IgnitionAI

The European AI Act: what mid-market CTOs must prepare after the Digital Omnibus

Regulation (EU) 2024/1689 on artificial intelligence, amended by the Digital Omnibus of 7 May 2026, imposes binding obligations on companies operating AI systems. Updated deadlines, risk levels, article-by-article obligations, action plan. For CTOs and Heads of Data at French mid-market companies.

Salim Laimeche
Salim Laimeche - Founder, IgnitionAI

⚠️ Correction of 23 May 2026. The initial version of this article stated 2 August 2026 as the application date for the obligations of high-risk Annex III systems. This date was postponed to 2 December 2027 by the Digital Omnibus (political agreement of 7 May 2026 between the European Parliament, the Council of the EU and the Commission). Annex I systems move to 2 August 2028. The watermarking of generated content is postponed to 2 December 2026. This article has been corrected accordingly, in line with our editorial policy "substantial correction" level. See the note at the foot of the article for the detail of the changes.

Transparency note. This article is written in line with IgnitionAI's editorial policy. Every date, amount and regulatory obligation is sourced to the official text on EUR-Lex with its article number. The estimates of duration, cost and effort are tagged IgnitionAI estimate. The Methodology and sources section at the end of the article recaps all the references.

The framework in two sentences

Regulation (EU) 2024/1689 on artificial intelligence, commonly called the AI Act, came into force on 1 August 2024 (EUR-Lex, Regulation 2024/1689, Article 113). Its obligations apply in progressive tiers between February 2025 and August 2027, and concern any European company that develops, deploys or uses an artificial-intelligence system.

This article is aimed at CTOs, Heads of Data and technical leadership at French mid-market companies of 200 to 5,000 employees. It covers the operational compliance of AI systems in production: inventory, risk classification, documentation, governance, an 18-month action plan.

The updated official timeline (Article 113 + Digital Omnibus)

Article 113 of the regulation sets the progressive entry into application of the obligations (EUR-Lex, Article 113). Several key deadlines were amended by the Digital Omnibus, the political agreement reached on 7 May 2026 between the European Parliament, the Council of the EU and the European Commission. These adjustments aim to allow the harmonised technical standards to be finalised before the heaviest obligations apply.

1 August 2024: Entry into force. The regulation is in force across the European Union. The obligations aren't yet enforceable, but the legal framework exists.

2 February 2025: Prohibitions and AI literacy. Chapters I (general provisions) and II (prohibited AI practices) become applicable. AI systems falling into the eight categories prohibited by Article 5 must be withdrawn. The "AI literacy" obligation for employees within the meaning of Article 4 also comes into force.

2 August 2025: General-purpose models, governance, penalties. Chapter V (general-purpose AI models, known as GPAI), Chapter VII (European and national governance), Chapter XII (penalties, except Article 101) and Article 78 (confidentiality) become applicable. The providers of the large foundation models (OpenAI, Anthropic, Mistral, Google, Meta, Cohere) have direct obligations. The national supervisory authorities must be operational.

2 August 2026: Article 50 transparency obligations. Chatbots, generative systems and emotion-recognition or biometric-categorisation systems become subject to transparency obligations: explicit information about the AI nature of the system, identification of generated content.

2 December 2026: Watermarking and new prohibition (Digital Omnibus date). The specific obligations for digital marking (watermarking) of AI-generated content become applicable. The Digital Omnibus also introduced a new prohibited practice on this same date: the generation of non-consensual intimate images and child sexual abuse material.

2 December 2027: High-risk Annex III (Digital Omnibus date). The obligations for AI systems classified as high-risk under Annex III become binding. This date, initially set for 2 August 2026, was postponed to allow the harmonised technical standards to be finalised. This is the critical deadline for most mid-market companies operating AI systems in production in the domains listed in Annex III.

2 August 2028: High-risk Annex I (Digital Omnibus date). Article 6(1) and the corresponding obligations become applicable. This tier concerns AI systems integrated into products already covered by the EU harmonisation legislation listed in Annex I (machinery safety, toys, lifts, medical devices, vehicles, etc.). A date also postponed by the Digital Omnibus.

For a mid-market company whose AI systems aren't integrated into regulated products, the critical compliance horizon is now 2 December 2027 for the Annex III obligations, with an intermediate step on 2 August 2026 for the Article 50 transparency obligations.

