EU AI Act Compliance Assessment for High-Risk & GPAI Systems on AWS

The EU AI Act is already in force. High-risk enforcement starts August 2, 2026.

Prohibited practices (Article 5) became enforceable on February 2, 2025. General-Purpose AI model obligations (Articles 53, 55) went live on August 2, 2025. High-risk system obligations under Annex III — covering healthcare triage, credit scoring, insurance underwriting, employment screening, biometric categorization — become enforceable on August 2, 2026. Non-conformity exposes providers and deployers to administrative fines up to €35 million or 7% of worldwide annual turnover, whichever is higher (Article 99).

Kriv AI's EU AI Act Compliance Assessment is a structured 4-week virtual engagement that maps each of your AWS-deployed AI workloads to its specific obligations under Regulation (EU) 2024/1689. The methodology is adapted from our 7-agent governed AI reference architecture and extended to cover the full Act.

4-week engagement

• Week 1 — Inventory + risk classification. AI system inventory across business units; risk-tier each system (Art. 5 prohibited / Annex III high-risk / limited-risk / minimal-risk / GPAI); stakeholder interviews (Legal, Engineering, Product, DPO); GDPR + existing DPIA intake.

• Week 2 — Gap analysis (Articles 9–15). Risk management system (Art. 9), data governance (Art. 10), technical documentation Annex IV (Art. 11), automatic logging (Art. 12), transparency (Art. 13), human oversight (Art. 14), accuracy + robustness + cybersecurity (Art. 15). Cloud-agnostic findings with AWS-preferred remediation.

• Week 3 — FRIA, conformity, post-market. Article 27 Fundamental Rights Impact Assessment for deployers; conformity assessment readiness (internal vs. notified body); Art. 72 post-market monitoring plan draft; Art. 73 serious incident reporting workflow. GPAI providers: Art. 53 transparency + Art. 55 systemic-risk evaluation (10²⁵ FLOPs threshold).

• Week 4 — Executive readout + remediation roadmap. C-suite presentation; documentation pack handoff; prioritized roadmap aligned to Aug 2, 2026 high-risk obligations deadline.

Deliverables customer owns: 30-page Readiness Assessment Report · AI System Inventory with Annex III classification · Article 9 Risk Management System template · Article 10 Data Governance policy · Article 13 Transparency notices · Article 14 Human Oversight specification · Annex IV Technical Documentation template · Article 27 FRIA template · Conformity Assessment gap analysis · Article 72 Post-Market Monitoring plan · remediation roadmap pre-Aug 2, 2026.

AWS-native control mappings

Bedrock + Bedrock Guardrails (GPAI deployment + Article 15 cybersecurity) · SageMaker + Responsible AI Toolkit (Articles 10 + 15) · CloudTrail + Config (Article 12 record-keeping) · Comprehend (PII detection for Article 27 FRIA) · GuardDuty + Security Hub (Article 15 cybersecurity). Cloud-agnostic equivalents provided for Azure and GCP customers.

Legal positioning — important

Kriv AI is a US-based AI governance firm specializing in regulated industries. Legal interpretation and sign-off on EU-law questions is provided through our partnership with independent EU-qualified attorneys. Kriv delivers the assessment methodology, technical gap analysis, and documentation artifacts; customers retain their own counsel for binding legal advice and regulatory submissions. This listing does not constitute legal advice.

AWS infrastructure cost disclaimer

This listing covers Kriv AI professional services only. AWS compute, storage, Bedrock inference, logging, and any other AWS service consumption incurred during or after the assessment are billed separately by AWS at standard rates and are the sole responsibility of the customer. Kriv AI is an AWS Select Tier Services Partner and a member of the Anthropic Claude Partner Network (approved April 2026). No endorsement by AWS or Anthropic is implied.

Get started. Contact info@kriv.ai  or +1 732 433 5564. Most assessments kick off within 2 weeks of contract signature.