Gain clarity about your compliance status and develop a practical implementation roadmap for the EU AI Regulation.

Our comprehensive readiness assessment analyzes your entire AI landscape, identifies compliance gaps, and provides you with a prioritized action plan. In 6-8 weeks, you will receive complete transparency about your obligations and concrete recommendations for action.

⏱️ 6-8 weeks | 📊 150-200 hours | 💰 $15,000 – $35,000* | 📍 Remote & On-site

Schedule your initial consultation now
Download sample report

*‘ Depending on the size of the company and the complexity of the AI systems

The challenge: EU AI Act compliance is complex

The EU AI Act poses fundamental questions for companies, the answers to which require specialized expertise:

Problem 1: Unclear applicability

Which of your AI systems are actually covered by the AI Act? The definition of “AI system” is broader than many people assume. Not only machine learning, but also rule-based systems may be affected. Without systematic analysis, you risk overlooking critical systems.

Problem 3: Technical documentation requirements

How do you document fairness, transparency, and robustness? Articles 9-15 require concrete technical evidence. Bias analyses, explainability tests, data governance—without the right tools and methods, these requirements remain abstract.

Problem 2: Complex risk classification

Is your system high risk, limited risk, or minimal risk? The classification depends on the use case, industry, and context of use. Annex III lists eight high-risk areas, each with specific requirements. A misjudgment can have fatal consequences.

Problem 4: Resources & time pressure

High-risk systems must be compliant by August 2026. That’s closer than you think. Internal teams are busy, expertise is lacking, and budgets are unclear. Without external support, implementation will be overwhelming.

Our approach: Systematic, practical, implementable

The waveImpact EU AI Act Readiness Assessment is not a theoretical compliance check, but a practical assessment of your AI landscape with a concrete implementation roadmap. We combine regulatory expertise with technical depth and provide you not only with a diagnosis, but also with a solution.

Our assessment is based on three pillars:

1. Complete inventory
We systematically record all AI systems in your company—from productive applications to pilot projects. We use structured interviews, document analysis, and technical inspections. The result: a complete, categorized AI system registry.

2. Compliance gap analysis
For each identified system, we check the applicability of the EU AI Act and perform a detailed gap analysis. We evaluate not only the obvious requirements, but also the technical details: Is there bias? Is the system explainable? Is the data quality sufficiently documented?

3. Prioritized action plan
The most important question: What do you need to do and when? We develop an implementation roadmap prioritized according to risk and effort, with realistic timelines and budget estimates. This includes quick wins, must-haves, and nice-to-haves.

💡 What sets us apart

Unlike pure legal consultancies, we also perform technical validation. Our proprietary RAI toolchain (AIF360, SHAP, Great Expectations) provides measurable compliance evidence, not mere theoretical assessments. You receive not only a legal interpretation, but also technical facts.

Your deliverables: Concrete, actionable, valuable

📋 Complete AI system registry

  • Structured recording of all AI systems (productive, pilot, planned)
  • Categorization by type (ML, deep learning, rule-based, etc.)
  • Use case description and business impact
  • Technical Architecture Overview
  • Responsibilities and stakeholder mapping
  • Data flow documentation

Format: Excel/CSV + Python-based tracking tool (proof of concept)

⚖️ Compliance classification of all systems

  • Applicability of the EU AI Act (Yes/No + justification)
  • Risk class: Prohibited / High Risk / Limited Risk / Minimal Risk
  • Annex III Mapping (for high-risk systems)
  • GPAI classification (General Purpose AI Models)
  • Prohibited Practices Check (Art. 5)
  • Summary of regulatory obligations per system

Format: Detailed report (PDF) + Executive Summary

🔬 In-depth technical analysis (high-risk systems)

  • Bias & Fairness Assessment (AIF360/Fairlearn)
    • Disparate Impact Analysis
    • Equal Opportunity Metrics
    • Demographic Parity Tests
  • Explainability Analysis (SHAP)
    • Feature Importance Rankings
    • Transparency in the decision-making process
    • Model Card Creation
  • Data Governance Check (Great Expectations)
    • Data Quality Metrics
    • Completeness & Consistency
    • Provenance Tracking Assessment
  • Robustness Testing
    • Error rate analysis
    • Edge Case Evaluation
    • Adversarial Robustness (Basic)

Format: Technical reports per system + visualizations

📊 Detailed gap analysis

  • Requirements matrix: Target vs. actual per item (Items 9-15, 72)
  • Severity rating: Critical / High / Medium / Low
  • Effort estimation: Quick wins vs. major projects
  • Risk assessment: Compliance risk in the event of non-implementation
  • Dependency mapping: What needs to happen and in what order?