The apparent postponement by the Digital Omnibus must not mask the operational urgency. High-risk systems require 12 to 18 months of preparation to reach full compliance (IgnitionAI estimate based on 8 engagements 2024-2025). Companies that wait until the last minute will risk not having the technical and organisational resources needed to meet the deadlines.

The 4 risk levels defined by the regulation

The regulation adopts a risk-based approach. Four levels structure the obligations.

Unacceptable risk: prohibited practices (Article 5)

Article 5 of the regulation lists eight prohibited AI practices in the European Union (EUR-Lex, Article 5). Any placing on the market, putting into service or use of these systems is prohibited without exception, save for very narrow derogations provided by the article itself.

The eight categories prohibited under Article 5(1):

  1. Point (a): Systems using subliminal, manipulative or deceptive techniques with the objective or effect of materially distorting a person's behaviour and causing them significant harm.
  2. Point (b): Systems exploiting the vulnerabilities of a person or group due to their age, a disability or a specific social or economic situation, to distort their behaviour in a harmful way.
  3. Point (c): Social-scoring systems based on social behaviour or personal characteristics, where these scores lead to detrimental treatment in contexts unrelated to the one where the data was generated, or to unjustified treatment relative to the gravity of the behaviour.
  4. Point (d): Systems assessing or predicting the risk that a person commits a criminal offence, based solely on profiling or the assessment of personality traits.
  5. Point (e): Systems creating or expanding facial-recognition databases through the untargeted scraping of images from the internet or CCTV footage.
  6. Point (f): Systems inferring a person's emotions in the workplace and education settings, except for medical or safety reasons.
  7. Point (g): Biometric-categorisation systems inferring race, political opinions, trade-union membership, religious or philosophical beliefs, sex life or sexual orientation.
  8. Point (h): Real-time remote biometric-identification systems in publicly accessible spaces for law-enforcement purposes, save for exhaustively listed exceptions.

For a French mid-market company that doesn't operate in public security or in sectors handling sensitive biometrics, these eight categories are rarely encountered in practice. A quick check during the inventory phase suffices in most cases.

High risk: the main challenge for mid-market companies (Article 6 and Annex III)

Article 6 of the regulation defines two routes for a system to be classified as high-risk.

First route (Article 6(1)), Systems integrated into regulated products. The AI system is a safety component, or it is itself a product, covered by the harmonisation legislation listed in Annex I (machinery safety, toys, medical devices, motor vehicles, lifts, etc.). Applies on 2 August 2028 (Digital Omnibus date, initially 2 August 2027).

Second route (Article 6(2)), Systems listed in Annex III. Annex III enumerates eight domains of use automatically classified as high-risk (EUR-Lex, Annex III). Applies on 2 December 2027 (Digital Omnibus date, initially 2 August 2026).

The eight Annex III domains, in the order of the official text:

  1. Biometrics (remote identification, categorisation, emotion recognition outside prohibited contexts)
  2. Critical infrastructure (management and operation of road traffic, water, gas, heating, electricity, telecommunications, critical digital infrastructure)
  3. Education and vocational training (admission, learner assessment, irregularity detection)
  4. Employment, worker management and access to self-employment (CV screening, targeted job advertising, performance evaluation, task allocation, monitoring)
  5. Access to and enjoyment of essential private and public services (assessment of eligibility for social benefits, credit scoring excluding fraud, health and life insurance pricing)
  6. Law enforcement
  7. Migration, asylum and border control
  8. Administration of justice and democratic processes

For a French mid-market company, domains 3, 4 and 5 are the ones that arise most frequently. A CV pre-screening tool, an application-scoring system, a performance-evaluation assistant, an automated learner-assessment system, an insurance-premium calculator: all are liable to be classified as high-risk depending on their precise use.

Article 6(3) provides a derogation: if the system has no significant impact on decision-making (for example if it performs a limited procedural task, improves the result of a human activity, only detects decision patterns), it can fall outside the high-risk classification. This derogation is documented explicitly; it doesn't apply by default.

Limited risk: transparency obligations (Article 50)

Article 50 imposes transparency obligations for four families of systems (EUR-Lex, Article 50).

