For any organisation deploying or building AI — regardless of EU exposure.
Not every organisation is subject to the EU AI Act. But every organisation using AI needs AI governance.
Whether you are a startup rolling out your first AI tool, a company building a responsible AI programme, or an organisation that wants written governance before your clients or board asks for it — we can help.
Custom AI use policies, employee AI guidelines, and vendor AI procurement policies — written for your organisation's actual AI use cases. Clear on acceptable use, human oversight requirements, data handling, and escalation.
Operational complaint channels, affected-person engagement, and monitoring feedback loops — grounded in 30 years of IFC development finance grievance mechanism design. The EU AI Act requires accessible means for affected persons to raise concerns.
Ethics-by-design frameworks, bias assessment, and proportionality analysis grounded in rights-based methodology — not self-certification checklists. Delivers a documented fairness record your legal team can stand behind.
For organisations with EU exposure — mandatory obligations, hard deadlines, regulatory scrutiny.
A structured gap analysis of your AI system against EU AI Act obligations — risk classification, prohibited use checks, documentation readiness, and a clear remediation roadmap.
Required for: banks and lenders using credit scoring models · HR platforms screening or ranking candidates · insurers using automated underwriting · education and examination systems · public benefit and social services automation · biometric identification systems · critical infrastructure operators · law enforcement AI tools.
Article 27 mandates FRIA content — but not methodology. We deliver scored, weighted impact assessments that withstand regulatory scrutiny, not questionnaire-based documentation. If your FRIA doesn't meet Article 27 content requirements, we revise it at no charge.
A structured assessment of your AI suppliers' compliance posture — contractual obligations, risk transfer, and EU AI Act exposure — before you deploy or renew. Ensures you are not inheriting a vendor's non-compliance.
We offer trainings and workshops for your teams on AI, ethics, EU AI Act obligations, FRIA methodology, and overall AI governance frameworks. Delivered in-house or remotely. Built around your systems and deployment context, not generic slides.
The EU AI Act requires deployers to assess fundamental rights impacts. But it does not specify how. Most guidance produces documentation: lists of considerations, questionnaire responses, self-certification checklists. These satisfy a checkbox audit. They do not withstand a regulatory investigation or a legal challenge.
Development finance has solved this problem. The IFC Performance Standards framework produces proportionality assessments with scored severity, weighted likelihood, cumulative impact analysis, and documented mitigation adequacy. These assessments have been tested in international arbitration and CAO investigations. They hold up.
AI EU Proof applies this methodology to EU AI Act compliance. The result is an assessment or FRIA that documents the severity of the privacy impact, the likelihood of harm, the cumulative effect across affected groups, and the adequacy of proposed mitigations — with auditable justifications at every step.
High-risk AI systems under EU AI Act Annex III — including credit scoring, employment tools, education assessment, and public service automation — must comply from December 2, 2027. Fundamental Rights Impact Assessments are mandatory for deployers.
Article 27 mandates FRIA content but not methodology. Existing questionnaire-based approaches produce documentation without analytical rigor. This paper applies IFC PS1 proportionality methodology — developed over 30 years in development finance — to produce scored, weighted FRIA outputs that withstand regulatory scrutiny.
You walk into a regulatory review with a FRIA that holds up — and you know it, because it was built on the same methodology international finance has stress-tested for 30 years.
One hour. You leave with a written summary of your AI system's risk classification, your three most critical compliance gaps, and a clear first step. No sales pitch.