EU AI Act

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

Speak to Information Security Expert

Having assisted over 400 organisations to achieve ISO 27001 certification URM are the ideal experts and partners to help you certify.

Speak to one of our experts for more information on how we can help. Simply call 0118 206 5410 or use the contact form.

Contact us

EU AI Act

The EU Artificial Intelligence (AI) Act is aimed at ensuring the safe and ethical use of AI in the EU.  It looks to balance AI innovation with the protection of fundamental human rights, ensuring that AI technologies are developed and used safely, transparently, and without infringing on individuals’ rights, whilst still enabling the economic growth that AI is certain to generate.

It’s one thing having the required technical knowledge, it’s another thing for a consultant to apply that knowledge to the context of our organisation. To use a sporting analogy, we view cyber and information security as a marathon not a sprint. I am not a believer in doing everything all at once. Our approach has been risk based and incremental, remediating our biggest risks first before moving on. I believe this approach is far more sustainable and effective. And URM’s consultants fully understand this and are very pragmatic and tailored in their guidance and advice. They know we are not implementing ISO 27001 purely for the certificate, but more as a framework for continual improvement, and at a pace where new systems and processes can be fully understood and absorbed by our team and be business as usual.
Brand distributor

The Act establishes a risk-based AI classification scheme, through which different AI applications and the contexts of their use are classified according to the risk they pose to users, introducing different rules for different risk levels.  It also prohibits particularly high-risk AI systems, and clarifies the roles and responsibilities associated with the development and provision of AI systems.

Failure to comply with the EU AI Act can lead to significant financial penalties, ranging from €7.5m or up to 1% of the organisation’s global annual turnover for the supply of incorrect, incomplete or misleading information, and €35m or up to 7% of global annual turnover for non-compliance with prohibited AI practices.  As such, it is essential to ensure that you understand the Act’s requirements and their applicability within your organisation, and take the necessary steps to achieve compliance.

Applicability Assessment

URM’s team of consultants can work with you to determine how and where the AI Act applies to your organisation.  We will help you understand the Act’s requirements, which aspects of your business fall within its scope, and your organisation’s ‘role’ under the Act (i.e., whether you are considered an AI provider, deployer, authorised representative, importer, distributor or operator) along with the associated compliance obligations.  We can also determine any AI prohibitions that may impact your organisation and the risk level associated with your non-prohibited AI use, as well as determining the applicability of the Act if your organisation is based outside of the EU but has premises or operates within it.

Compliance Services

Having established how the AI Act applies to your organisation, URM can support you to identify and implement the necessary measures for compliance.  This includes assessing and enhancing your existing AI governance framework, risk management processes, and technical controls to ensure compliance with the Act’s requirements.  URM will support you in implementing transparency, accountability, and data protection measures, as well as establishing robust documentation and reporting processes.

Without URM, we would not of achieved its certification goals.
Talent communications agency

Get in touch

Please note, we can only process business email addresses.

Why URM for the EU AI Act?

Track record

While the EU AI Act is a new regulation, URM can leverage its 2 decades of experience supporting countless organisations to comply with legislation such as the General Data Protection Regulation (GDPR) to provide informed and reliable support in helping you meet the requirements of the Act.  In more recent years, URM has sat at the cutting edge of AI governance and risk management, and has already assisted numerous organisations to understand and mitigate their AI-related risks, align with emerging best practices, and prepare for regulatory compliance.  As such, you can be assured that any guidance you receive from URM is informed by a long history of success stories, and can guarantee the same result for your organisation.  

Tailored and flexible approach

A key differentiator between URM and other AI consultancy providers is our flexible service offerings.  Our services can be tailored to your organisation’s precise requirements, in terms of the type of support we provide, the frequency of site days (remote or on site), etc.  Our experts always consult with the aim of delivering practical, sustainable solutions, which balance full regulatory compliance with operational efficiency and business objectives.

Knowledge transfer

URM prides itself on its knowledge transfer philosophy and training expertise which help to ensure that you not only understand what the requirements of the EU AI Act are, but also how best to meet them.

It’s one thing having the required technical knowledge, it’s another thing for a consultant to apply that knowledge to the context of our organisation. To use a sporting analogy, we view cyber and information security as a marathon not a sprint. I am not a believer in doing everything all at once. Our approach has been risk based and incremental, remediating our biggest risks first before moving on. I believe this approach is far more sustainable and effective. And URM’s consultants fully understand this and are very pragmatic and tailored in their guidance and advice. They know we are not implementing ISO 27001 purely for the certificate, but more as a framework for continual improvement, and at a pace where new systems and processes can be fully understood and absorbed by our team and be business as usual.
Brand distributor
After a bad experience with a previous provider, we looked to URM for QSA support. The URM QSA we have worked with is phenomenal, and considerably better than our previous QSAs. My team enjoy working with him, and find him to be extremely credible and effective.
UK-based university

Establishing Organisational Control Over Artificial Intelligence

Published on
22/11/2024

URM’s blog discusses the need for policy in relation to the use of AI, real-world cases where AI has caused organisations issues & how to create an AI policy.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
16/4/2025
ISO 27001:2022 - A.5 Organisational Controls (Supplier Management)

URM’s blog explains the importance of the 5 supplier management controls in ISO 27001 & provides practical guidance on how to implement each control.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
27/3/2025
ISO 27001:2022 Annex A Physical Controls

URM’s blog offers key advice on implementing the physical controls in Annex A of ISO 27001 and preparing for a successful physical controls audit.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
10/3/2025
PCI SSC Announces Changes to the SAQ A

URM’s blog explains the recent update to PCI DSS SAQ-A that has resulted in the removal of 2 new v4 requirements & the addition of new eligibility criteria.

Read more
"
The consultant’s efforts in ensuring that our PCI compliance is audited correctly is highly appreciated, as it gives the company an accreditation that we can be proud of and that we can show off to existing and prospective customers as proof of our security posture. A huge thank you to URM for providing such a valuable service.