EU AI Act compliance

Sell AI into Europe without betting your company on a €35M fine.

The EU AI Act reaches far beyond Europe. If your product uses AI and its output touches an EU user, you are in scope — even from Mexico, the US or anywhere in Latin America. Numoru gets you compliant before the August 2026 deadline, with documentation your legal team and your EU customers will actually accept.

Why this can't wait

€35M / 7%

Maximum fine

Up to €35M or 7% of global annual turnover for prohibited AI practices — whichever is higher.

Aug 2026

High-risk deadline

Core obligations for high-risk AI systems apply from August 2, 2026. Conformity work takes months, not weeks.

Extraterritorial

It applies to you

The Act binds providers and deployers outside the EU when the system's output is used in the Union. A Mexican or US HQ is no shield.

Who needs this now

If any of these describe you, the AI Act is already your problem:

  • You export software, SaaS or AI-enabled products to customers in the EU.
  • Your models or agents produce outputs used by people in Europe.
  • An EU client is asking for AI Act documentation or conformity evidence before they'll sign.
  • You build AI for a high-risk domain — hiring, credit, healthcare, biometrics, critical infrastructure or education.
  • You use general-purpose AI models (GPAI) and must meet transparency and copyright obligations.

What we deliver

01

AI Act gap assessment

We inventory your AI systems, classify each by risk tier (prohibited, high-risk, limited, minimal) and hand you a prioritized remediation roadmap with real deadlines.

02

Risk classification & scoping

Analysis of where each system falls, whether you act as provider or deployer, and exactly which obligations bind you — no vague "it depends".

03

Technical documentation & conformity

Annex IV technical file, risk-management system, data-governance records and the evidence pack an EU customer or notified body will ask for.

04

Traceability, logging & evals

Versioned prompts, event logging, model cards and continuous evals — the audit trail the Act requires, wired into your CI/CD, not a PDF that rots.

05

Human oversight & impact assessment

Human-in-the-loop controls and a Fundamental Rights Impact Assessment (FRIA) for high-risk deployments.

06

GPAI & transparency compliance

Transparency notices, AI-generated-content disclosure and training-data / copyright documentation for general-purpose model use.

How the engagement runs

01

Assess

1–2 week audit of your AI systems and data flows. You get a risk map and a fixed-scope remediation plan.

02

Remediate

We implement the missing controls — documentation, logging, oversight, governance — alongside your team.

03

Conform

We assemble the technical file and evidence pack and prep you for customer due diligence or a notified-body review.

04

Monitor

Post-market monitoring, an incident-reporting workflow and eval dashboards so you stay compliant as the system and the law evolve.

Frequently asked questions

Does the EU AI Act apply to a company based in Mexico or the US?+

Yes, if you place an AI system on the EU market or the system's output is used in the EU. The Act is explicitly extraterritorial — your headquarters location does not exempt you.

What deadline should I worry about?+

Prohibited practices have been banned since February 2025 and GPAI obligations began in August 2025. The one most exporters must plan for is August 2, 2026, when high-risk system obligations apply. Because conformity work takes months, starting now is not early.

How large are the fines?+

Up to €35M or 7% of global annual turnover for prohibited practices, up to €15M or 3% for most other breaches, and up to €7.5M or 1% for supplying incorrect information — whichever is higher in each case.

Is my AI system "high-risk"?+

It depends on the use case, not the technology. Systems used in hiring, credit scoring, education, healthcare, biometrics, critical infrastructure and law enforcement are typically high-risk. Our gap assessment classifies each of your systems precisely.

My EU customer is asking for AI Act documentation to close the deal. Can you help fast?+

Yes — this is our most common engagement. We can produce the risk classification and a customer-ready documentation pack quickly, and start deeper remediation in parallel.

Do you only do paperwork, or do you fix the systems too?+

Both. We are engineers first. We implement the technical controls the Act requires — logging, evals, human oversight, data governance — not just write policy documents.

Free resource

The EU AI Act Compliance Checklist

  • 50+ checkpoints across scope, risk tiers and deadlines
  • The prohibited practices you must remove now
  • The exact documentation EU customers will ask for
  • Built for exporters in Mexico, the US and Latin America

No spam. Unsubscribe anytime.

Turn AI Act risk into a sales advantage.

The companies that get compliant first won't just avoid fines — they'll win the EU deals their competitors can't. Book a compliance review and we'll tell you exactly where you stand.