CC-03 · Advanced compliance

EU AI Act compliance

The AI Act comes into full force on 2 August 2026 for high-risk systems. We take you to compliance without waiting for a penalty. Consultoría + IA + Calidad cluster.

ClusterConsulting + AI + Quality
StandardAI Act + ISO 42001
Effective date2 Aug 2026

The AI Act classifies artificial intelligence systems by risk level: unacceptable (prohibited), high-risk (with stringent obligations), limited and minimal. Fines for non-compliant high-risk systems reach €35M or 7% of turnover. And most companies using AI — for recruitment, credit scoring, edtech or recommender systems — fall under these obligations without realising it.

Our work in three phases: (a) inventory of all AI systems in use or under development, whether proprietary or third-party; (b) risk classification according to the AESIA framework and an adaptation plan per system; (c) internal use policy, training for the management team and operational procedures.

Where applicable, we integrate the results with ISO 42001 (AI management system) implemented by Summum Calidad. And if you build or consume AI in production, we coordinate with Summum IA for the technical side of compliance.

Unacceptable risk

Prohibited

High risk

Full obligations · 2 Aug 2026
~

Limited risk

Transparency
·

Minimal risk

Recommendations

The EU AI Act compliance process.

The process · four stages
01

Inventory

We list AI systems in use or under development, both proprietary and third-party. What is not visible cannot be governed.

02

Classification

Each system is classified according to the AI Act: unacceptable, high risk, limited or minimal.

03

Compliance

Use policy, procedures by risk level, Annex IV and training.

04

Certification

We support ISO 42001 certification through Summum Calidad. A recognised standard to demonstrate externally.

What is included

What EU AI Act compliance includes.

The operational detail: what we deliver as part of the engagement and what we keep active afterwards.

  • AI systems inventory

    Proprietary models, third-party integrations, LLM automations.

  • Risk classification according to AESIA

    Application of the AESIA framework and the 16 guidelines of December 2025.

  • Compliance plan per system

    Technical documentation, impact assessment, controls, monitoring.

  • Internal AI use policy

    What is permitted, what is prohibited, how to report misuse.

  • Training for the management committee

    What a manager needs in order to decide with a clear grasp of the framework.

  • ISO 42001 support

    Coordinated with Quality for the certifiable management system.

Regulatory framework

The regulatory framework.

The AI Act is European regulation. ISO 42001 is the voluntary international standard that underpins compliance.

EU AI Act Applicable to this service
ISO/IEC 42001 Applicable to this service
AESIA 16 guidelines Applicable to this service
CE marked Applicable to this service
Summum cluster

How it intersects with related services.

It is not just legal. It is the Summum cluster: legal + management system + technical capability.

Frequently asked questions about EU AI Act compliance.

When does it come into force?

For high-risk systems, full effect on 2 August 2026. General-purpose obligations already active.

What happens if I do not comply?

Fines of up to 35 million euros or 7% of global turnover. And suspension of the system in the European market.

Does it only affect those who build AI?

No. It also affects those who use it. Scoring, recommendation engines, personnel selection and educational assessment are all in scope.