Format: Interactive matrix (Excel) + Visual roadmap

🗓️ Prioritized action plan

  • Phase 1 (0-6 months): Quick wins & critical issues
  • Phase 2 (6-12 months): Major Implementations
  • Phase 3 (12-24 months): Full compliance and optimization

Per phase:

  • Specific measures with description
  • Responsibilities & required skills
  • Time and budget estimates
  • External vs. internal resources
  • Success Metrics & Milestones

Format: Gantt chart + detailed project descriptions

📈 Monitoring concept (Art. 72 EU AI Act)

  • Monitoring strategy for high-risk systems
  • KPIs and thresholds
  • Requirements for data collection
  • Incident reporting process
  • Review cycles and responsibilities
  • Tool recommendations for continuous monitoring

Format: Monitoring Plan Template (customizable)

🎯 Management communication

  • Executive Summary (5-10 pages)
    • Compliance status at a glance
    • Top 5 risks & recommended actions
    • Budget and schedule overview – management presentation (20–30 slides)
  • On behalf of the Executive Board/Management
    • For the supervisory board/advisory board
    • Customizable for different target groups

Format: PowerPoint + PDF

How we work: 6-8 weeks to a complete compliance overview

Phase 1: Kickoff & Discovery (Week 1)

🚀 Start

Activities:

  • Kickoff workshop (half day, on-site or remote)
  • Stakeholder interviews (C-level, legal, IT, data science)
  • Document review (existing AI documentation)
  • Clarify access to systems and documentation
  • Detailed project setup

Output:

  • Project plan with timeline
  • stakeholder matrix
  • Initial system list (draft)

Your time commitment: 1 day (workshop + interviews)

Phase 2: System inventory (weeks 1-3)

📋 Recording

Activities:

  • Structured recording of all AI systems
  • Technical interviews with development teams
  • Architecture review (system design, data flows)
  • use case documentation
  • business impact assessment
  • Responsibility mapping

Output:

  • Complete AI System Inventory
  • Initial categorization by type and risk
  • Technical profiles for each system

Your time commitment: 2-3 days (team interviews spread out)

Phase 3: Risk classification & compliance check (weeks 3–4)

⚖️ Rating

Activities:

  • EU AI Act Applicability Assessment per System
  • Risk classification according to Annex III
  • Article-by-article compliance check (Articles 9–15, 72)
  • GPAI classification
  • Prohibited practices check
  • Integration with GDPR compliance

Output:

  • Risk classification report
  • Compliance status matrix (target vs. actual)
  • List of affected items per system

Your effort: 0.5 days (queries)

Phase 4: Technical validation (weeks 4-6)

🔬 Testing

Activities:

  • Bias & Fairness Testing (High-Risk Systems)
  • Explainability Analysis
  • Data Quality Assessment
  • Robustness Testing (Basic)
  • documentation audit
  • Technical Risk Assessment

Use of technology:

  • IBM AI Fairness 360
  • SHAP (Explainability)
  • Great Expectations (Data Quality)
  • Custom Analysis Scripts

Output:

  • Technical compliance reports per system
  • Bias analyses with visualizations
  • Explainability dashboards
  • Data Quality Scorecards

Your effort: 1-2 days (data access, technical queries)

Phase 6: Presentation & Handover (Weeks 7-8)

🎯 Completion

Activities:

  • Executive Summary Finalization
  • Management presentation (on-site recommended)
  • Detailed walk-through of all deliverables
  • Q&A session with stakeholders
  • Handover workshop (next steps)
  • Define follow-up plan

Output:

  • Final documentation (all deliverables)
  • management presentation
  • handover protocol
  • Optional: Follow-up offer (implementation support)

Your time commitment: 1 day (presentations + workshop)

>> Total effort for your team: 5-8 working days spread over 6-8 weeks

Who is this assessment suitable for?

Industry & Manufacturing

🏭 Typical systems:

  • Predictive maintenance
  • Quality control (computer vision)
  • Production planning and optimization
  • robot control
  • Supply chain optimization

Compliance challenges:

  • High risk if: Safety-relevant (Annex III.1)
  • Robustness & cybersecurity critical
  • CE marking required
  • Integration with Machinery Directive

Industries: Automotive, mechanical engineering, chemicals, pharmaceuticals

financial services

💰 Typical systems:

  • Credit scoring and assessment
  • Detection of fraud
  • Algorithmic trading
  • Customer Service Chatbots
  • Risk assessment

Compliance challenges:

  • High risk: Creditworthiness (Annex III.5b)
  • Bias particularly critical (discrimination)
  • High explainability requirements
  • Additional BaFin supervision

Industries: Banking, Insurance, FinTech

HR & Recruiting

👥 Typical systems:

  • CV screening and ranking
  • Candidate matching
  • Performance Evaluation
  • Workforce Planning
  • Skill assessment tools

Compliance challenges:

  • High risk: Recruitment and evaluation (Annex III.4)
  • Fairness is absolutely critical (AGG relevance)
  • Transparency towards candidates
  • Extensive documentation requirements

Industries: All with HR AI, recruiting platforms

healthcare

🏥 Typical systems:

  • diagnostic support
  • Patient data analysis
  • Medical image analysis
  • Therapy recommendations
  • Administrative AI (triage)

Compliance challenges:

  • High risk often present (Annex III.5d)
  • MDR/IVDR overlaps
  • Patient Safety critical
  • GDPR special categories (health data)

Industries: Hospitals, MedTech, Pharmaceuticals, Health IT

Other industries:

  • Public administration (e-government, social services)
  • Retail (personalization, pricing)
  • Energy & Utilities (Smart Grid, Demand Forecasting)
  • Logistics (route optimization, warehouse automation)
  • Telecommunications (network optimization, customer service)

Our technical expertise: Tools that deliver results

Bias and Fairness Testing

🔍 IBM AI Fairness 360

The leading open-source framework for fairness analysis. We use it for:

  • 70+ fairness metrics (disparate impact, equal opportunity, etc.)
  • Pre-processing, in-processing, post-processing mitigation
  • Group Fairness & Individual Fairness Tests
  • Intersectional analyses (e.g., gender + age combined)

Use: Credit scoring, HR systems, access control

🔍 Microsoft Fairlearn

For constraint-based fairness optimization:

  • Simpler client communication than AIF360
  • Trade-off analyses: Fairness vs. Accuracy
  • Grid search for fair hyperparameters
  • Integration with scikit-learn

Use: Smaller models, prototyping, client workshops

Explainability & Transparency

💡 SHAP (SHapley Additive exPlanations)

The gold standard for model explainability:

  • Feature importance at prediction level
  • Global & local declarations
  • Visualizations for technical and non-technical stakeholders
  • Model-agnostic (works for almost all ML models)

German market requirement: “Why did the system make this decision?”
SHAP provides the answer.

💡 LIME (Local Interpretable Model-agnostic Explanations)

Backup tool for specific use cases:

  • Faster calculations than SHAP
  • Text & Image Explainability
  • Model-agnostic

Application: NLP systems, computer vision, complex ensembles

Data Governance & Quality

📊 Great Expectations

Data Quality Framework for AI Compliance:

  • Automated data validation
  • Expectation Suites (rules for data quality)
  • Data Profiling & Documentation
  • Audit trails (GDPR & AI Act compliant)

EU AI Act Art. 10 Requirement: “Training, validation, and testing data sets shall be relevant, sufficiently representative, and to the best extent possible, free of errors and complete.”

Great Expectations makes this requirement measurable and documentable.

Monitoring & Drift Detection

📈 Alibi Detect (for advanced assessments)

If a need for monitoring is identified:

  • Data drift detection
  • Model drift detection
  • Outlier detection
  • Adversarial detection

Application: Post-market monitoring plan development

methodology

Our assessment follows established frameworks:

  • EU AI Act Conformity Assessment (Art. 43)
  • ISO/IEC 42001:2023 (AI Management System)
  • NIST AI Risk Management Framework
  • IEEE 7000 Series (Ethically Aligned Design)
  • BSI AI Cloud Service Compliance Criteria Catalog (AIC4)

Combined with proprietary checklists for German compliance culture.

Transparent pricing

Package 1: ESSENTIAL

$15,000 – $25,000

Suitable for:

  • 2-5 AI systems
  • Clear use cases
  • Limited complexity
  • Initial compliance orientation

Includes:
✓ AI system inventory (up to 5 systems)
✓ Risk classification
✓ Compliance check (all systems)
✓ Technical validation (1 high-risk system)
✓ Gap analysis & roadmap
✓ Executive summary
✓ Management presentation

Duration: 4-6 weeks
Scope: 120-150 hours

Package 2: PROFESSIONAL

$32,000 – $39,000

Suitable for:

  • 5-10 AI systems
  • Multiple high-risk systems
  • Small and medium-sized enterprises & corporations
  • Comprehensive analysis desired

Includes:
✓ Everything from ESSENTIAL
✓ AI System Inventory (up to 10 systems)
✓ Technical Validation (up to 3 high-risk systems)
✓ Detailed Bias Analyses (AIF360 + Fairlearn)
✓ Explainability Deep Dive (SHAP)
✓ Data Governance Assessment
✓ Post-Market Monitoring Plan (Art. 72)
✓ Follow-up Q&A; (4 weeks after completion)