  • AI systems that interact directly with natural persons must inform them that they're interacting with an AI, unless the context makes it obvious.
  • AI systems generating or manipulating synthetic audio, image or video content must mark the content in a machine-readable format detectable as artificially generated or manipulated.
  • Emotion-recognition or biometric-categorisation systems must inform the people concerned of how the system works.
  • Systems generating deep fakes must disclose that the content is artificially generated or manipulated.

For a mid-market company, the obligation translates concretely on chatbots (explicit "AI assistant" display from the first message) and on AI-generated marketing or editorial content (labelling).

Minimal risk: no obligation

All AI systems not covered by the three previous levels fall under minimal risk. The regulation imposes no binding obligation for these systems (spam filters, AI in video games, basic recommendations).

The AI-systems inventory of a mid-market company

The first obstacle to compliance is answering a simple question: how many AI systems do you operate?

IgnitionAI estimate: across the governance-scoping engagements we conducted in 2024-2025 (8 engagements, French mid-market companies of 500 to 5,000 employees), the number of AI systems actually in use is typically between 15 and 60, whereas technical leadership's initial perception sits between 2 and 5. The ratio depends on the maturity of the IT and the company's data culture.

Three sources are systematically underestimated in the initial inventory.

The AI features embedded in existing SaaS tools. Salesforce Einstein, Zendesk AI, Notion AI, GitHub Copilot, Microsoft Copilot, Google Workspace Duet, Atlassian Intelligence, Slack AI. Each vendor integrates AI features enabled by default. Most fall under limited risk (chatbot transparency) or minimal, but some can tip into high-risk depending on how your teams use them. An HR response-drafting tool that suggests to a manager whether to accept or reject an application can fall under Annex III point 4 (worker management).

AI projects not catalogued by IT. Marketing teams using an OpenAI API to generate descriptions, HR teams testing a CV pre-screening tool, developers who set up an internal chatbot, finance teams automating analyses. None of these projects appear in the official IT, but each handles data and produces decisions.

Models integrated into purchased products. Credit-scoring software, cybersecurity tools, modern ERP systems integrate AI models you aren't aware of. The provider has distinct obligations under Article 25 of the regulation (providers of high-risk AI systems), but as a user (deployer within the meaning of Article 26), you have your own obligations.

The deliverable of this phase is a registry, as a spreadsheet or Notion database, that catalogues for each AI system:

  • System name and business function
  • Business owner and technical owner
  • Source: in-house development, SaaS API, integrated into a product
  • Data processed and its internal classification level
  • Decisions or recommendations produced
  • Presumed AI Act risk level (with written justification)
  • Date put into service
  • Usage volume

IgnitionAI estimate: the inventory phase takes between 4 and 8 weeks for a mid-market company depending on its size and the number of business departments concerned. The limiting factor is the availability of the business contacts for interviews; the documentation-consolidation phase goes faster.

The 7 obligations for high-risk systems

Chapter III of the regulation details the obligations applicable to high-risk AI systems. For users (deployers), they concentrate in Articles 8 to 17. For providers (which you potentially are when you develop your own systems), they additionally cover Articles 16 to 27.

1. Risk management system (Article 9)

Article 9 mandates a continuous risk-management system across the entire lifecycle of the AI system. The system works as a living process: risk identification, estimation and evaluation, mitigation measures, tests, adjustments. An annual review at minimum, plus on every substantial modification of the system.

Typical deliverable: a structured risk-management document, updated annually or on every substantial modification of the system.

2. Data governance (Article 10)

Article 10 requires that the data used for training, validating and testing high-risk AI systems meet criteria of quality, representativeness and absence of detrimental bias. You must document the data's provenance, its statistical characteristics, the identified biases and the mitigation measures.

For systems using pre-trained models (most mid-market deployments), this obligation translates into: documentation of the enrichment data (fine-tuning, RAG, prompts), bias tests on the outputs, regular quality audits.

3. Technical documentation (Article 11 and Annex IV)

Article 11 mandates detailed technical documentation. Annex IV lists the mandatory elements: general description of the system, detailed technical elements, data management, performance, risk management, modifications, cybersecurity measures.

IgnitionAI estimate: for a classic enterprise RAG system, the Annex IV–compliant technical file is between 40 and 80 pages. Writing it represents 3 to 6 weeks of work by a dedicated technical lead, based on templates we developed for 4 engagements in 2024-2025.

