Practice I — Corporate Strategy & Legal Architecture
Risk tiering and governance frameworks for high-risk and limited-risk AI systems under EU Regulation 2024/1689.
Provider, deployer, and importer obligation mapping. Internal governance scaffolding. Foundation-model and general-purpose AI compliance posture.
01
The AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 and applies on a phased schedule through 2 August 2027. The regulation classifies AI systems by risk tier and imposes obligations on providers, deployers, importers, and distributors that scale with that classification. The text is operational. It is not prospective.
AI Governance translates this regulatory landscape into a defensible operating posture. The output is structural: a documented risk-tier classification for each in-scope AI system, an obligation matrix mapped to the responsible parties, conformity-assessment scaffolding where required, and an audit trail sufficient for regulatory inspection. The mandate is not advisory. It is architecture.
02
The mandate components delivered under this engagement.
01
Inventory of in-scope AI systems with risk-tier classification under the AI Act framework.
02
Internal conformity-assessment design for high-risk AI systems requiring third-party or self-declaration procedures.
03
Internal governance framework, board-level reporting, and decision rights for AI deployment within the organisation.
03
The mandate is delivered through a four-stage cycle: assessment (4–6 weeks), architecture (6–10 weeks), deployment (8–12 weeks), and ongoing retainer. Each stage produces written deliverables intended to survive both internal audit and external inquiry.
Engagements are conducted under bilateral confidentiality. The Managing Partner retains direct relationship with the General Counsel or equivalent decision authority throughout. Communications, documents, and technical artefacts are governed by the engagement contract.