Sold by: Kriv AI
Kriv AI delivers the implementation follow-on to our EU AI Act Readiness Assessment (listing E5). 8-week fixed-fee deployment on Customer's AWS account of Regulation (EU) 2024/1689 operative articles: Article 9 (risk management), Article 10 (data governance), Article 11 + Annex IV (technical documentation), Article 12 (logging with 10-year retention aligned to Article 18), Article 13 (transparency), Article 14 (human oversight), Article 15 (accuracy/robustness/cybersecurity), Article 17 (QMS), Article 26 (deployer obligations), Article 27 (FRIA), Article 40 (harmonized standards), Article 43 (conformity assessment), Articles 48/49/50 (declaration + CE marking + content labeling). Enterprise tier adds GPAI Articles 51–56 and notified-body engagement support. Three tiers: $75K / $150K / $275K + $40K per add-on system. AWS Select + Databricks + Anthropic CPN.
Overview
Every existing EU AI Act listing on AWS Marketplace stops at assessment. None deliver implementation. This service provides the natural follow-on to Kriv’s live E5 EU AI Act Readiness Assessment.
Regulation (EU) 2024/1689 is in phased force: February 2025 prohibited-AI ban; August 2025 GPAI obligations; February 2026 AI Office enforcement capabilities active; August 2026 high-risk Annex III + penalty regime in force; August 2027 full Annex III in force. Article 85 penalties are material: €35M or 7% of global turnover for Article 5 prohibited practices; €15M or 3% for high-risk non-compliance; €7.5M or 1% for incorrect information to National Competent Authorities. US multinationals with EU operations are the most under-prepared buyer segment, and Article 2 makes the Regulation extraterritorial whenever AI system output is used in the Union.
Existing AWS Marketplace listings are assessment-only. Kriv’s E5 EU AI Act Readiness Assessment is live and competes with globaldatanet’s AI Act Readiness Check, adesso’s Responsible AI Assessment, AIM Consulting’s AI Guardrails, Ankercloud’s European Sovereign Cloud Readiness, and Strategic Communications’ Responsible AI Governance Assessment, every one stops at a gap list. Big-4 implementation SOWs run €150K–€500K over 6–12 months and are sold off-Marketplace. European SIs (Sopra Steria, Atos, Capgemini, TCS, Infosys) embed AI Act advisory in broader transformation deals at €300K–€1M+. Notified-body fees alone (TÜV SÜD, TÜV Rheinland, DEKRA, BSI, DNV, Bureau Veritas) run €50K–€150K per high-risk system. Nothing on AWS Marketplace today delivers a fixed-fee, transparent, purchase-order-ready EU AI Act implementation. This service provides that capability.
Reference architecture and controls are deployed on the Customer’s AWS account: Article 9 Risk Management System is implemented using SageMaker Model Monitor, AWS Config, and Security Hub with structured lifecycle risk tracking. Article 10 Data Governance uses Lake Formation lineage and access control, SageMaker Clarify bias detection, Macie PII discovery, and S3 Object Lock immutable training data storage. Article 11 Technical Documentation (Annex IV) is supported via Amazon Bedrock and Claude-assisted drafting, SageMaker Model Cards, and CloudFormation system artifacts. Article 12 Logging is implemented using AWS CloudTrail organization-wide logging with immutable S3 Object Lock retention aligned to regulatory requirements. Article 13 Transparency controls include AI output labeling using Bedrock Guardrails and metadata enforcement. Article 14 Human Oversight is implemented using AWS Step Functions workflows, escalation paths, override logging, and intervention controls. Article 15 Accuracy, robustness, and cybersecurity are implemented using SageMaker monitoring, AWS WAF, AWS Shield, GuardDuty, and AWS Config baselines. Article 17 QMS integration aligns with ISO 9001, ISO 27001, and ISO 42001. Article 26 Deployer obligations include monitoring, incident reporting, and data quality controls. Article 27 FRIA templates are included for applicable public sector high-risk systems. Article 40 harmonized standards mapping covers ISO/IEC AI governance frameworks. Article 43 conformity assessment supports internal control and notified-body readiness pathways. Articles 48–50 support Declaration of Conformity drafting, CE marking preparation, and AI content labeling controls. Articles 51–56 GPAI requirements are supported for enterprise deployments, including systemic risk classification, downstream transparency, and AI Office reporting alignment.
