HIGH-RISK DEADLINE: 2 AUGUST 2026

EU AI Act compliance in 8 weeks

We map your AI systems against the Act, classify each one, and put the technical and documentation requirements in place. Eight weeks for a focused engagement covering one or two high-risk systems.

EU AI Act risk tiers
Tier
Minimal
~50% of systems
Minimal Limited High risk Prohibited
Articles covered
113
Avg time to comply
8 wks
35M
Maximum fine for non-compliance
6
Phase compliance framework
50+
Businesses made compliant
8 wks
Average engagement time

If your business uses AI for decisions about people, money, or safety in the EU,
the Act probably applies

Obligations apply per system. A single company often has minimal-risk and high-risk systems running in parallel, and the high-risk ones each need their own technical documentation, risk management, oversight controls, and EU database registration. All of which must be in place by August 2026 for high-risk systems.

  • Сredit scoring, HR screening, biometric ID, medical diagnostics, fraud detection, machinery safety controls. All classified high-risk under Annex I or III.
  • Companies based outside the EU whose AI system or its output reaches an EU user. The Act applies to them too.
  • AI tools bought from vendors and never reclassified. Most off-the-shelf HR and credit-decision software has not yet been certified for AI Act use.
  • Fine-tuning a hosted model and deploying it under your name can shift you from deployer to provider, with the full set of provider obligations attached.

Six phases to full AI Act readiness

A structured, systematic approach that takes you from initial AI inventory to ongoing compliance – with full documentation at every step.

AI System Inventory

Map every AI system in your organisation and document its scope, data use, and purpose.

  • Asset discovery workshop
  • System documentation templates
  • Vendor AI assessment
Risk Classification

Classify each AI system into the correct risk tier and determine which obligations apply.

  • Prohibited use screening
  • High-risk categorisation
  • GPAI model identification
Gap Analysis

Identify compliance gaps against each applicable obligation with prioritised remediation plans.

  • Technical requirements audit
  • Governance gap report
  • Remediation roadmap
Controls Implementation

Deploy technical and organisational controls to meet high-risk and transparency obligations.

  • Human oversight mechanisms
  • Logging & monitoring setup
  • Bias & accuracy testing
Ongoing Governance

Embed compliance into your organisation with policies, training, and continuous monitoring.

  • AI governance policies
  • Staff training programmes
  • Quarterly compliance reviews
Documentation & Registration

Prepare technical documentation, conformity assessments, and EU database registration.

  • Technical file preparation
  • Conformity declarations
  • EU AI database filings

From first call to compliance sign-off in four steps compliant

Sphere staffs every engagement with AI engineers and MLOps practitioners alongside governance leads. We deploy the controls in your stack and integrate them with your existing observability, MLOps tooling, and GRC platforms. Because the same team scopes the gaps and closes them, an eight-week engagement is realistic. Typical legal-only advisory engagements run four to six months for the same scope.

Free assessment

30-minute scoping call. We walk your AI estate, identify immediate exposure, and indicate likely engagement size.

Tailored proposal

Custom plan based on your risk profile, system count, and existing controls. Fixed fee for the framework.

Framework delivery

Six-phase engagement with weekly progress reporting and milestone reviews.

Compliance sign-off

Documentation complete, registered, and audit-ready. Optional ongoing governance as a managed service.

Book Your Free EU AI Act Assessment

In 30 minutes, we will map your AI systems against the Act’s risk tiers, identify your exposure, and tell you exactly what needs to happen before August 2026 — at no cost.

Luke Suneja

Client Partner

Loading form

Hear From Our Clients

Sphere Partners
Selah Ben-Haim VP of Engineering at Prominence Advisors

Our experience with Sphere and their team has been and continues to be fantastic. We keep throwing new projects at them, and they keep knocking them out of the park (including the rescue of a project that was previously bungled by another vendor).

Sphere Partners
Ben Crawford Senior Product Manager at Enova Financial

I would expect to be delighted. It’s been a really positive experience, working with Sphere, and I would expect you to have the same.

Sphere Partners
Mark Friedgan CEO at CreditNinja

Sphere consistently prioritizes the needs of their clients, demonstrating both agility and teamwork. They bring innovative and well-considered solutions, consistently surpassing my expectations.

