EU AI Act

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

Speak to Information Security Expert

Having assisted over 450 organisations to achieve ISO 27001 certification URM are the ideal experts and partners to help you certify.

Speak to one of our experts for more information on how we can help. Simply call 0118 206 5410 or use the contact form.

Contact us

EU AI Act

The EU Artificial Intelligence (AI) Act is aimed at ensuring the safe and ethical use of AI in the EU.  It looks to balance AI innovation with the protection of fundamental human rights, ensuring that AI technologies are developed and used safely, transparently, and without infringing on individuals’ rights, whilst still enabling the economic growth that AI is certain to generate.

We would like to pass on our gratitude to our consultant for all his hard work and advice during our 3-year re-certification and assessment against the new Standard. After seven days of auditing, we have two OFIs that the assessors have put forward from the audits. This pays testament to our URM consultant, his hard work, eye for detail and advice given, both during the audits and during all the works beforehand.
Waste management company

The Act establishes a risk-based AI classification scheme, through which different AI applications and the contexts of their use are classified according to the risk they pose to users, introducing different rules for different risk levels.  It also prohibits particularly high-risk AI systems, and clarifies the roles and responsibilities associated with the development and provision of AI systems.

Failure to comply with the EU AI Act can lead to significant financial penalties, ranging from €7.5m or up to 1% of the organisation’s global annual turnover for the supply of incorrect, incomplete or misleading information, and €35m or up to 7% of global annual turnover for non-compliance with prohibited AI practices.  As such, it is essential to ensure that you understand the Act’s requirements and their applicability within your organisation, and take the necessary steps to achieve compliance.

Applicability Assessment

URM’s team of consultants can work with you to determine how and where the AI Act applies to your organisation.  We will help you understand the Act’s requirements, which aspects of your business fall within its scope, and your organisation’s ‘role’ under the Act (i.e., whether you are considered an AI provider, deployer, authorised representative, importer, distributor or operator) along with the associated compliance obligations.  We can also determine any AI prohibitions that may impact your organisation and the risk level associated with your non-prohibited AI use, as well as determining the applicability of the Act if your organisation is based outside of the EU but has premises or operates within it.

Compliance Services

Having established how the AI Act applies to your organisation, URM can support you to identify and implement the necessary measures for compliance.  This includes assessing and enhancing your existing AI governance framework, risk management processes, and technical controls to ensure compliance with the Act’s requirements.  URM will support you in implementing transparency, accountability, and data protection measures, as well as establishing robust documentation and reporting processes.

We are immensely grateful to URM for their unwavering support, professionalism, and expertise throughout our ISO 27001 and Cyber Essentials Plus journey. Their guidance and strategic insights have been invaluable. With URM's continued partnership and support, we are confident in our ability to proactively address emerging threats and keep our business secure.
IT consultancy
Planning for ISO 42001, the EU AI Act, or broader AI risk frameworks?

A short, free, non‑commitment call can help you clarify scope, understand regulatory expectations, and align your approach across standards such as ISO 42001 and NIST AI RMF. Early guidance often saves time and avoids fragmented compliance efforts.

Speak to our AI governance specialists today

Get in touch

You do not need a fully defined programme to speak with us. We offer a free, no‑obligation call to help you understand ISO 42001 requirements, assess your current AI governance maturity, and identify practical next steps. Early clarity can prevent unnecessary work and support confident compliance.
Get in touch to arrange your free call.

Please note, we can only process business email addresses.

Why URM for the EU AI Act?

Track record

While the EU AI Act is a new regulation, URM can leverage its 2 decades of experience supporting countless organisations to comply with legislation such as the General Data Protection Regulation (GDPR) to provide informed and reliable support in helping you meet the requirements of the Act.  In more recent years, URM has sat at the cutting edge of AI governance and risk management, and has already assisted numerous organisations to understand and mitigate their AI-related risks, align with emerging best practices, and prepare for regulatory compliance.  As such, you can be assured that any guidance you receive from URM is informed by a long history of success stories, and can guarantee the same result for your organisation.  

Tailored and flexible approach

A key differentiator between URM and other AI consultancy providers is our flexible service offerings.  Our services can be tailored to your organisation’s precise requirements, in terms of the type of support we provide, the frequency of site days (remote or on site), etc.  Our experts always consult with the aim of delivering practical, sustainable solutions, which balance full regulatory compliance with operational efficiency and business objectives.

Knowledge transfer

URM prides itself on its knowledge transfer philosophy and training expertise which help to ensure that you not only understand what the requirements of the EU AI Act are, but also how best to meet them.

Without doubt, URM helped us to achieve our planned objectives a lot sooner than expected. The engagement was a huge success and couldn’t have gone any better.
Postal service company
URM is extremely trustworthy and reliable. We rely on URM for multiple services throughout the year, including penetration testing and PCI DSS audit services. As a smaller business, we have to be organised in our approach to compliance obligations and URM is a dependable partner which makes the difference.
Cyber security services provider

Implementing and Certifying to ISO 42001

Published on
5/6/2026

URM’s blog breaks down how to effectively implement ISO 42001, where it differs from other ISO standards, and the common certification pitfalls to avoid

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
26/6/2026
How Organisations Fall Into PCI DSS Scope Without Realising It

URM’s blog explains how organisations can unintentionally and without realising fall into scope of the PCI DSS, despite not directly handling card data.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
17/6/2026
ISO 27001 Clause 10.2: Nonconformity and corrective action

URM’s blog explains how to meet ISO 27001 Clause 10.2, including finding nonconformities, performing root cause analysis, implementing corrective actions & more

Read more
Thumbnail of the Blog Illustration
Artificial Intelligence
Published on
5/6/2026
Implementing and Certifying to ISO 42001

URM’s blog breaks down how to effectively implement ISO 42001, where it differs from other ISO standards, and the common certification pitfalls to avoid

Read more
"
Whenever we have asked our QSA and account manager whether additional work is required outside of the annual cycle, there has never been a hard sell of any of URM’s services, and instead offer advice based on our compliance requirements and business needs.