EU AI Act

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

Speak to Information Security Expert

Having assisted over 400 organisations to achieve ISO 27001 certification URM are the ideal experts and partners to help you certify.

Speak to one of our experts for more information on how we can help. Simply call 0118 206 5410 or use the contact form.

Contact us

EU AI Act

The EU Artificial Intelligence (AI) Act is aimed at ensuring the safe and ethical use of AI in the EU.  It looks to balance AI innovation with the protection of fundamental human rights, ensuring that AI technologies are developed and used safely, transparently, and without infringing on individuals’ rights, whilst still enabling the economic growth that AI is certain to generate.

I am pleased to recognise the work of the URM internal auditor we have worked. Throughout all the audits carried out, he has consistently demonstrated professionalism, diligence, and a commitment to excellence in every task undertaken. Thanks to his efforts, we have achieved a very successful first stage ISO 27001:2022 certification audit, with zero findings noted, which has positioned us on track for the second stage audit and for long-term success.
Utilities solutions provider

The Act establishes a risk-based AI classification scheme, through which different AI applications and the contexts of their use are classified according to the risk they pose to users, introducing different rules for different risk levels.  It also prohibits particularly high-risk AI systems, and clarifies the roles and responsibilities associated with the development and provision of AI systems.

Failure to comply with the EU AI Act can lead to significant financial penalties, ranging from €7.5m or up to 1% of the organisation’s global annual turnover for the supply of incorrect, incomplete or misleading information, and €35m or up to 7% of global annual turnover for non-compliance with prohibited AI practices.  As such, it is essential to ensure that you understand the Act’s requirements and their applicability within your organisation, and take the necessary steps to achieve compliance.

Applicability Assessment

URM’s team of consultants can work with you to determine how and where the AI Act applies to your organisation.  We will help you understand the Act’s requirements, which aspects of your business fall within its scope, and your organisation’s ‘role’ under the Act (i.e., whether you are considered an AI provider, deployer, authorised representative, importer, distributor or operator) along with the associated compliance obligations.  We can also determine any AI prohibitions that may impact your organisation and the risk level associated with your non-prohibited AI use, as well as determining the applicability of the Act if your organisation is based outside of the EU but has premises or operates within it.

Compliance Services

Having established how the AI Act applies to your organisation, URM can support you to identify and implement the necessary measures for compliance.  This includes assessing and enhancing your existing AI governance framework, risk management processes, and technical controls to ensure compliance with the Act’s requirements.  URM will support you in implementing transparency, accountability, and data protection measures, as well as establishing robust documentation and reporting processes.

Our URM consultant was most helpful. Very constructive with her thoughts. She completely understood the technology we are using to monitor the ISMS, which allowed her to fully appreciate the documentation.
IT solutions provider

Get in touch

Please note, we can only process business email addresses.

Why URM for the EU AI Act?

Track record

While the EU AI Act is a new regulation, URM can leverage its 2 decades of experience supporting countless organisations to comply with legislation such as the General Data Protection Regulation (GDPR) to provide informed and reliable support in helping you meet the requirements of the Act.  In more recent years, URM has sat at the cutting edge of AI governance and risk management, and has already assisted numerous organisations to understand and mitigate their AI-related risks, align with emerging best practices, and prepare for regulatory compliance.  As such, you can be assured that any guidance you receive from URM is informed by a long history of success stories, and can guarantee the same result for your organisation.  

Tailored and flexible approach

A key differentiator between URM and other AI consultancy providers is our flexible service offerings.  Our services can be tailored to your organisation’s precise requirements, in terms of the type of support we provide, the frequency of site days (remote or on site), etc.  Our experts always consult with the aim of delivering practical, sustainable solutions, which balance full regulatory compliance with operational efficiency and business objectives.

Knowledge transfer

URM prides itself on its knowledge transfer philosophy and training expertise which help to ensure that you not only understand what the requirements of the EU AI Act are, but also how best to meet them.

Our URM consultant was most helpful. Very constructive with her thoughts. She completely understood the technology we are using to monitor the ISMS, which allowed her to fully appreciate the documentation.
IT solutions provider
We are immensely grateful to URM for their unwavering support, professionalism, and expertise throughout our ISO 27001 and Cyber Essentials Plus journey. Their guidance and strategic insights have been invaluable. With URM's continued partnership and support, we are confident in our ability to proactively address emerging threats and keep our business secure.
IT consultancy

Establishing Organisational Control Over Artificial Intelligence

Published on
22/11/2024

URM’s blog discusses the need for policy in relation to the use of AI, real-world cases where AI has caused organisations issues & how to create an AI policy.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
27/3/2025
ISO 27001:2022 Annex A Physical Controls

URM’s blog offers key advice on implementing the physical controls in Annex A of ISO 27001 and preparing for a successful physical controls audit.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
10/3/2025
PCI SSC Announces Changes to the SAQ A

URM’s blog explains the recent update to PCI DSS SAQ-A that has resulted in the removal of 2 new v4 requirements & the addition of new eligibility criteria.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
21/2/2025
The Impact of AI on PCI DSS Compliance

URM’s blog explores how AI can impact PCI DSS compliance, both in terms of the benefits it can provide and the challenges it may present.

Read more
"
Our partnership with URM has been outstanding. From supporting us with our own Cyber Essentials certification to assisting our customers with Cyber Essentials, ISO 27001, and virtual CISO services, URM consistently delivers exceptional service. Their expertise, open communication, and ability to allocate the right expert resources for specific requirements makes every project seamless. We highly value their support and look forward to continuing our collaboration.