Lesson 5 of 6·10 min read

Implementation Roadmap for Companies

The EU AI Act is complex — but with a structured 7-step plan, you can systematically implement the requirements. This roadmap is applicable to companies of all sizes.

The 7-Step Plan

Step 1: Create an AI Inventory (Immediately)

Goal: Complete overview of all AI systems in the company

Record for each system:

  • Name and provider
  • Purpose and department
  • Type of data processed
  • Your company's role (provider or deployer?)
  • Current documentation status

Tool: A simple spreadsheet is sufficient to start — no expensive tool needed.

Step 2: Perform Risk Classification (Month 1–2)

Goal: Assign each AI system to a risk level

Check for each system:

  • Does it fall under a prohibited use case?
  • Is it listed in Annex III of the AI Act (High Risk)?
  • Does it directly interact with users (Limited Risk)?
  • None of the above (Minimal Risk)?

Step 3: Define Responsibilities (Month 1–2)

Goal: Clear accountability for AI compliance

RoleResponsibility
AI Compliance OfficerOverall responsibility, contact for authorities
Department HeadsCompliance of AI systems in their area
IT/EngineeringTechnical implementation (logging, documentation, security)
Data Protection OfficerCoordination GDPR ↔ AI Act
Legal DepartmentContractual aspects, liability questions

Step 4: Conduct Gap Analysis (Month 2–3)

Goal: Where are you today vs. where do you need to be?

For each High-Risk system check:

  • ☐ Risk management system in place?
  • ☐ Data governance documented?
  • ☐ Technical documentation created?
  • ☐ Logging implemented?
  • ☐ Human oversight ensured?
  • ☐ Accuracy metrics defined and measured?

Step 5: Prioritize and Implement Measures (Month 3–6)

Goal: Systematically close gaps

Prioritize by:

  1. Compliance risk: What carries the highest penalties?
  2. Feasibility: What can be done quickly?
  3. Business impact: What affects the most users?

Step 6: Conduct Training (Month 4–6)

Goal: Sensitize all relevant employees

  • Executives: AI Act overview, strategic implications
  • Product teams: Technical requirements, documentation obligations
  • HR/Recruiting: Specific obligations for AI in human resources
  • Customer service: Transparency obligations for chatbot deployment

Step 7: Continuous Monitoring (Ongoing)

Goal: Ensure compliance permanently

  • Quarterly reviews of AI systems
  • Update documentation on changes
  • Monitor new implementing acts and guidelines
  • Annual audit by internal or external auditors

Practical Tip: Start small, but start now. Companies that begin in July 2026 won't make the deadline. Use the time.

Previous lessonNext lesson