4. Record-keeping (Article 12)

Article 12 mandates automatic logging of events relating to the operation of the AI system. The logs must enable after-the-fact traceability and retention is mandated for a period appropriate to the system's purpose, of at least six months unless otherwise provided by applicable Union or national law (notably the GDPR).

Concretely for an internal chatbot: who asked what question, when, with which documents in context, under which model version, with which answer. For a scoring system: which input variables, what score produced, what decision recommended, what decision finally taken by the human operator.

5. Transparency and information for deployers (Article 13)

Article 13 obliges providers to give deployers clear, complete and accessible instructions for use, containing the elements listed in paragraph 3. This obligation falls on the system's provider. As a deployer, you must require these instructions before use.

6. Human oversight (Article 14)

Article 14 mandates that high-risk systems be designed to be effectively overseen by natural persons. Oversight must allow the prevention or minimisation of risks to health, safety or fundamental rights.

The person in charge of oversight must be able to understand the system's capabilities and limits, stay aware of automation bias, correctly interpret the outputs, and decide not to use the system or to override its recommendation.

Effective human oversight implies training, decision authority against the machine, and documentation of intervention cases.

7. Accuracy, robustness and cybersecurity (Article 15)

Article 15 mandates that systems achieve an appropriate level of accuracy, robustness and cybersecurity. The relevant levels and metrics must be declared in the instructions for use.

You must measure the system's performance in real conditions, document its performance per relevant sub-population, and put in place attack-detection mechanisms (prompt injection, data extraction, input-perturbation attacks).

The obligations specific to using GPAI models

Chapter V (Articles 51 to 56) imposes obligations on providers of general-purpose AI models (GPAI): OpenAI, Anthropic, Mistral, Google, Meta, Cohere and others. These obligations have applied since 2 August 2025.

As a user of a GPAI API, you don't directly inherit these obligations. But you remain responsible for the overall AI system you build on these foundations, under Articles 25 (if you're considered a downstream provider) or 26 (deployer).

Two practical consequences for your contracts.

On the one hand, you're entitled to require from the GPAI provider the documentary elements needed for your own compliance: model characteristics, known limits, training data summarised within the meaning of Article 53(1)(d).

On the other hand, you must document in your own technical file how you use the GPAI model, what mitigations you've put in place for its limits, and how you manage the silent changes (rolling updates) the provider can push without notice.

Penalties and authorities (Articles 99 and 70)

Financial penalties (Article 99)

Article 99 provides for a three-tier penalty regime (EUR-Lex, Article 99).

  • Non-compliance with Article 5 (prohibited practices): up to €35 million or, for companies, up to 7% of total worldwide annual turnover of the previous financial year, whichever is higher.
  • Non-compliance with other obligations (Articles 16, 22, 23, 24, 26, 31, 33, 34, 50 notably): up to €15 million or 3% of worldwide annual turnover.
  • Supplying incorrect, incomplete or misleading information to the authorities: up to €7.5 million or 1% of worldwide annual turnover.

For SMEs and start-ups, Article 99(6) provides that the penalties apply at the lower amount between the fixed sum and the percentage.

Competent authorities (Article 70)

Article 70 of the regulation requires each Member State to designate or establish at least one notifying authority and at least one market-surveillance authority.

IgnitionAI note on the French situation: at the date of this publication (May 2026), the official designation of the French national authorities competent for the AI Act was the subject of a legislative and regulatory process. The CNIL has published positions and guidance and positions itself on the data-protection dimension. ANSSI covers cybersecurity. The reader is invited to check the current state of the designation with the French government and the European AI Office before any contractual or declaratory commitment. See the CNIL's communications on AI for the French follow-up.

At the European level, the AI Office within the Commission is responsible for the surveillance of general-purpose AI models with systemic risk.

An 18-month action plan for a mid-market CTO

The following timeline assumes a start today and targets compliance with the Annex III obligations applicable on 2 December 2027 (Digital Omnibus date).

IgnitionAI estimate: this timeline and the effort estimates are based on 6 audit or partial-compliance engagements we ran in 2024-2025. The durations and budgets can vary by ±30% depending on initial maturity and the complexity of the application landscape.

Months 1 to 3: Full inventory

Interviews with each business department, audit of the SaaS tools in place, identification of uncatalogued AI projects, listing of models integrated into purchased products. Deliverable: an AI-systems registry with preliminary classification against Article 5, Annex III and Article 50.

