EXPERTISE
EU AI Act
The world's first comprehensive AI regulation — a risk-based framework with obligations that scale from transparency to strict conformity, for organisations that build or use AI.
What it is — and why it matters.
The EU AI Act establishes harmonised rules for artificial intelligence across the EU, using a risk-based approach. Practices deemed an unacceptable risk are prohibited outright. High-risk systems face strict requirements — risk management, data governance, technical documentation, human oversight, accuracy, and robustness. Limited-risk systems carry transparency obligations (telling people they're interacting with AI). Minimal-risk uses are largely unregulated. Providers and deployers each have distinct duties, and general-purpose AI (GPAI) models have their own dedicated rules. For most organisations the urgent question is no longer "if" but "which of our AI systems are in scope, and at what tier."
Who this affects.
Providers and deployers of AI systems placed on the EU market or used within the EU — including organisations established outside the EU. It is especially relevant if you build AI, embed it into products, or use it in higher-stakes contexts such as recruitment, credit, education, or critical infrastructure.
What's involved
How we help.
AI inventory & classification | Identify which systems are in scope, and at what risk tier.
AI governance | Accountability and oversight for how AI is built and used.
AI risk management | Risk management tailored to AI's specific failure modes.
Conformity readiness | Technical documentation and the evidence conformity requires.
Deployer obligations | Human-oversight design and the duties that fall on users of AI.
Aligned to AI Security & Compliance | Kept consistent with your broader safe-AI posture.
Compliance
Within your managed office.
The EU AI Act sits under Compliance and connects to Governance, Risk, and Architecture & Transformation. We manage it alongside your wider AI Security & Compliance topic so AI adoption stays both compliant and genuinely safe — part of one program, not a bolt-on.
Related expertise
Topic
Enterprise Security Architecture
A business-driven, enterprise-wide architecture that links security to strategy — from business context down to logical and physical design, so every control traces back to a goal.
Topic
Information Security Architecture
The structured design of security controls across your technical estate — identity, network, data, cloud, endpoints — as one coherent system aligned to your risks.
Topic
Security Strategy
Setting direction and priorities for security — a sequenced, realistic roadmap aligned to your objectives and risk, not a wish list of everything.
Within your managed office.
The EU AI Act sits under Compliance and connects to Governance, Risk, and Architecture & Transformation. We manage it alongside your wider AI Security & Compliance topic so AI adoption stays both compliant and genuinely safe — part of one program, not a bolt-on.
CTRL Disrupt
Your Managed Security & Risk Office.
Based in the Netherlands.
EXPERTISE
ISO 27001
NIS2
BIO2.0
EU AI Act
AI Security & Compliance
Marshalllaan 2
2625 GZ Delft
The Netherlands
© 2026 CTRL Disrupt Consulting B.V. · KvK 87198983 · All rights reserved.