Most AI systems will fail their first EU AI Act audit. We know why.
The 2 August 2026 deadline is fifteen months away. Most teams are not ready — and the reason is almost always architectural, not legal. We diagnose, document, and engineer your AI for conformity, sovereignty, and production.
- 01Based in France — EU-hosted delivery
- 02Readiness audits delivered in 3–5 weeks
- 03Technical files mapped to Annex IV
Your AI will not pass its next audit
Three symptoms we see in almost every AI system built before the AI Act was clearly understood.
- 01SYMPTOM
The 2 August 2026 deadline
High-risk AI systems face enforceable obligations on 2 August 2026. Most systems in production today cannot produce the technical file, the risk management record, or the human oversight plan required by Articles 9–15.
- 02SYMPTOM
Sovereignty exposure
Your model, your data and your logs sit in a US cloud — often with a US provider as legal data controller. For French public sector, healthcare and regulated industries, that is already out of scope.
- 03SYMPTOM
No audit trail
Ad-hoc prompts, undocumented retraining, evaluation by screenshot. When a notified body asks what changed between v1.3 and v1.4, nobody can answer.
We treat compliance as architecture
The EU AI Act is not a paperwork exercise. The obligations in Chapter III — risk management, data governance, technical documentation, transparency, human oversight, accuracy, robustness, cybersecurity — are architectural requirements. We build toward them from day one.
Conformity is not a legal document written after the fact. It is a property of the system — and if the system is not built for it, no document can create it.
- 01
An AI Act methodology, not a checklist
Our readiness audit maps your system against Annex IV clauses, identifies the architectural gaps that make conformity impossible, and returns a documented remediation plan. One engagement, one defensible file.
- 02
Senior engineers, fluent in the regulation
Every engineer has 8+ years of production experience and has read the AI Act end-to-end. You get one team that can both argue Article 13 transparency and ship the retrieval pipeline that makes it enforceable.
- 03
Sovereign by default
French-incorporated, EU-hosted, compatible with SecNumCloud-certified stacks. Your data does not leave the continent unless you ask it to.
The clock is architectural, not legal.
High-risk obligations under the EU AI Act take full effect on 2 August 2026. By that date, providers and deployers of high-risk AI systems must hold a technical file, a risk management system, a human oversight plan, post-market monitoring, and an accuracy / robustness / cybersecurity record. Most of that is an architecture problem.
Deadline
- 01It makes or materially influences decisions about people — hiring, credit, education, public services, insurance, or law enforcement.
- 02It operates in a regulated domain — healthcare, critical infrastructure, migration, justice, or democratic processes.
- 03It is a safety component of a product covered by EU product legislation (Annex I).
- 04It performs biometric identification, categorisation, or emotion recognition.
- 05It is a general-purpose AI model integrated into a high-risk system you provide or deploy.
If you answer yes to any of these, Chapter III applies.
Diagnose first. Remediate on evidence.
A three-to-five-week readiness audit returns a clause-mapped conformity gap report and a remediation roadmap. Most teams are three architectural decisions away from a defensible file.
One diagnosis. Three ways to remediate.
Every engagement starts with a readiness audit. What happens next depends on what we find.
EU AI Act Readiness Audit
We map your AI system against Annex IV, identify the architectural gaps that block conformity, and return a clause-mapped remediation roadmap.
- 01Article 6 risk classification (high-risk vs. limited)
- 02Annex IV technical-file gap analysis
- 03Articles 9–15 obligations mapping
- 04Prioritised remediation roadmap
Compliance-First AI Build
Senior engineers rebuild or refactor the system so conformity is a property of the architecture — not a document added after the fact.
▪ Most engagements continue here.
- 01Retrieval, reasoning and verification split
- 02EU-hosted deployment (Scaleway / OVHcloud)
- 03Annex IV technical file produced as we build
- 04Eval harness and post-market monitoring
Continuous AI Compliance & Operations
Embedded team keeping the conformity posture current as the system, the regulation, and the threat surface evolve.
- 01Technical file kept live across changes
- 02Post-market monitoring (Article 72)
- 03Serious-incident playbooks (Article 73)
- 04Quarterly conformity review
From diagnosis to audit-ready
Four stages. Each ends with a document you could hand to an auditor.
Diagnose
We classify the system under Article 6, map it against Annex IV, and identify the architectural gaps that block conformity.
Document
Technical file, risk management system, data governance record, evaluation framework — written as the system takes shape, not after.
Build
Iterative delivery with weekly demos. Retrieval, reasoning and verification split. EU-hosted from day one.
Audit-ready
Post-market monitoring, incident reporting playbooks, human oversight procedures — and a file ready for the notified body.