EU AI Act transparency obligations enforceable from 2 August 2026.
AI governance that protects your people, your data, and your business.
Most organisations do not know what AI they have, what it can access, or who is responsible for it. We answer all three questions and give you a plan to fix what we find.
Deep Microsoft ecosystem expertise. EU AI Act compliance specialists. Vendor-agnostic governance methodology.
Already enforceable. If you have not acted, you are already exposed.
Weeks away. Customers and employees must be told when they are interacting with AI. No grace period.
Minimum 12 to 18 months to implement correctly. Organisations starting now are already late.
One connected path. From first assessment to sustained compliance.
Most clients start with Compass. Everything else follows from what it surfaces.
Compass
A guided AI governance assessment across 13 governance domains. Verified by Greyguard compliance and legal specialists. Board-ready report.
Full Assessment & Technical Audit
Five-phase engagement involving technical, legal, compliance, and leadership teams. 105 questions across 13 governance domains. Validates findings and produces a complete risk picture.
Remediation & Implementation
We work through the remediation roadmap with the right specialists for each gap, policy drafting, technical controls, and board reporting structures.
Ongoing Governance Retainer
Monthly advisory, quarterly governance reviews, regulatory monitoring, and structured board reporting. Keeps your programme current as regulations and the AI landscape evolve.
Step 1, Start here · Launching soon
Your AI compliance posture, in one view.
Compass is your starting point. A guided AI governance assessment that gives your organisation a clear, verified picture of where you stand across 13 governance domains, from AI inventory and shadow AI through to agentic systems and sector-specific regulatory obligations. Every gap is mapped to the specific regulatory article it violates. The output is a board-ready report reviewed by Greyguard compliance and legal specialists before it reaches you. From there, Greyguard can help you close every gap we find.
Limited early access • Launching 2026
The gaps we find. Every time.
Shadow AI and ungoverned tools
Employees are using AI tools that have never been approved, sharing company data with systems no one has assessed. We find them, document them, and give you a plan to bring them under control.
Exposed data and excessive permissions
AI tools surface HR records, legal files, and financial data to people who should never see them. The root cause is permissions that were never designed with AI in mind. We identify every exposure and tell you exactly what to fix.
No named accountability
The EU AI Act requires a named individual accountable for every high-risk AI system. Most organisations cannot answer that question today. We define who owns what, with the authority and access to act on it.
Built-in modules for regulated sectors
Sector-specific modules cover the additional regulatory obligations that apply to Financial Services and Payments organisations, DORA, the EBA loan-origination guidelines (EBA/GL/2020/06), AMLD6, and PSD2, and Healthcare and Life Sciences organisations, EU MDR, clinical validation requirements, and patient safety obligations. These modules activate based on your sector and are included in the assessment at no additional cost.
Financial Services & Payments
DORA · EBA/GL/2020/06 · AMLD6 · PSD2
Healthcare & Life Sciences
EU MDR 2017/745 · Clinical validation · Patient safety obligations
Our process
Every Greyguard engagement starts with Compass, a guided assessment across 13 AI governance domains that gives you a verified picture of where you stand. From there, we work with your team to close what we find: deeper technical audit, remediation support, and an ongoing retainer to keep your governance programme current as regulations evolve. One process. One partner. From first assessment to sustained compliance.
Engagements start from €15,000 for mid-sized organisations.
Your full AI data governance posture, not just EU AI Act readiness
Greyguard assesses your organisation against the complete regulatory and framework landscape that applies to you.
Why Greyguard
We map what you actually have
Not what you think you have. Every tool, every agent, every shadow AI use case, including the ones your employees are running without approval.
Advisors, not resellers
Our only interest is giving you an accurate picture of your exposure and a realistic plan to close it.
What we hear from the field
CIOs, CISOs, and Heads of IT across Europe. Different industries. Same story.
“We rolled out an AI assistant to 4,000 people in two weeks. It took six months before anyone asked what it could actually see.”
“Every vendor is bolting an AI assistant onto their product. We are being asked to approve five new AI features a month and we have no framework.”
“Our legal team flagged the EU AI Act last summer. We are still arguing about who owns the response.”
“The honest answer is we do not know what our employees are pasting into ChatGPT. We blocked it once. They used their phones. So we unblocked it.”
Follow-on engagements that turn findings into control
The assessment tells you where you stand. These engagements build the human structures and ongoing oversight that regulators expect.
Human Accountability Model
A named human behind every high-risk AI system. Ownership, oversight, and escalation paths defined and documented to satisfy the EU AI Act, GDPR, and ISO 42001:2023.
- Named owner for every AI system
- Operational human oversight, not theoretical
- Escalation paths your team can actually follow
Scoped per engagement
Decision Architecture
How your organisation approves, reviews, and escalates AI decisions. From individual contributor to board.
- Clear approval routes for new AI tools
- Defined risk ownership at every layer
- Board-level visibility of AI decisions
Scoped per engagement
Ongoing Governance Retainer
Monthly advisory, quarterly governance reviews, regulatory monitoring, and structured board reporting. Ensures your AI governance programme stays current as regulations evolve and your AI landscape changes.
- Monthly advisory hours
- Quarterly governance reviews
- Regulatory monitoring & board reporting
From €2,000 per month
Whether your organisation needs one or both is determined by the assessment findings.
The cost of getting this wrong.
Maximum fine for prohibited AI practices. Enforceable since February 2025.
Alternative penalty basis for the most serious violations, whichever is higher.
For other violations including transparency failures. Enforceable from August 2026.
These are not future risks. Enforcement is active now.
The August 2026 deadline is weeks away. The December 2027 deadline requires work that takes 12 to 18 months. There is no good time to start except now.
Ready to understand your AI exposure?
Book a free 30-minute discovery call. We will tell you honestly where your organisation stands.
info@greyguardconsulting.comWe work with mid-to-large enterprises across Europe. Our governance methodology covers every AI system your organisation uses.