The EU AI Act's full deployer obligations apply from 2 August 2026. Most organisations are underprepared. Find out where you stand →
EU AI Act Compliance · Independent Advisory

Your AI use may carry more liability than you think.

Architecture First helps organisations understand their obligations under the EU AI Act, independently, clearly, and without jargon. Whether you built the AI or simply use it, the Act applies to you.

Book a free discovery call View the timeline →
The risk framework
Where does your AI use sit?

The Act classifies every AI system into one of four risk tiers. Your obligations and your exposure depend entirely on which tier applies to you.

Prohibited Already illegal 8 practices banned outright since February 2025. No compliance pathway. Immediate cessation required.
High risk Heavily regulated Includes CV screening, credit scoring, and access to services. Full compliance obligations from August 2026.
Limited risk Transparency required Chatbots, synthetic media, and emotion recognition systems. Must disclose AI involvement to users.
Minimal risk No specific obligations Spam filters, recommendation engines, productivity tools. No Act-specific requirements beyond existing law.

A single organisation may have AI systems across multiple tiers. Our diagnostic maps every use case individually.

The most common mistake
"We didn't build the AI. We just use it. So it's not our responsibility."
This is one of the most common and most costly misconceptions we encounter. The EU AI Act draws a clear distinction between providers, who build AI, and deployers, who use it. Deployers carry their own direct legal obligations, entirely separate from their vendor's. Using a non-compliant or undocumented AI tool for high-risk purposes does not transfer your liability. It creates it. Article 2(1)(c) also makes clear that the Act applies to organisations outside the EU where AI outputs are used by EU citizens, meaning UK-based businesses are not exempt.
What we offer
Clear services. Fixed prices where it counts.

Every engagement starts with understanding your position, not with a lengthy retainer proposal. We keep entry points accessible and scope clearly defined.

Deployer Readiness Assessment From £3,500 · fixed price A structured diagnostic covering entity classification, use case risk mapping, liability exposure, gap analysis, and a prioritised action roadmap. Delivered as an executive slide deck and full written report.
AI Literacy Training Fixed price · scoped per engagement Article 4 of the EU AI Act requires deployers to ensure staff working with AI systems have a sufficient level of AI literacy. We deliver tailored training covering the Act's risk framework, your organisation's specific obligations, and the practical responsibilities of anyone overseeing or using AI in your business.
Remediation Support Fixed price · scoped per engagement Once your Deployer Readiness Assessment is complete, we can support you in delivering the roadmap it produces. From vendor due diligence and human oversight design through to documentation and policy drafting, we work alongside your team to close the gaps identified.
Key dates
The EU AI Act is not one deadline.

It is a phased rollout. Two deadlines have already passed.

Aug 2024
Regulation in force Passed
The Act became law. All countdown timers started here.
Feb 2025
Prohibited practices live Passed
The outright bans on manipulative AI, social scoring, and real-time biometric identification are already enforceable.
Aug 2025
GPAI rules and penalties apply Now
General-purpose AI model obligations and the full penalty framework are live. Fines of up to 7% of global turnover are already on the table.
Aug 2026
Main obligations for deployers
High-risk AI compliance, deployer obligations, conformity assessments, human oversight, and EU registration all become fully enforceable.
Aug 2027
Regulated product AI
AI embedded in medical devices, machinery, and other regulated products brought into full scope.
Why Architecture First
Technical depth. Independent advice.

Most AI Act consultancy comes from legal or compliance backgrounds. We bring something different.

Genuinely independent We have no delivery roadmap to protect, no software to sell, and no partner programme to maintain. Our recommendations reflect what is right for you.
Technical and regulatory We can assess governance documentation and interrogate the technical implementation behind it. Most compliance consultants can only do one of these.
Structured deliverables Every assessment produces a written report, an executive presentation, and a gap scorecard your team can act on, not a slide deck full of general observations.
No lock-in Our assessments are designed to be standalone. You can take the findings anywhere. If you want support with remediation, we are here. If not, you still have everything you need.
Start with a conversation.

A free 30-minute discovery call to understand your AI use, identify likely risk areas, and explain what an assessment would involve. No commitment required.

Book a discovery call
info@archfirst.co.uk Architecture First on LinkedIn UK-based, serving EU market clients
Independent AI Act advisory · Not legal advice · © 2026
Scroll to Top