EU AI Act

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

Speak to Information Security Expert

Having assisted over 400 organisations to achieve ISO 27001 certification URM are the ideal experts and partners to help you certify.

Speak to one of our experts for more information on how we can help. Simply call 0118 206 5410 or use the contact form.

Contact us

EU AI Act

The EU Artificial Intelligence (AI) Act is aimed at ensuring the safe and ethical use of AI in the EU.  It looks to balance AI innovation with the protection of fundamental human rights, ensuring that AI technologies are developed and used safely, transparently, and without infringing on individuals’ rights, whilst still enabling the economic growth that AI is certain to generate.

It’s one thing having the required technical knowledge, it’s another thing for a consultant to apply that knowledge to the context of our organisation. To use a sporting analogy, we view cyber and information security as a marathon not a sprint. I am not a believer in doing everything all at once. Our approach has been risk based and incremental, remediating our biggest risks first before moving on. I believe this approach is far more sustainable and effective. And URM’s consultants fully understand this and are very pragmatic and tailored in their guidance and advice. They know we are not implementing ISO 27001 purely for the certificate, but more as a framework for continual improvement, and at a pace where new systems and processes can be fully understood and absorbed by our team and be business as usual.
Brand distributor

The Act establishes a risk-based AI classification scheme, through which different AI applications and the contexts of their use are classified according to the risk they pose to users, introducing different rules for different risk levels.  It also prohibits particularly high-risk AI systems, and clarifies the roles and responsibilities associated with the development and provision of AI systems.

Failure to comply with the EU AI Act can lead to significant financial penalties, ranging from €7.5m or up to 1% of the organisation’s global annual turnover for the supply of incorrect, incomplete or misleading information, and €35m or up to 7% of global annual turnover for non-compliance with prohibited AI practices.  As such, it is essential to ensure that you understand the Act’s requirements and their applicability within your organisation, and take the necessary steps to achieve compliance.

Applicability Assessment

URM’s team of consultants can work with you to determine how and where the AI Act applies to your organisation.  We will help you understand the Act’s requirements, which aspects of your business fall within its scope, and your organisation’s ‘role’ under the Act (i.e., whether you are considered an AI provider, deployer, authorised representative, importer, distributor or operator) along with the associated compliance obligations.  We can also determine any AI prohibitions that may impact your organisation and the risk level associated with your non-prohibited AI use, as well as determining the applicability of the Act if your organisation is based outside of the EU but has premises or operates within it.

Compliance Services

Having established how the AI Act applies to your organisation, URM can support you to identify and implement the necessary measures for compliance.  This includes assessing and enhancing your existing AI governance framework, risk management processes, and technical controls to ensure compliance with the Act’s requirements.  URM will support you in implementing transparency, accountability, and data protection measures, as well as establishing robust documentation and reporting processes.

Without URM, we would not of achieved its certification goals.
Talent communications agency

Get in touch

Please note, we can only process business email addresses.

Why URM for the EU AI Act?

Track record

While the EU AI Act is a new regulation, URM can leverage its 2 decades of experience supporting countless organisations to comply with legislation such as the General Data Protection Regulation (GDPR) to provide informed and reliable support in helping you meet the requirements of the Act.  In more recent years, URM has sat at the cutting edge of AI governance and risk management, and has already assisted numerous organisations to understand and mitigate their AI-related risks, align with emerging best practices, and prepare for regulatory compliance.  As such, you can be assured that any guidance you receive from URM is informed by a long history of success stories, and can guarantee the same result for your organisation.  

Tailored and flexible approach

A key differentiator between URM and other AI consultancy providers is our flexible service offerings.  Our services can be tailored to your organisation’s precise requirements, in terms of the type of support we provide, the frequency of site days (remote or on site), etc.  Our experts always consult with the aim of delivering practical, sustainable solutions, which balance full regulatory compliance with operational efficiency and business objectives.

Knowledge transfer

URM prides itself on its knowledge transfer philosophy and training expertise which help to ensure that you not only understand what the requirements of the EU AI Act are, but also how best to meet them.

Our URM consultant was most helpful. Very constructive with her thoughts. She completely understood the technology we are using to monitor the ISMS, which allowed her to fully appreciate the documentation.
IT solutions provider
We have been using the services provided by URM for a couple of years now. They have been excellent in providing their expertise on ISO 27001 and SOC 2, which was instrumental in guiding us on our compliance and certification journey. Thanks to their professionalism and knowledge, we continue to obtain certifications smoothly and with confidence.
Automotive technology company

Establishing Organisational Control Over Artificial Intelligence

Published on
22/11/2024

URM’s blog discusses the need for policy in relation to the use of AI, real-world cases where AI has caused organisations issues & how to create an AI policy.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
23/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Legal, Regulatory and Contractual)

URM’s blog explains the legal, regulatory & contractual controls in ISO 27001 & how they can be implemented in full conformance with the Standard.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
16/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Information Security Management)

URM explains the 8 information security management controls included within the ‘Organisational controls’ theme and how to prepare for an audit of each control

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
9/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Access Management)

URM’s blog explores why the access controls in ISO 27001 matter, and how to implement each control in full conformance with both the Standard and best practice.

Read more
"
The partnership approach URM takes is genuine. Our relationship with URM is not hard-nosed or overly commercialised, and feels much closer to a partnership arrangement than any other security consultancy providers we have worked with. If we had a new piece of work that we needed external help with, URM would be our first port of call for assistance.