Duration: 6-8 weeks
Scope: 150-200 hours

Package 3: ENTERPRISE

From €35,000 (individual)

Suitable for:

  • 10+ AI systems
  • Corporations & large medium-sized companies
  • Complex AI landscapes
  • Multi-location/International

Includes:
✓ Everything from PROFESSIONAL
✓ Unlimited number of systems
✓ Technical validation of all high-risk systems
✓ Robustness & adversarial testing (extended)
✓ Multi-stakeholder workshops
✓ Customizable roadmap scenarios
✓ C-level executive coaching
✓ 3 months of follow-up support

Duration: 8-12 weeks
Scope: 200+ hours

Add-ons (optional):

  • Additional technical validation per system: $3,000 – $8,000
  • On-site workshops (additional): $1,500/day + expenses
  • Express service (50% time reduction): +30% surcharge
  • Ongoing support retainers: Starting at €2,500/month

Payment terms:

  • 30% at project start
  • 40% upon interim presentation (end of phase 4)
  • 30% upon final acceptance

Invoicing in accordance with German tax law (VAT deductible)

FREQUENTLY ASKED QUESTIONS (FAQ)

The complexity of the EU AI Act is often underestimated. Even legal departments with GDPR expertise reach their limits when it comes to the technical requirements. Our experience shows that companies that try to achieve compliance internally “on the side” underestimate the effort involved by a factor of 3-5.

An external assessment offers:

  • Objective assessment without operational blindness
  • Specialized expertise (regulatory + technical)
  • Benchmarking against best practices
  • Faster time to compliance
  • Protection against management/supervisory board

ROI: An assessment costs €20-35k. A compliance violation can cost €35 million.

That depends greatly on your industry and your use cases. As a guideline:

  • Financial sector: 30-50% (credit scoring, fraud detection, often high risk)
  • HR-intensive companies: 40-60% (recruiting, performance management)
  • Industry/manufacturing: 10-30% (only if safety-relevant)
  • Retail/E-commerce: 5-15% (mostly limited risk)
  • Healthcare: 50-80% (highly regulated)

In the assessment, we clarify exactly what applies to you. Many systems fall under limited or minimal risk—this is good to know and significantly reduces your compliance efforts.

Yes, even better! “Compliance by design” is significantly cheaper than “compliance by retrofit.”

For planned systems, we offer:

  • Compliance requirements specification
  • Design reviews against AI Act requirements
  • Tool recommendations for fairness/explainability
  • Data governance setup consulting

Many customers use the assessment for both: renovating existing systems and building new systems that are compliant from the outset.

Don’t panic—this is normal. So far, no company we have audited has achieved 100% compliance without follow-up work.

Our approach:

  1. Transparent communication of all gaps (no whitewashing)
  2. Risk rating: What is critical, what can wait?
  3. Identify quick wins (often 30-40% of gaps can be resolved in weeks)
  4. Realistic roadmap with phase plan
  5. Optional: We can assist you with implementation (separate order)

Important: Awareness is the first step. Our assessment provides you with a documented plan—which is already valuable for regulatory authorities and auditors.

We do not replace legal advice, but complement it perfectly:

Legal advice (law firm):

  • Interpretation of the regulation
  • Contract law (AI provider contracts)
  • liability issues
  • Process setup (formal)

waveImpact Assessment (technical + operational):

  • Technical validation (bias testing, explainability)
  • System inventory & classification
  • Practical implementation recommendations
  • Tool Selection & Implementation Guidance
  • Data science expertise

Ideal scenario: We work together with your legal department/law firm. We provide the technical facts, and the lawyers provide the legal classification. Together, we create a complete picture.

Answer:

After the assessment, you have 3 options:

Option 1: Independent implementation
You use our roadmap and implement it internally. We offer the following options:

  • Follow-up Q&A (included: 4 weeks)
  • Retainer support (from €2,500/month)

Option 2: Supported implementation
We provide support for critical workstreams:

  • Bias mitigation implementation
  • monitoring setup
  • Documentation creation
  • Tool integration

Option 3: Full-service implementation
We take care of the entire implementation process:

  • Project Management
  • Technical implementation
  • training courses
  • Go-live support

Most customers choose option 2 (hybrid).

An assessment is a snapshot. Validity:

  • Risk classification: As long as the use case does not change (usually years)
  • Technical validation: 6-12 months (then re-test recommended)
  • Compliance status: Until your system or regulation changes

Recommendation: Annual compliance review (significantly leaner than initial assessment). Or: Continuous monitoring setup (then automated).

The AI Act already requires post-market monitoring—regular reassessments will become standard practice.