AI Compliance
GDPR was just the beginning. The EU AI Act comes into force on 2 August 2026 — with fines of up to 35 million euros. agenticonsult helps you become compliant before the deadline.
2 August 2026
EU AI Act compliance deadline
High-risk AI must be compliant by August 2026
From 2 August 2026, the high-risk obligations of the EU AI Act come into force. Fines: up to EUR 35 million or 7% of global annual turnover. The European Commission does not expect any extension for core obligations.
What companies are facing
The EU AI Act does not regulate all AI systems equally. Depending on the risk class, different obligations apply — from transparency requirements to a full conformity assessment.
High-risk AI under the EU AI Act
AI systems deployed in critical areas — personnel decisions, credit granting, law enforcement, critical infrastructure — are classified as high-risk and subject to strict obligations.
GDPR + AI Act: Dual obligation
AI systems that process personal data trigger both GDPR and AI Act requirements. Both frameworks are complementary — one assessment is not enough.
RAG-specific data privacy risks
The European Data Protection Supervisor (EDPS) has specifically assessed RAG systems and identified: unintentional disclosure of personal data, prompt injection attacks, data accuracy issues, and cross-border data transfers as primary risks.
The security and compliance framework
Technical compliance is not a single measure — it is an architecture. The following building blocks together form a defensible, compliant AI system.
Chunk-level permissions
Fine-grained access controls at the level of individual data chunks — not just at the document level.
PII detection & masking
Automatic detection and masking of personal data in all processing steps.
Prompt injection protection
System-level protection against manipulation attempts aimed at causing the model to share data without authorization.
Data sovereignty & locality
Processing of sensitive data on EU infrastructure or on-premises — no data transfer to third countries.
Audit trails & proof of compliance
Complete logging of all AI decisions and data accesses. Verifiably compliant — for regulators and internal audits.
End-to-end encryption
Encryption of all data at rest and in transit.
Compliance services
agenticonsult helps you bring your AI systems into compliance before August 2026 — with clear deliverables and no vendor lock-in.
AI Act Readiness Assessment
agenticonsult assesses whether your AI systems fall under the EU AI Act, which risk class they belong to, and what specific obligations must be met by August 2026.
GDPR-compliant AI architecture
Design of privacy-compliant AI systems according to privacy-by-design principles.
Compliance implementation support
Support during implementation: setting up secure access controls, PII detection, encrypted data pipelines, and audit systems.
Your path to compliance
Inventory
Which AI systems are in use or planned? What data is being processed? agenticonsult creates a complete system overview as the basis for the compliance assessment.
Risk classification
Classification of your AI systems under the EU AI Act and GDPR. Identification of all applicable obligations, deadlines, and documentation requirements.
Architecture adjustment
Recommendations and frameworks for privacy-compliant system modifications — privacy by design from the start rather than costly retrofitting.
Documentation & proof
Building the necessary documentation structure for regulators: DPIA, FRIA, risk register, and audit logs.
August 2026 is approaching — act now
An AI Act readiness assessment quickly reveals where you stand and precisely what needs to be done. No unnecessary effort — only what is genuinely required.