months before anyone asked what it could actually see.
Head of IT, European insurance group
Every vendor is bolting an AI assistant onto their product. We are being asked to approve five new AI features a month and we have no framework.
CIO, mid-market manufacturer (DACH region)
Our legal team flagged the EU AI Act last summer. We are still arguing about who owns the response.
Chief Data Officer, financial services
The honest answer is we do not know what our employees are pasting into ChatGPT. We blocked it once. They used their phones. So we unblocked it.
Head of Information Security, professional services
Beyond the Assessment

Follow-on engagements that turn findings into control

The assessment tells you where you stand. These engagements build the human structures and ongoing oversight that regulators expect.

Follow-on engagement

Human Accountability Model

A named human behind every high-risk AI system. Ownership, oversight, and escalation paths defined and documented to satisfy the EU AI Act, GDPR, and ISO 42001:2023.

  • Named owner for every AI system
  • Operational human oversight, not theoretical
  • Escalation paths your team can actually follow

Scoped per engagement

Follow-on engagement

Decision Architecture

How your organisation approves, reviews, and escalates AI decisions. From individual contributor to board.

  • Clear approval routes for new AI tools
  • Defined risk ownership at every layer
  • Board-level visibility of AI decisions

Scoped per engagement

Ongoing engagement

Ongoing Governance Retainer

Monthly advisory, quarterly governance reviews, regulatory monitoring, and structured board reporting. Ensures your AI governance programme stays current as regulations evolve and your AI landscape changes.

  • Monthly advisory hours
  • Quarterly governance reviews
  • Regulatory monitoring & board reporting

From €2,000 per month

Whether your organisation needs one or both is determined by the assessment findings.

The cost of getting this wrong.

Up to €35,000,000

Maximum fine for prohibited AI practices. Enforceable since February 2025.

Up to 7% of global turnover

Alternative penalty basis for the most serious violations, whichever is higher.

Up to €15,000,000 or 3% of turnover

For other violations including transparency failures. Enforceable from August 2026.

These are not future risks. Enforcement is active now.

The August 2026 deadline is weeks away. The December 2027 deadline requires work that takes 12 to 18 months. There is no good time to start except now.

Ready to understand your AI exposure?

Book a free 30-minute discovery call. We will tell you honestly where your organisation stands.

info@greyguardconsulting.com

We work with mid-to-large enterprises across Europe. Our governance methodology covers every AI system your organisation uses.