EU AI Act

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

Speak to Information Security Expert

Having assisted over 450 organisations to achieve ISO 27001 certification URM are the ideal experts and partners to help you certify.

Speak to one of our experts for more information on how we can help. Simply call 0118 206 5410 or use the contact form.

Contact us

EU AI Act

The EU Artificial Intelligence (AI) Act is aimed at ensuring the safe and ethical use of AI in the EU.  It looks to balance AI innovation with the protection of fundamental human rights, ensuring that AI technologies are developed and used safely, transparently, and without infringing on individuals’ rights, whilst still enabling the economic growth that AI is certain to generate.

Our partnership with URM has been outstanding. From supporting us with our own Cyber Essentials certification to assisting our customers with Cyber Essentials, ISO 27001, and virtual CISO services, URM consistently delivers exceptional service. Their expertise, open communication, and ability to allocate the right expert resources for specific requirements makes every project seamless. We highly value their support and look forward to continuing our collaboration.
Cyber security services and solutions provider

The Act establishes a risk-based AI classification scheme, through which different AI applications and the contexts of their use are classified according to the risk they pose to users, introducing different rules for different risk levels.  It also prohibits particularly high-risk AI systems, and clarifies the roles and responsibilities associated with the development and provision of AI systems.

Failure to comply with the EU AI Act can lead to significant financial penalties, ranging from €7.5m or up to 1% of the organisation’s global annual turnover for the supply of incorrect, incomplete or misleading information, and €35m or up to 7% of global annual turnover for non-compliance with prohibited AI practices.  As such, it is essential to ensure that you understand the Act’s requirements and their applicability within your organisation, and take the necessary steps to achieve compliance.

Applicability Assessment

URM’s team of consultants can work with you to determine how and where the AI Act applies to your organisation.  We will help you understand the Act’s requirements, which aspects of your business fall within its scope, and your organisation’s ‘role’ under the Act (i.e., whether you are considered an AI provider, deployer, authorised representative, importer, distributor or operator) along with the associated compliance obligations.  We can also determine any AI prohibitions that may impact your organisation and the risk level associated with your non-prohibited AI use, as well as determining the applicability of the Act if your organisation is based outside of the EU but has premises or operates within it.

Compliance Services

Having established how the AI Act applies to your organisation, URM can support you to identify and implement the necessary measures for compliance.  This includes assessing and enhancing your existing AI governance framework, risk management processes, and technical controls to ensure compliance with the Act’s requirements.  URM will support you in implementing transparency, accountability, and data protection measures, as well as establishing robust documentation and reporting processes.

Rather than having to coordinate with multiple providers for different standards or services, we can rely on a single, trusted partner for consistent support and expertise.
IoT provider
Planning for ISO 42001, the EU AI Act, or broader AI risk frameworks?

A short, free, non‑commitment call can help you clarify scope, understand regulatory expectations, and align your approach across standards such as ISO 42001 and NIST AI RMF. Early guidance often saves time and avoids fragmented compliance efforts.

Speak to our AI governance specialists today

Get in touch

You do not need a fully defined programme to speak with us. We offer a free, no‑obligation call to help you understand ISO 42001 requirements, assess your current AI governance maturity, and identify practical next steps. Early clarity can prevent unnecessary work and support confident compliance.
Get in touch to arrange your free call.

Please note, we can only process business email addresses.

Why URM for the EU AI Act?

Track record

While the EU AI Act is a new regulation, URM can leverage its 2 decades of experience supporting countless organisations to comply with legislation such as the General Data Protection Regulation (GDPR) to provide informed and reliable support in helping you meet the requirements of the Act.  In more recent years, URM has sat at the cutting edge of AI governance and risk management, and has already assisted numerous organisations to understand and mitigate their AI-related risks, align with emerging best practices, and prepare for regulatory compliance.  As such, you can be assured that any guidance you receive from URM is informed by a long history of success stories, and can guarantee the same result for your organisation.  

Tailored and flexible approach

A key differentiator between URM and other AI consultancy providers is our flexible service offerings.  Our services can be tailored to your organisation’s precise requirements, in terms of the type of support we provide, the frequency of site days (remote or on site), etc.  Our experts always consult with the aim of delivering practical, sustainable solutions, which balance full regulatory compliance with operational efficiency and business objectives.

Knowledge transfer

URM prides itself on its knowledge transfer philosophy and training expertise which help to ensure that you not only understand what the requirements of the EU AI Act are, but also how best to meet them.

We’d like to thank our assessor for his usual thorough and fully detailed attention to our system. Our ISMS is being spoken about in much awe and reverence within the wider organisation and I can honestly say that, without his support and wisdom over the last few years, this would not be happening.
Cloud infrastructure provider
Whenever we have asked our QSA and account manager whether additional work is required outside of the annual cycle, there has never been a hard sell of any of URM’s services, and instead offer advice based on our compliance requirements and business needs.
UK-based university

Implementing and Certifying to ISO 42001

Published on
5/6/2026

URM’s blog breaks down how to effectively implement ISO 42001, where it differs from other ISO standards, and the common certification pitfalls to avoid

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
26/6/2026
How Organisations Fall Into PCI DSS Scope Without Realising It

URM’s blog explains how organisations can unintentionally and without realising fall into scope of the PCI DSS, despite not directly handling card data.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
17/6/2026
ISO 27001 Clause 10.2: Nonconformity and corrective action

URM’s blog explains how to meet ISO 27001 Clause 10.2, including finding nonconformities, performing root cause analysis, implementing corrective actions & more

Read more
Thumbnail of the Blog Illustration
Artificial Intelligence
Published on
5/6/2026
Implementing and Certifying to ISO 42001

URM’s blog breaks down how to effectively implement ISO 42001, where it differs from other ISO standards, and the common certification pitfalls to avoid

Read more
"
Our URM consultant was really thorough, genuinely helpful and contributed real value literally within the first few minutes of our session by pointing out some (not-so-obvious) details of the new version of ISO 27001 that we hadn't been aware of until then. He then proceeded with a very well-prepared run-through and explanation of the controls in scope for our upcoming internal audit. Definitely a highlight and overall, very positive experience for us!