Services · EU AI Act
AI that is ready
for the EU AI Act.
The main obligations apply from August 2, 2026. I am the engineer who builds the technical controls: transparency, automatic logging, human oversight, data governance, and evaluation. I do the build half; your legal counsel does the legal half. Together that is compliance you can ship.
What the Act asks of your product
The AI Act sorts systems by risk. Most products land in two buckets, and the engineering work is different for each.
Limited risk (most chatbots and AI features)
Transparency obligations: tell users they are talking to AI, mark AI-generated content. Concrete and quick to implement correctly.
High risk (recruiting, credit, biometrics, and more)
Risk management, data governance, automatic logging, human oversight, accuracy and robustness testing, technical docs, and post-market monitoring.
Deployer obligations
Using OpenAI or Claude does not exempt you. As the deployer, the oversight, logging, and transparency duties are yours to build.
Documentation and evidence
You have to be able to show your work. I produce the technical documentation and logs that make an audit boring.
What I implement
Transparency and content marking
Article 50 disclosure for AI interactions and machine-readable marking of AI-generated output.
Automatic logging
Tamper-evident event logs over the system lifecycle - inputs, decisions, model versions, overrides.
Human oversight
Real human-in-the-loop controls - approval gates, override paths, and escalation, not a checkbox.
Evaluation and robustness
An eval harness for accuracy, bias checks, and regression tests that run before each deploy.
Data governance
Lineage, retention, and deletion paths that also satisfy GDPR - see my GDPR-compliant AI service.
EU data residency
Where required, models and data stay in the EU via cloud regions or a self-hosted LLM.
Pricing
| Scope | Timeline | Price |
|---|---|---|
| Transparency, content marking, and logging pass on an existing feature | 1-3 weeks | $3.5K-$15K |
| Human oversight, eval harness, and data-governance controls | 3-6 weeks | $15K-$40K |
| Full high-risk control set with documentation and monitoring | 6-10 weeks | $30K-$60K |
| Hourly retainer post-launch | Ongoing | $100/hr |
These cover engineering only. Legal interpretation, conformity assessment, and sign-off sit with your counsel or DPO.
Frequently asked questions
When does the EU AI Act apply?
It entered into force in 2024 and applies in phases. Prohibited practices have applied since February 2025, general-purpose AI obligations since August 2025, and the main body of obligations - including most high-risk system requirements - applies from August 2, 2026. Some embedded high-risk cases extend to 2027. If you ship AI to EU users, the 2026 date is the one to plan around.
Are you a lawyer or a compliance consultant?
Neither - I am a senior engineer who builds the technical controls the Act requires. I implement the logging, transparency, human-oversight, data-governance, and evaluation machinery so your system can be compliant, and I work alongside your legal counsel or DPO who owns the legal interpretation and sign-off. You need both. I am the build half.
Does the AI Act apply to my product if I use OpenAI or Claude?
Yes. Using a third-party model does not exempt you - you are the deployer, and obligations like transparency, human oversight, record-keeping, and risk management land on you. The model provider handles their share (GPAI obligations); you handle deployment. I make sure the deployment side is built correctly.
What does a high-risk classification mean for the build?
High-risk systems (think recruiting, credit, biometric, critical infrastructure, certain medical or education uses) carry the heaviest requirements: risk management, data governance, technical documentation, automatic logging, human oversight, accuracy and robustness testing, and post-market monitoring. I build these in from the start rather than retrofitting, which is far cheaper than bolting them on after launch.
What about the transparency rule for chatbots?
Article 50 requires that users are told when they are interacting with an AI system, and that AI-generated content is marked. For chatbots and generative features this is a small, concrete build task - clear disclosure, machine-readable content marking - that I handle as part of the integration.
How much does AI Act readiness cost?
It depends on whether your system is high-risk and how much exists already. A transparency-and-logging pass on an existing feature is at the low end ($3.5K-$15K); a full high-risk control set with documentation and monitoring is a larger engagement ($20K-$60K). I scope it precisely after a free 30-minute call.
Related: GDPR-compliant AI development · self-hosted LLM in Europe · AI integration
This page is engineering guidance, not legal advice. For the official text, see the EU AI Act resources.