Which regulations should we focus on first?

We start with a gap assessment: map which regulations apply to your business (e.g. EU AI Act, GDPR, SOC2) and assess your current state. We prioritise critical gaps and design a framework that fits how you work.

Can we integrate compliance without slowing down development?

Yes. Compliance by design means we embed checks into your workflow so the right thing is the easy thing. Industry benchmarks show that integrated compliance (DevSecOps-style) reduces bottlenecks compared to late-stage audits.

What if we already have AI in production without governance?

We assess your current state and design a framework that brings existing AI systems into scope. The earlier you act, the lower the cost of remediation. Strategy Development with compliance scope is the typical entry point; see our pricing page for options.

THINK · Strategic Challenge

Compliance & Security

EU AI Act enforcement is active. GDPR fines reach 4% of global annual revenue. The cost of not being ready is not hypothetical.

Book a Free 30-Min Discovery Call See How We Help

The Problem

What this looks like

•EU AI Act obligations are active and unclear across teams

•Compliance requirements unclear, overwhelming, or both

•Security practices inconsistent and undocumented

•AI systems running without formal classification and governance

•Compliance treated as a checkbox exercise, not embedded in operations

What it costs you

•Product launches delayed by compliance reviews that should have happened earlier

•Expensive remediation when compliance is retrofitted instead of designed in

•Audit failures and the real possibility of regulatory fines

•EU market access restrictions for non-compliant AI systems

•Customer trust damage that takes years to rebuild

The real risk

The EU AI Act has been in force since August 2024, with GPAI obligations active from August 2025. Waiting for the regulations to settle further is not a safe strategy.

Our Approach

Our approach is sequenced by pillar:

THINK

We start by mapping your actual regulatory exposure. EU AI Act obligations depend on how your systems are classified - prohibited practices, high-risk applications, and general-purpose AI each carry different requirements, and the classification is not always obvious from the outside. GDPR exposure depends on what data you process and how. Most companies do not have a clear picture of where they sit until they map it. We produce that map in a structured session with the people who know your systems. You leave knowing what applies to you, what the gaps are, and what to prioritise first.

OPERATE

The Compliance & Security Blueprint produces the governance framework: documented policies, technical controls, and accountability structures that meet EU AI Act and GDPR requirements. The AI Governance Programme trains your internal team to own ongoing compliance - understanding the regulation, monitoring for changes, and auditing your own systems. Strategic advisory remains available as the regulatory landscape develops. The EU AI Act has been in force since August 2024, with GPAI obligations active from August 2025. Waiting for the regulations to settle further is not a safe strategy.

Expected Outcomes

From uncertain to documented framework mapped to your business

Compliance clarity

Engagement deliverable

From reactive to proactive, documentation complete and current

Audit readiness

Engagement deliverable

From ad-hoc to systematically managed compliance risk

Risk posture

Engagement deliverable

Compliance checks integrated, no longer a bottleneck

Development velocity

Industry benchmark (DevSecOps adoption)

Your path forward

Start with one concrete service that matches your situation, then review how we sequence the rest.

Start here

Compliance & Security Blueprint

Compliance requirements mapped and addressed before launch, not discovered after. GDPR, SOC2, and audit procedures built into your product from the start.

From CHF 4’000 (Standard)

Audience: Compliance officers, legal teams, and CTOs building products in regulated industries or with enterprise buyers.

Outcome: Builds the security and compliance foundation for your product before it goes live. Maps applicable regulatory requirements, defines security policies, and designs audit procedures. Suited to teams building in regulated industries or planning to sell into enterprise accounts where compliance is a procurement requirement.

Delivers

Security policies
Compliance framework (GDPR, SOC2)
Audit procedures
Risk register

Book a Free 30-Min Discovery Call

Entry

Strategy Workshop

Know where AI will create value in your business, what it will cost, and what to do first - before you commit to building anything.

From CHF 4’000 (Standard)

Audience: C-suite and senior leadership teams that need to align on AI investment before committing budget.

Outcome: Brings your senior leadership together to assess your current technology position, identify where AI creates the most value, and align on investment priorities. Suited to organisations that have not yet committed to an AI direction and need clarity before investing. Delivers a strategic roadmap and a trained AI assistant configured to your context.

Delivers

Strategic roadmap
AI readiness assessment
Investment priority recommendations
Trained AI assistant

Scale

AI Governance Programme

A compliance team equipped to govern AI deployment responsibly - with EU AI Act, ISO 42001, and GDPR requirements mapped to your actual systems and processes.

From CHF 4’400 fixed

2 days

Audience: Compliance officers, DPOs, legal counsel, and risk managers responsible for governing AI deployment within the organisation.

Outcome: Builds AI governance capability for compliance, legal, and risk teams. Covers the EU AI Act regulatory framework, ISO 42001 standard, GDPR implications of AI systems, risk assessment methodology, and how to build compliance into AI development from the start rather than retrofitting it. Requires AI Foundations as a prerequisite.

Delivers

EU AI Act compliance checklist
ISO 42001 overview and gap analysis template
AI risk assessment framework
Compliance-by-design implementation guide

Sustain

AI Operating Model Advisory

Senior technology direction every month - without the cost of a full-time hire. Architecture stays sound, vendors stay honest, your team keeps moving.

From CHF 4’000 (Standard)

Audience: Organisations with active technology delivery that need ongoing senior guidance without a full-time CTO or VP Engineering.

Outcome: Ongoing technology leadership on a retainer basis. Provides direction on build-vs-buy decisions, vendor selection, architecture oversight, and team mentoring. Suited to organisations that need strategic input regularly but cannot justify a full-time senior technology hire.

Delivers

Monthly advisory session notes
Vendor evaluation report
Architecture review findings
Trained AI assistant

See pricing for this challenge

Prices are indicative. We scope every engagement before quoting.

Build Your Compliance Foundation

The earlier you build compliance in, the lower the cost and risk.

Book a Free 30-Min Discovery Call Take the AI Readiness Self-Check

Compliance & Security

The Problem

What this looks like

What it costs you

The real risk

Our Approach

THINK

OPERATE

Expected Outcomes

Your path forward

Compliance & Security Blueprint

Strategy Workshop

AI Governance Programme

AI Operating Model Advisory

Build Your Compliance Foundation

Frequently Asked Questions

Which regulations should we focus on first?▾

Can we integrate compliance without slowing down development?▾

What if we already have AI in production without governance?▾