KI·SUM·AI

EU-based AI tools  ·  Privacy-first  ·  AI Advisory & implementation
$ ./eu-ai-act-readiness

EU AI Act Consulting
for Munich & DACH Companies

Annex IV documentation, Article 4 literacy programs, ISO/IEC 42001 alignment, conformity declarations — powered by our own ComplianceLint scanner so 70% of the inventory work runs automatically.

How do I prepare for the EU AI Act?

Most teams discover they don’t actually have a clear inventory of the AI systems running inside their company — let alone a defensible risk classification. Here’s the practical sequence we run with clients:

  1. AI System Inventory. Catalogue every AI system (built or bought) that touches your operation. Owner, data sources, third-party dependencies, business purpose. Our ComplianceLint scanner automates most of the discovery in code repositories.
  2. Risk classification. Map each system against the EU AI Act risk tiers: prohibited (Art. 5), high-risk (Annex III: HR, credit, education, biometrics, law enforcement, critical infrastructure, etc.), limited risk (Art. 50 transparency), minimal risk.
  3. Annex IV technical documentation. For every high-risk system: nine chapters covering system description, system elements, monitoring, performance metrics, risk management, lifecycle change log, harmonised standards used, conformity declaration, and post-market monitoring plan.
  4. Article 4 AI literacy program. Every staff member and operator needs documented training. Role-based curriculum (all-staff · power users · technical · leadership) with completion records and assessment.
  5. ISO/IEC 42001 alignment. The first AI management system international standard. Voluntary but increasingly expected by procurement and auditors. We align your processes without forcing full certification.
  6. Conformity declaration + evidence room. The legal output: a signed declaration of conformity plus an audit-ready evidence archive (policies, sampling reports, human-oversight decision records, validation logs, training datasheets, model cards).

Key dates — what’s already enforceable, what’s coming

Service packages

Three fixed-price entry points. Pick the smallest one that gets you to the next legal milestone — we’ll tell you which it is in a free 30-minute scoping call.

Readiness Audit

from €15k
6–8 weeks
  • AI System Inventory
  • Risk classification per Annex III
  • Gap analysis vs. Annex IV
  • Remediation roadmap
  • 30-page audit-ready report

Annex IV Full Pack

from €45k
10–14 weeks · most popular
  • Everything in Readiness Audit
  • Annex IV 9-chapter documentation pack
  • Risk Management File (ISO 23894 aligned)
  • Conformity declaration template
  • Audit-ready evidence room setup

Full Compliance + Literacy

from €80k
14–20 weeks
  • Everything in Annex IV Full Pack
  • ISO/IEC 42001 process alignment
  • Article 4 literacy program (4-tier curriculum)
  • LMS-ready training content
  • 6-month retainer for changes

How we’re different from a Big 4 audit

Two reasons clients pick us over a Big 4 firm:

1. Product-backed automation. We built ComplianceLint, an EU AI Act scanner that runs locally in your IDE and checks against all 247 obligations across the Act’s 44 articles. About 70% of inventory and risk-classification work runs automatically — a Big 4 team does it manually with junior consultants billed at €1,500–€2,500 per day.

2. Reusable beyond the EU AI Act. The same scanning engine adapts to any regulation. If you also need to cover GDPR, DSA, MiCA, NIS2, DORA, or industry-specific rules (medical-device regulation, financial-services frameworks, product-safety law), we can extend ComplianceLint or build a sibling scanner for your specific text. You get an audit tool you can keep running, not a one-off PDF report.

Frequently asked questions

Do I need EU AI Act consulting if my company is not in the EU?

Yes if you sell, deploy, or distribute AI systems into the EU market — regardless of where your company is registered. The Act applies extraterritorially. US, UK, Asian, and Middle Eastern companies all need to comply if their AI reaches EU users.

What are the EU AI Act fines?

Fines reach up to €35 million or 7% of global annual turnover (whichever is higher) for prohibited practices. Up to €15 million or 3% for non-compliance with high-risk obligations. Up to €7.5 million or 1% for supplying incorrect information.

How long does an Annex IV pack take?

For a single high-risk system: roughly 8–12 weeks if your engineering team is responsive. For a company with multiple AI systems, plan 10–14 weeks for the bundle — we work in parallel where we can.

What if my AI system isn’t in Annex III?

You’re likely in the limited-risk or minimal-risk tier — with much lighter obligations. Article 50 transparency rules may still apply (e.g. chatbots must disclose AI; deepfakes must be labelled). We confirm classification in the Readiness Audit before scoping any larger work.

Is Article 4 AI literacy training really mandatory?

Yes — in force since February 2, 2025. Every provider and deployer of AI must ensure their staff have a sufficient level of AI literacy. It covers anyone operating AI on your behalf, not just engineers. We deliver a 4-tier curriculum (all-staff · power users · technical · leadership) with documented assessments.

What if we need a scanner for a different law (GDPR, DSA, NIS2, DORA)?

That’s our Regulatory-Compliance AI Tools service. The ComplianceLint engine adapts to any legal text. We build a custom scanner, obligation database, evidence pipeline, and audit output for your specific regulation. Scope is custom — talk to us about your specific law.

Start with a free 30-minute scoping call

We’ll tell you which package fits, or whether you even need one. No sales pressure.

Book a call →
EU-based  ·  Privacy-first  ·  GDPR compliant by design
info@ki-sum.ai
Home About Kisum GmbH ComplianceLint Imprint (Impressum) Privacy Policy
© 2026 Kisum GmbH · Munich, Germany · Serving DACH, EU & worldwide