Services Readiness Sprint

Readiness Sprint

From AI governance gap to audit-ready compliance — before the inspection arrives.

Fixed scope
Article 26 compliant
Financial sector primary
Get in touch →

The problem

"Legal tells you what the rules say. Tech says the AI works. Nobody connects those two worlds for a regulator."

Article 26: 13 obligations, zero playbook

EU AI Act places 13 specific obligations on deployers. EBA operational guidance won't arrive until 2027 — after the August 2026 enforcement deadline. Banks must act before the official playbook exists.

The governance documentation gap

Most organisations have deployed AI in production. Very few have documented governance that maps to Article 26 obligations. The gap between what's deployed and what's documented is audit exposure.

The penalty frame

€15 million or 3% of global annual turnover. For deployer-level violations. Not for building bad AI — for failing to govern AI you deploy.

Method

Four phases. Audit-ready output.

1

Inventory & classification

AI system discovery across all business units. Risk classification under Annex III. Stakeholder interviews to map ownership, usage patterns, and data flows.

2

Gap assessment

Existing documentation mapped against all 13 Article 26 obligations. Critical gaps identified and ranked by audit exposure. Legal rationale documented for each classification decision.

3

Framework design

Build governance policies, roles & responsibilities, documentation templates, audit trail structure. Designed to be maintainable by internal teams after the Sprint ends.

4

Package & roadmap

Finalise AI System Register. Write Compliance Gap Report. Build board deck. Prioritise remediation backlog with effort estimates and ownership assignments.

What you get

Five documents. One package.

  • AI System Register

    Article 26-compliant format, structured for audit presentation and ongoing maintenance.

  • Risk Classification Report

    Legal rationale for each system's risk category under Annex III. Defensible against regulatory scrutiny.

  • Governance Framework

    Policies, roles, escalation procedures, audit trail structure. Internal-team maintainable.

  • Compliance Gap Report

    Prioritised remediation backlog with effort estimates.

  • Board deck

    10 slides maximum. Regulator-ready. Maps obligations to evidence.

Who it's for

The problem owner.

CRO

Owns AI risk governance. Needs documentation that withstands a KNF or ECB inspection.

CCO

Owns Article 26 compliance. Needs a structured programme that closes the gap between current state and audit readiness.

Head of AI

Owns the technical systems. Needs governance documentation that accurately reflects how systems actually work.

Regulatory deadline

August 2026 enforcement. Zero extensions.

The EU AI Act enforcement deadline for high-risk AI systems is August 2026. A proposed Digital Omnibus amendment may extend this to December 2027 — but it is not yet adopted and is not guaranteed. Organisations that act now eliminate the risk either way.

Book a slot →

What comes next

Readiness Sprint opens the door.

KNF Playbook

For Polish financial institutions: extend Readiness Sprint output into a KNF-specific inspection-ready package, mapped to BaFin's January 2026 template.

Compliance Audit

Article 26 posture verification — at whatever cadence your governance cycle requires. Confirm the framework built in the Sprint still reflects your current AI deployment reality.

Advisory Retainer

Quarterly documentation updates as regulation evolves. Keep your governance package current without rebuilding from scratch.

Ready to close the gap before August 2026?

Every engagement starts with a short conversation. No commitment, just specifics.

Let's talk →