Months 3 to 6: In-depth classification and prioritisation

Confirmation of the risk level for each system, identification of those that tip into high-risk. Strategic decisions per system: keep, rebuild, or withdraw. Deliverable: a risk matrix and a prioritised compliance plan.

Months 6 to 9: Technical documentation and data governance

Writing the Annex IV–compliant technical files for the high-risk systems, putting in place the data-governance procedures under Article 10, bias audit on the outputs. Deliverable: technical files and documented procedures.

Months 9 to 12: Logging and human oversight

Defining the oversight mechanisms under Article 14, training the operators, putting in place the logging infrastructure compliant with Article 12. Deliverable: oversight procedures and technical infrastructure.

Months 12 to 15: Internal audit and adjustments

A compliance review by a third party or your internal audit, identification of gaps, a correction plan. Deliverable: an audit report and an action plan.

Months 15 to 18: Final compliance

Final update of supplier contracts, communication to stakeholders, final alignment of procedures. Deliverable: a system ready for the application date of 2 December 2027 (Annex III, Digital Omnibus date).

IgnitionAI estimate: this timeline assumes the mobilisation of one full-time-equivalent lead for 18 months, with a complementary budget that typically falls in a range of €80,000 to €250,000 for a mid-market company with 3 to 8 systems to classify as high-risk. The ranges vary strongly depending on the technical complexity, the state of the existing documentation, and the chosen level of outsourcing.

The wait-and-see trap

The most frequent argument against immediate compliance is: "Let's wait for the texts to firm up and the official guidance to come out."

That's a risky stance for three documented reasons.

The official guidance is already published. The European AI Office and the Commission regularly publish implementing acts, delegated acts and guidelines. The CNIL has published several guidance documents since 2023 on AI systems in relation to the GDPR. The bulk of the rules applicable to mid-market companies is already known and stable.

The learning curve is longer than expected. IgnitionAI estimate: in our engagements, the full inventory takes 4 to 8 weeks. The first Annex IV–compliant technical file takes 3 to 6 weeks to write properly. A mid-market company that starts 18 months before the deadline has margin. A company that starts 6 months before the deadline does compliance in a rush at a significantly higher cost and degraded quality.

The authorities are organising. The European AI Office became operational in 2024. The national authorities are being set up over the course of 2025. The first targeted checks on prohibited practices (Article 5) could have started as early as February 2025. IgnitionAI note: we project that the first substantial checks on high-risk systems could start in the second half of 2026, once the obligations apply; this projection isn't an official announcement from an authority and remains to be verified with national sources.

Conclusion

The European AI regulation is a directly applicable, dated text, with articulated obligations and quantified penalties. The compliance window for the Annex III obligations closes on the horizon of 2 December 2027 (Digital Omnibus date for Annex III systems).

Three structuring actions to launch in the next 90 days, regardless of your current AI maturity.

First, launch the exhaustive inventory of the AI systems in use in the company, including embedded SaaS features, uncatalogued projects and the tools integrated into your purchased software. No compliance decision can be made without this database.

Then, designate an explicit AI lead and set up a governance committee bringing together the DPO, the CISO and technical leadership. This trio must meet at least once a month until the end of the process.

Finally, identify the systems potentially classified as high-risk under the eight Annex III categories and start their technical documentation without waiting. These are the six to nine longest and most structuring months of work in the compliance project.

The AI Act is a framework that secures deployments and creates a measurable competitive gap between companies that operate AI with governance and those that do so without control.

Methodology and sources

Primary regulatory sources (accessed 23 May 2026)

  • Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144, and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828. Official consolidated version on EUR-Lex.
    • Article 4: AI literacy
    • Article 5: prohibited AI practices (8 categories in paragraph 1)
    • Article 6: classification rules for high-risk systems
    • Article 9: risk-management system
    • Article 10: data and data governance
    • Article 11 + Annex IV: technical documentation
    • Article 12: record-keeping
    • Article 13: transparency and information for deployers
    • Article 14: human oversight
    • Article 15: accuracy, robustness and cybersecurity
    • Article 25: providers and other parties along the value chain
    • Article 26: obligations of deployers
    • Article 50: transparency obligations for certain systems (limited risk)
    • Article 70: competent national authorities
    • Articles 51 to 56: general-purpose AI models
    • Article 99: administrative penalties
    • Article 113: entry into force and application date
    • Annex I: Union harmonisation legislation
    • Annex III: high-risk systems (8 domains)
    • Annex IV: technical documentation

