When your AI makes decisions, who owns them?
ISO/IEC 42001 and the EU AI Act create binding rules for using artificial intelligence in your organisation. We support you in building a workable AI Management System — from executive briefing to maturity analysis to governance design and anchoring with leaders and employees.
Request AIMS advisory→Four risk classes, and what they mean for you.
Prohibited
These systems cannot be deployed within the AI Act's scope.
Strict obligations
Conformity assessment, documentation, risk management, human oversight — the largest advisory need sits here.
Transparency duty
Users must be able to recognise that they are interacting with AI or seeing AI-generated content.
Free to use
No specific obligations under the AI Act. Best practice still recommended.
Four reasons to engage seriously with AIMS.
Binding regulation
The EU AI Act and ISO/IEC 42001 define duties for organisations that develop or use AI. The era of unregulated experimentation is over.
Clear liability and ownership
Who carries the consequences when AI delivers wrong, business-damaging, or discriminatory results? Without an AIMS, that question stays open in the moment of truth.
Consistent guidance for teams
Employees need clear do's and don'ts. Without binding guidelines, organisations swing between "everything goes" and "nothing is allowed" — both are problematic.
Strategic position in the market
Customers, partners, and investors increasingly ask for AIMS evidence. Clean governance moves from compliance topic to competitive factor.
Three steps to a workable AIMS.
Executive briefing
What leadership needs to know about legal requirements, liability questions, and governance elements. Clear employee guidelines that make AI controllable, secure, and strategically usable.
Maturity analysis
Where your organisation stands in AI use, which use cases are relevant, which risks and regulatory requirements apply. A solid foundation for the further strategy.
AI governance design
AI governance tailored to your organisation: roles, processes, guidelines, policies, do's and don'ts. A durable steerable frame instead of patchwork rules.
The path to AIMS maturity.
Not all six stations need to be walked. Some organisations start with executive briefing and governance design; others have governance defined and step into Phase 2. The chain builds on itself, the entry point stays flexible.
Phase 2 is detailed as modules under Quality Education.
What we work with.
ISO 42001 gap assessment
Structured comparison: where you stand and what is still missing for the AIMS.
AI risk register
Use-case inventory with risk classification per AI Act.
Governance policy framework
Template set for guidelines, policies, and procedural instructions.
Do's & Don'ts catalogue
Employee-friendly guidelines that actually land in everyday work.
Roles & RACI matrix
Who decides, who owns at AI-relevant gates.
AIMS roadmap template
Phase plan for the rollout, adaptable to maturity and pace.
What we are often asked.
Do we need an AIMS now, or is it enough once the regulation is fully in force?
The EU AI Act applies in stages from 2025. If you want to be cleanly set up by 2026/2027, you start now. Retrofitting under time pressure is significantly more effort than a thoughtful early build.
How do ISO 42001 and the EU AI Act differ?
The AI Act is law and binding. ISO 42001 is a management-system standard that helps implement the duties in a structured way. The two complement each other: the Act says what, the standard shows how.
Are we as a small or mid-sized organisation even affected?
Yes, if you use or develop AI. The scope of duties depends on the risk of the specific use case, not primarily on company size. Smaller teams often need leaner solutions, but governance does not go away.
Isn't this a topic for lawyers?
For the legally binding interpretation, always. Our advisory is organisational, technical, and strategic — we work hand in hand with your legal department or external counsel, but we don't replace them.
How do your advisory and the trainings interlock?
Advisory (Phase 1) creates the foundation: knowledge in leadership, maturity clarity, defined governance. Anchoring (Phase 2) builds on it — workshops and trainings that take effect inside the organisation. Trainings are bookable separately under Education.
Phase 2 as individual training modules.
Advisory creates the foundation. So that governance actually takes effect day to day, the following modules are bookable individually under Quality Education — each tailored to your governance, your use cases, your reality. A universal standard package would be ineffective here.
Leadership workshop on AI
Workshop for management and department leads. Content is tailored to your company's AI governance so your leadership knows it in day-to-day work and lives it consistently.
→
Employee briefing on AI
Compact briefing for everyone using AI in their daily work. Content is tailored to your company's specific do's and don'ts and also covers the typical grey areas.
→
Training for AI officers
Modular training for designated AI officers and compliance roles. Hold and develop governance inside the company over time. Built on top of your AIMS, not generic.
→
AI literacy (Art. 4)
Compact compliance training to fulfil the AI literacy duty in EU AI Act Article 4. Covers fundamentals, the legal frame, risks, permitted use cases and reporting duties. Audit-ready participation records included.
→Controlled AI use. With clean governance.
AIMS per ISO 42001. EU AI Act readiness. Roles, policies, and guidelines that hold up in everyday work.
Request AIMS advisory→Maybe a different pillar fits your situation better.
Quality Consulting
Strategie, Methodik, Frameworks für belastbare Qualität. Audits, Konzepte, AI-Compliance.
→Quality Services
Operative Test-Manpower, Interim-Testmanagement und Vermittlung aus dem Fachnetzwerk.
→Quality Education
Workshops, Schulungen und 1:1-Coaching für Test-, Projekt- und KI-Compliance-Themen.
→CT Map
Übersicht aller drei QCT-Säulen mit Wegweiser zu deinem passenden Einstiegspunkt.
→