Can you support audits, buyer questionnaires, and regulator questions?

Yes. We prepare evidence packs, audit readiness documentation, and help you respond to customer/buyer AI governance questions and procurement questionnaires. Our AI Compliance Ops service includes quarterly reviews and ongoing support.

EU AI Act Readiness

Get EU AI Act-ready without slowing delivery.

Q: How long does AI Act readiness take?

Our AI Act Readiness Sprint typically takes 2 weeks (includes inventory, role clarification, risk classification, gap analysis, and evidence planning). Full implementation takes 6–10 weeks depending on scope.

Q: Do we need ISO/IEC 42001 as well?

Not required for AI Act compliance, but ISO/IEC 42001 can operationalise your governance and evidence for AI Act readiness. Many organisations use it as a best-practice framework to support their AI governance.

Q: What if we use third-party models or GPAI?

Great question. The EU AI Act distinguishes between providers and deployers, and GPAI (general-purpose AI) systems have specific obligations. We help you map your systems, clarify roles, understand supplier/procurement controls, and document your risk management.

Inventory your AI systems, clarify provider/deployer roles, classify risk tiers (including high-risk screening), and establish governance, documentation, and evidence. We use ISO/IEC 42001 as a best-practice framework where it accelerates maturity.

Get Started Now Book a 30-min Call

EU AI Act Compliant

Risk-Tiered Classification

Evidence-Ready From Day One

Get Started

From inventory to audit-ready evidence in weeks.

AI System Inventory Map systems, ownership, and use cases.

Risk Classification Clarify roles, tier risks, identify high-risk systems.

Governance & Evidence Establish controls, documentation, and audit trails.

Background Cybersecurity, Risk & Governance

Deliverables Risk registers, evidence packs, management review packs

Clients include SaaS, regulated environments, enterprise procurement

Who we help

Product & Engineering Getting your AI systems inventory-ready and classified for risk tier without governance slowing deployment

Risk & Compliance Responsible for AI Act compliance and need a practical framework for governance and evidence

Procurement & Legal Facing AI governance questions from customers or suppliers and need documented evidence

Three ways we get you AI Act-ready

Choose your starting point. Each offer is designed to move quickly and build evidence from day one.

Start Here

AI Act Readiness Sprint

2 weeks (typical)

Included:

AI system inventory + ownership mapping
Provider/deployer role clarification
Risk-tier classification workshop (incl. high-risk screening)
Gap analysis + prioritised roadmap
Evidence plan + quick-win templates

Book a Readiness Call

Implementation

AI Act Compliance Build

6–10 weeks (typical)

Included:

AI risk management process + registers
Technical documentation pack + templates
Human oversight + transparency patterns
Supplier/GPAI controls + procurement pack
Monitoring + incident workflow design

Discuss Implementation

Ongoing

AI Compliance Ops

Monthly retainer

Included:

Change control + release governance
Quarterly reviews + KPI reporting
Evidence upkeep + audit trail support
Policy refresh + staff enablement
Customer/procurement questionnaire support

Talk About Retainers

Why Narrate Compliance?

Clean documentation is only half the job. We focus on ownership, operating rhythm, and evidence that stands up to scrutiny.

Board-Ready

Clear Reporting

Simple governance reporting your stakeholders can actually use. Risks, controls, actions, and proof — with zero noise.

Pragmatic

Minimal Disruption

We reuse what you already have (like ISO 27001 frameworks) to avoid parallel systems and build something that fits your reality.

Audit-Ready

Evidence-First

Templates and evidence capture mechanisms are built in from day one, not bolted on at the end in a panic.

Need ISO/IEC 42001 certification too?

ISO/IEC 42001 can operationalise your AI governance and provide a structured framework for evidence and controls. We can help with that.

Gap Assessment

Current-state review mapped to ISO/IEC 42001.

Outcome

Prioritised roadmap + evidence plan + executive summary.

AIMS Design & Build

Governance model, risk framework, and operational documentation.

Outcome

Policy set + risk method + registers + governance model + training.

Audit Readiness

Internal audit support and certification preparation.

Outcome

Evidence review + corrective actions + management review pack + audit week prep.

View ISO 42001 Services

Frequently Asked Questions

How long does AI Act readiness take? Typical: 2–10 weeks

Do we need ISO/IEC 42001 as well? Not required, but helpful

What if we use third-party models or GPAI? We handle it

Can you support audits and buyer questionnaires? Yes

Quick Start

Ready to start?

Send us a brief outline of your AI systems and goals.

Use Enquiry Form

Speed things up: Our Narrate Platform can accelerate evidence mapping, audit trails, task tracking, and documentation management.

Start Your Enquiry

Send us your details and we will return with a recommended path, timeline, and quote.

Help us give you the right fit:

What AI systems/use cases are in scope?
Your role (provider/deployer) + markets
Any likely high-risk systems (if known)
Timeline + key stakeholders
Existing governance/ISO programmes (if any)

Full Name

Work Email

Company

Interested In

How can we help?

Book a 30-minute Call

What you'll get from the call:

Recommended route (Gap / Build / Audit readiness)
Timeline estimate for your situation
Indicative effort + next steps

We typically reply within 24 hours.