French institutional sources

European AI Office

  • European AI Office, surveillance of GPAI models with systemic risk, publication of implementing acts

IgnitionAI estimates

The ranges of duration, effort and cost cited are estimates based on 8 AI design, audit or compliance engagements run in 2024-2025 at French mid-market companies (industry, public sector, insurance, private healthcare). A limited sample. The orders of magnitude can vary by ±30% depending on the organisation's precise context. A specific scoping is needed to price a real initiative.

Limitations and invitations to verify

  • The official designation of the French national authorities competent for the AI Act was the subject of a regulatory process at the date of this publication. The reader is invited to check the current state with the French government before any commitment.
  • The projection on the timeline of the first substantial checks ("second half of 2026") is an IgnitionAI estimate and not an official announcement from an authority.
  • The official guidance evolves. A monthly check of the publications of the European AI Office and the CNIL is recommended during the compliance phase.

Correction policy

If you identify a factual error, a source that has become outdated or a recent regulatory change, report it to contact@ignitionai.fr. IgnitionAI's editorial policy provides for a correction within 5 business days and, in case of a substantial error, a correction note visible at the top of the article.

Last source review

23 May 2026. This article is part of our January annual review.

Correction history

23 May 2026: Substantial correction. Update of the application dates following the Digital Omnibus (political agreement of 7 May 2026 between the European Parliament, the Council of the EU and the Commission). Main changes:

  • Annex III (high-risk systems excluding products): 2 August 2026 → 2 December 2027
  • Annex I (systems integrated into regulated products): 2 August 2027 → 2 August 2028
  • Watermarking of generated content: addition of the date 2 December 2026
  • Addition of a new prohibition introduced by the Digital Omnibus: non-consensual intimate images and child sexual abuse material (applicable December 2026)

Procedure applied in line with the editorial policy, "substantial correction" level. The title, the summary, the official timeline, the Article 6 section and the 18-month action plan have been updated. The underlying EUR-Lex references point to the consolidated version of the regulation, which will reflect the changes upon their official publication.

This article is part of our approach to AI governance at IgnitionAI. For an AI Act compliance audit, an inventory scoping or setting up your governance committee, tell us about your project. Our page dedicated to AI governance details our operational approach. See also our article on access control in an enterprise RAG, which covers the technical dimension of the topic.

Read next

Architecture·25 May 2026

Enterprise RAG in production: 5 critical decisions your first POCs hide from you

The laptop RAG POC holds up in a day. The same system deployed for 500 users over 100,000 documents cracks in three weeks. Five structuring decisions (ingestion, chunking, search, observability, access control) determine whether your RAG will clear that bar. A decision grid for CTOs and Heads of Data at mid-market companies.

Salim Laimeche
Salim Laimeche
Governance·24 May 2026

Multi-agent architecture in production: three authorization-error patterns observed on engagements

Multi-agent systems fail at the composition layer between agents: an orchestrator with no access control, a sensitive-data sub-agent in a generic pool, loss of user context in the delegation chain. A breakdown of the three recurring error patterns and a mapping to the OWASP LLM06 Excessive Agency framework. For AI architects, lead engineers and CTOs at mid-market companies deploying multi-agent systems.

Salim Laimeche
Salim Laimeche
Governance·24 May 2026

Microsoft 365 Copilot in the enterprise: the governance audit nobody does

Microsoft 365 Copilot reveals the oversharing accumulated in your tenant and makes it actionable at organisation scale within weeks. Why the prior Microsoft Purview audit changes everything, and how to run it. For CTOs, DPOs and CISOs at French mid-market companies deploying or having deployed Copilot.

Salim Laimeche
Salim Laimeche
Contact

Tell us about your AI project

A first 30-minute call with a senior consultant. You leave with a documented opinion on feasibility, scope and order-of-magnitude costs. If we believe the project is not ready, we put that in writing.

Book a call ->Explore our expertise ->

Reply within 24 business hours from a named consultant.

The European AI Act: what mid-market CTOs must prepare after the Digital Omnibus — IgnitionAI