Fixed-scope, expert-led engagements for GDPR, the EU AI Act, and the Cyber Resilience Act — delivered as documentation your DPO, legal counsel, or engineering team can act on directly.
Organizations that already know they have an obligation — a DPIA trigger under GDPR Article 35, an AI system that interacts with people under AI Act Article 50, or a software or connected-hardware product covered by the Cyber Resilience Act — and need a documented, defensible deliverable rather than a general checklist.
GDPR fines can reach €20 million or 4% of global annual turnover; AI Act fines can reach €35 million or 7%. The Cyber Resilience Act phases in reporting duties and essential requirements through 2026 and 2027. Enforcement mechanisms and exact penalties vary by regulator and case, so a dated, documented assessment is what actually reduces exposure — not a guess at what the rules require.
You describe the system, data processing, or product; we confirm which package and regulation-specific checklist applies.
We map your current state against the relevant requirement — GDPR Art. 35/36, AI Act Art. 50, or CRA Annex I.
You receive the DPIA, transparency documentation, or CRA readiness report, with prioritized action items.
A walkthrough call to answer questions and confirm the deliverable is ready for your DPO, counsel, or notified body.
from €1,500
Any organization that must run a Data Protection Impact Assessment — new AI systems, large-scale profiling, sensitive-data processing, or systematic monitoring.
from €1,900
Organizations deploying chatbots, deepfake or synthetic-media generators, or any AI system that interacts with natural persons and needs Article 50 disclosures.
from €2,400
Manufacturers and vendors of products with digital elements — software or connected hardware — placed on the EU market.
Prices are starting points; final scope and price are confirmed after the intake call. No payment is processed on this page — every request goes through email so we can scope it correctly first.
These services assess and document your position against GDPR, the EU AI Act, and the Cyber Resilience Act. They are not legal advice and do not guarantee compliance or immunity from complaints, audits, or enforcement action by any supervisory authority. For a legal opinion on your specific obligations, consult qualified counsel.