AI Regulatory Readiness

Compliance, legal, risk and strategy leaders preparing for new AI rules.

Map the AI rules coming at your firm and build a practical plan to be ready before they bite.

The regulatory wave is concrete, not hypothetical: the EU AI Act sets binding obligations on higher-risk AI systems with staged deadlines, financial regulators are formalising AI risk-management expectations for the firms they supervise, and model-risk and AML supervision already reach AI today. Firms that wait until a rule is in force will be doing the inventory and gap work under time pressure rather than ahead of it.

• Map which AI rules actually apply to your firm's AI use across the markets you operate in
• Read across different regimes without drowning in legal detail
• Gap-check your current AI use against new expectations and see where you fall short
• Build an AI inventory and risk-tier each system, the foundation most new rules assume
• Turn all of it into a prioritised readiness roadmap with named owners and real dates
• Leave with a readiness plan tailored to your business and markets

1. The AI rules landscape: what's here, what's coming, what matters to you

   • What's already in force versus what's on the way
   • The EU AI Act and its risk-based tiers and staged deadlines, in plain terms
   • How model-risk and AML supervision already reach AI today
   • Sorting the rules that genuinely apply to your firm from the rest
   • Why waiting until a rule bites means doing the work under pressure

2. Reading across regimes without drowning in legal detail

   • Common themes that run through most AI regimes: inventory, risk-tiering, oversight, documentation
   • Comparing obligations across regimes without re-reading every law
   • Spotting where one set of controls satisfies several rules at once
   • Translating legal text into things your team can actually do
   • Keeping track of change without a full-time legal habit

3. Gap-checking your current AI use against new expectations

   • A method to compare what you do now against what the rules expect
   • Finding the gaps in governance, documentation and oversight
   • Prioritising gaps by risk and by regulatory deadline
   • Distinguishing quick fixes from larger programmes of work
   • Capturing the gap analysis in a form leadership can act on

4. Building an AI inventory and risk-tiering your systems

   • Discovering all the AI in use, including tools no one formally logged
   • Recording what each system does and who it affects
   • Risk-tiering systems the way new rules expect (for example, high-risk categories)
   • Why the inventory is the foundation most regulations assume you have
   • Keeping the inventory current as AI use grows

5. A practical readiness roadmap with owners and dates

   • Turning gaps into a sequenced roadmap, not a list of worries
   • Assigning named owners and realistic dates to each action
   • Sequencing work against staged regulatory deadlines
   • Building in checkpoints and reporting to leadership
   • Making the roadmap something the firm will actually follow

6. A readiness plan tailored to your business

   • Shaping the plan around your firm's AI footprint and markets
   • Accounting for the specific regimes you fall under
   • Connecting the plan to existing governance and risk processes
   • Setting how progress will be tracked and reviewed
   • Leaving with a plan ready to take to leadership and the board