AI Advisory & EU AI Act Consulting Munich

Q: Do you only work with European companies?

No. We are based in Munich and serve clients worldwide. If you sell AI into the European market, the EU AI Act applies regardless of where your company is registered.

Q: How is your compliance work different from a Big 4 audit firm?

We built our own scanner (ComplianceLint) so about 70% of the AI inventory and risk-classification work is automated. The same engine adapts to any regulation: GDPR, DSA, NIS2, DORA, MiCA, product-safety law — you get an audit tool you can keep running, not a one-off report.

Q: How long does a typical AI implementation take?

Three phases: Discovery (2-4 weeks), Pilot (6-12 weeks), Scale (12-24 weeks). You can stop after any phase — we do not lock you in.

Q: What happens to our data? Where does it go?

EU residency is the default. Our own products are privacy-first: MASK BEFORE AI redacts sensitive data before it touches any LLM, and ComplianceLint runs locally. For client projects we recommend EU-hosted models (Azure OpenAI EU, AWS Bedrock Frankfurt) by default.

$ man faq

Frequently asked questions

When does the EU AI Act actually start to bite?

The Act entered into force on August 1, 2024 and applies in phases. Article 4 (AI literacy) has been enforceable since February 2, 2025 — every organisation deploying AI must train its people. High-risk system obligations (Annex III: HR, credit, education, law enforcement, etc.) become enforceable on August 2, 2026. Penalties reach up to 7% of global turnover.

Do you only work with European companies?

No. We’re based in Munich and serve clients worldwide. If you sell AI into the European market, the EU AI Act applies regardless of where your company is registered — so our compliance work is just as relevant for US, UK, Asian, or Middle East companies entering the EU. Same for our implementation projects: production AI is production AI.

How is your compliance work different from a Big 4 audit firm?

Two differences. First, we built our own scanner (ComplianceLint) so roughly 70% of the AI inventory and risk-classification work is automated — a Big 4 team does it manually with junior consultants. Second, the same engine adapts to any regulation: GDPR, DSA, NIS2, DORA, MiCA, product-safety law — not just the EU AI Act. You get an audit tool you can keep running, not a one-off report.

How long does a typical AI implementation take?

We work in three phases. Discovery (2–4 weeks): figure out what AI should actually do for you, score use cases, pick one. Pilot (6–12 weeks): build the working prototype with a real evaluation harness, demonstrate it to your steering committee. Scale (12–24 weeks): production deployment, monitoring, cost controls, and clean handover to your team. You can stop after any phase — we don’t lock you in.

Build it ourselves or buy a vendor — how do you advise?

We do a structured build-vs-buy assessment: requirements specification, vendor scorecard (5–8 vendors × ~50 criteria), three-year TCO model including licence + integration + change management, and reference calls. Most clients discover the right answer isn’t pure build or pure buy — it’s buy the boring 80% (Azure OpenAI, Bedrock, an off-the-shelf vector DB) and build the 20% that’s actually differentiated for your business.

What happens to our data? Where does it go?

Wherever you want it to. We’re EU-based and GDPR-native, so EU residency is the default. Our own products are built privacy-first — MASK·BEFORE·AI redacts sensitive data before it touches any LLM, and ComplianceLint runs locally so your code never leaves your machine. For client projects we recommend EU-hosted models (Azure OpenAI EU, AWS Bedrock Frankfurt) by default and document data flows in the Annex IV pack.

KI·SUM·AI — AI Advisory & EU AI Act Consulting, Munich

EvoRadar

ComplianceLint

KISUM BOT

MASK · BEFORE · AI

AI Product Assistant

AI Advisory

Frequently asked questions