Week-by-week delivery (Standard tier): Week 1 scoping and classification; Week 2 AWS landing zone and logging baseline; Week 3 Articles 9–10; Week 4 Articles 11–12; Week 5 Articles 13–15; Week 6 Articles 17–40; Week 7 Articles 43–50; Week 8 validation and handover.
Three tiers: Foundation $75K (6–8 weeks; 1 high-risk system; Articles 9–15 + Annex IV); Standard $150K (8–12 weeks; up to 3 systems; full Articles 9–17 + 40 + 48–50 + Article 26); Enterprise $275K (10–18 weeks; up to 5 systems or GPAI scope; Articles 51–56 + systemic risk governance + Annex XI/XII).
Optional Extra High-Risk System add-on: $40K each.
Important disclosures: The service provider is not a Notified Body, not an EU-authorized representative, not a conformity assessment body, and not a law firm. It does not sign Declarations of Conformity, issue CE marking, or perform third-party conformity assessments. No legal advice is provided. No guarantee of regulatory approval or certification outcomes. AWS infrastructure costs are billed separately. Customer retains final regulatory responsibility.
Highlights
- First EU AI Act implementation SKU on AWS Marketplace — Articles 9–17 + Annex IV + Articles 26 + 27 + 40 + 43 + 48 + 49 + 50 deployed in 8 weeks (Standard tier default).** Article 12 logging with 10-year retention aligned to Article 19 via CloudTrail + S3 Object Lock. Article 14 human oversight via Step Functions with override logging + QuickSight dashboards. Article 50 AI-generated-content labeling via Bedrock Guardrails + custom metadata. All deployed on Customer's AWS account.
- Natural follow-on to live E5 Readiness Assessment — transparent fixed-fee $75K / $150K / $275K with Enterprise GPAI tier (Articles 51–56).** Enterprise tier covers systemic-risk classification (>10²⁵ FLOPs), Annex XI + XII GPAI documentation, downstream-provider transparency, AI Office incident reporting, notified-body engagement support, and CE-marking readiness. Notified-body shortlist: TÜV SÜD, TÜV Rheinland, DEKRA, BSI, DNV, Bureau Veritas. 30/60/90-day warranty per tier.
- AWS Select + Databricks + Anthropic CPN — Bedrock-drafted Annex IV technical documentation (Customer human-reviewed) + CloudTrail 10-yr retention + SageMaker Model Monitor/Clarify/Model Cards + Lake Formation data lineage + Macie PII discovery + S3 Object Lock immutable training-data lineage.** Extra High-Risk System add-on $40K each. Enforcement timeline: Feb 2026 AI Office enforcement active, Aug 2026 high-risk + penalty regime in force, Aug 2027 full Annex III in force.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. First response within 2 US business days (Mon–Fri 9 am – 6 pm ET, ex-US federal holidays). Active engagements: Engagement Lead within 4 business hours weekdays. Enforcement-driven engagements (AI Office inspection, NCA investigation, EU-customer contract demand, conformity deadline) compress to same business day.
Onboarding SLA. First customer contact within 2 US business days of buyer inquiry / private-offer acceptance. Kickoff within 2–3 weeks of SOW; 5–10 business days for enforcement-driven engagements.
Escalation. (1) Engagement Lead (named in SOW) → (2) Practice Director (info@kriv.ai ) → (3) CEO Abhinav Dangri (info@kriv.ai ).
Communication. Dedicated Microsoft Teams channel; weekly 60-min video checkpoint; Friday written status. Customer SMEs 4–6 hrs/week (CAIO, CCO, CISO, CDO, GC, CRO, Head of Regulatory Affairs, Internal Audit, DPO).
Handoff. Word/Excel/PDF in customer secure share; reference architecture as .drawio + PNG; CloudFormation IaC preserved in secure repo; Annex IV technical doc package as Word + PDF per in-scope system; Article 48 Declaration of Conformity as Word template for provider signature; Annex VIII EU Database registration prep.
Out of scope. Kriv is not a Notified Body, EU-authorized representative, conformity-assessment body, or law firm. Signs no Declarations of Conformity; issues no CE marking; performs no third-party conformity assessments; represents no clients before any EU regulator. Bedrock / Claude-generated Annex IV DRAFT requires qualified human review before any regulator submission.
AWS-side billing. AWS infrastructure (CloudTrail, S3 Object Lock, Bedrock, SageMaker, Lake Formation, Macie, Config, Security Hub, KMS, Step Functions, QuickSight) billed directly by AWS.
Holiday coverage. Closed on US federal holidays.