Sphere Partners
René Pfitzner Co-Founder at Experify

Sphere provided excellent full-stack development manpower to augment our team and work with us.

Sphere Partners
Bruce Burdick Chief Information Officer at Integra Credit

We've been working with Sphere and its excellent consultants since our founding. Their combination of offshore talent, pricing, and shift offsetting is hard to beat. They provide crucial augmentation to our in-house team. We simply couldn't achieve our production ambitions without their service.

Sphere Partners
Jemal Swoboda CEO at Dabble

The resources and developers that Sphere Software provides are skilled and have the required technical expertise to complete their tasks successfully, with the team easily scaled in either direction. The deliverables are always high-quality.

Sphere Partners
Arthur Tretyak Founder and CEO at IntegraCredit

With Sphere, we were able to migrate in half the time it would take to train an additional FTE…

Sphere Partners
Lee Ebreo VP of Engineering at Credit Ninja

These things would not have been achievable if we did not build our own in-house system. We augmented our development team capabilities using Sphere’s developer, who works very well with our Dev Lead in Chicago. Sphere’s developer was an expert in the new system, and continues to be an expert as we evolve it.

TOP AI CODE
Generation COMPANY
UNITED STATES 2025

TOP AI TEXT
Generation COMPANY
florida 2025

TOP APP development COMPANY
manufacturing 2025

TOP artificial intelligence COMPANY
united states 2025

TOP chatbot
COMPANY
united states 2025

TOP recommendation systems COMPANY
united states 2025

Common questions before the call.

Honestly, nobody knows yet. The Commission proposed pushing it to December 2027 (the Digital Omnibus), but the trilogue on 28 April ended without agreement, and there’s another round scheduled. Could go either way.

Practically speaking, you should plan against 2 August 2026. If it gets pushed, your work doesn’t go to waste – you just have a longer runway. If it doesn’t get pushed and you’ve been waiting, you’re stuck doing in three months what should have taken eight.

Scope is determined by where your system is used and what it does. If your AI system or its output reaches users in the EU, the Act can apply regardless of where your company is based. We review each system against its actual use: decisions about people, money, safety, or access to services. In the first session, we map your systems, flag likely high-risk use cases, and give you a clear position per system. You leave with a documented scope decision, not a general interpretation.

Yes, if your AI system is placed on the EU market or its output is used in the EU. A US vendor selling to a German employer falls under the Act. So does a non-EU platform whose chatbot reaches EU users.

Fixed fee, scoped to system count and risk profile. The 30-minute assessment gives you an indicative range. Most enterprise engagements price in the same band as a mid-sized advisory project, with the technical implementation included rather than billed separately.

Using a foundation model as a customer does not make you a provider. Fine-tuning it for a specific purpose, rebranding it, or substantially modifying it can. We assess this case-by-case in Phase 2.

We sequence Phase 5 documentation early so an interim audit position is defensible. If a regulator asks for evidence mid-engagement, we hand them the technical documentation, gap analysis, and remediation plan as evidence of active work.

Yes. Risk is assigned per system, not per company. We classify each system based on its function, data, and impact, using Annex I and III as the baseline. That includes checking for prohibited uses, high-risk categories, and general-purpose AI involvement. You get a written classification with justification, tied directly to the obligations that follow. This becomes the foundation for everything else: controls, documentation, and registration.

Legal defines obligations. We translate them into working systems. That includes mapping requirements to your architecture, implementing logging and monitoring, setting up human oversight, running bias and accuracy testing, and producing the technical file. We work with your legal team and align on interpretation, then handle the technical execution and documentation needed for audit and EU database registration. This is where most compliance efforts stall without engineering support.

You get a complete, system-level compliance package for one or two high-risk systems. That includes a full AI inventory, formal risk classification, gap analysis, implemented controls, and a technical file ready for audit. We prepare conformity documentation and support EU database registration. The outcome is not a report. It is a compliant system with documentation, controls, and governance in place, ready for regulator review and internal use.

The EU AI Act compliance checklist

Self-assessment covering Articles 9–15, conformity assessment routes, and EU database registration.

Loading form