AI Disclosure Assessment (Undeclared AI Usage Audit)

AI often slips into business software and processes “under the radar”: CRM modules, marketing automation, HR, security, and cloud tools. This tech-legal audit pinpoints where AI is running, evaluates AI Act/GDPR risks, and defines a compliance roadmap with clear, measurable actions.

Free preliminary evaluation Executive + technical report Audit-ready deliverables

Why do it now

Under the EU AI Act and GDPR, organisations must know whether they use AI, where, for what purpose, and with what risk. The assessment reduces legal exposure, prevents shadow AI, and increases trust with customers and partners.

CRM/Marketing: lead scoring, generative copy, automated sends with LLMs.

HR: CV filtering and candidate ranking via ML.

Finance: fraud detection and automated credit scoring.

Security: video analytics, pattern/biometric recognition.

How the assessment works

1) Discovery & mapping

Software/licence inventory; vendor and cloud mapping.
Interviews with IT, HR, Marketing, Operations, and Legal.
Data-flow capture and legal bases for processing.

2) Technical analysis

Module/API checks (including calls to external AI services).
Config, log, and database inspection (including fragments/backups).
Identification of ML/LLM models, datasets, and metrics used.

3) Risk classification (EU AI Act)

Minimal/Limited: informational assistants, non-decisive optimisations.
High: HR selection, credit scoring, biometric analysis.
Prohibited: mass biometric surveillance, behavioural manipulation.

4) Report & compliance roadmap

AI systems map with data sources, purposes, and responsibilities.
Gap analysis on transparency, governance, and security.
Roadmap for remediation (policies, DPIA, contracts, logging, training).

What you receive

Executive report for management + technical dossier for IT/Legal.
Risk classification per system with recommended actions.
Document templates (AI policy, AI systems register, DPIA checklist).
Traceability pack for internal/external audits.

Book a 30-minute call

FAQ

How is this different from a standard IT audit?+

The AI Disclosure Assessment specifically maps AI functions, models, and AI Act/GDPR risks, including ethics and accountability aspects not covered by a generic IT audit.

How long does it take and what internal effort is required?+

Typically 2–4 weeks with short interviews of IT, HR, Marketing, and Legal. Internal effort is kept low thanks to checklists and templates.

What if we find high-risk AI?+

We provide a mitigation roadmap (policies, DPIA, contracts, technical controls) or decommission/replace the non-compliant system, with practical alternatives.

Can you issue an official statement?+

Yes. We issue an assessment attestation with system map, outcome, and actions taken—useful for customer and authority audits.