The complete AI governance documentation pack for companies deploying AI โ risk registers, board reporting, vendor due diligence, incident playbooks, and EU AI Act compliance checklist. 8 documents. Ready to implement.
The EU AI Act is not a future obligation. It is law โ and enforcement is already underway.
| Date | What Happened |
|---|---|
| 1 August 2024 | EU AI Act entered into force |
| 2 February 2025 | Prohibited AI systems banned. No exceptions. |
| 2 August 2025 | General Purpose AI Model rules take effect |
| 2 August 2026 | Full high-risk AI obligations apply to all new systems |
| 2 August 2027 | Existing systems must comply |
Article 26 places obligations on deployers โ the organisations that use AI tools โ not just the companies that build them. If you use a vendor's AI-powered HR platform, customer service chatbot, or data analytics tool, you are a deployer.
Most vendor agreements say nothing about AI Act compliance. When regulators come asking who approved the AI system and what oversight was in place, "we didn't know" is not a defence.
Most organisations don't know how many AI systems they're running. Marketing, HR, Finance โ none of it is documented. None of it has been assessed for compliance.
An AI system that makes a biased hiring decision or generates harmful content โ without documented oversight โ becomes a regulatory and reputational crisis overnight.
Every document is written to be implemented immediately. No consultancy jargon. No academic theory. Practical, board-ready, regulator-facing documentation.
Structured inventory of every AI system in your organisation โ internal tools, vendor platforms, embedded AI โ with risk classification, ownership, and EU AI Act category mapping. Aligned to Article 9.
Your organisation's foundational AI governance policy. Covers acceptable use, prohibited applications, human oversight requirements, accountability structure, and board sign-off process. Built around Articles 9, 14, and 26.
A quarterly report template your board can receive and act on. RAG status dashboard, high-risk system status, incident summary, vendor risk update, regulatory timeline. No technical knowledge required.
Send this to every AI vendor before signing a contract. 40 questions across technical documentation, data practices, conformity assessments, incident reporting, and EU AI Act compliance โ with scoring guide.
Step-by-step response procedures for AI system failures, bias incidents, data breaches involving AI, and regulatory notifications. Includes escalation matrix, notification templates, and post-incident review checklist.
Required under Article 27 for deployers of high-risk AI systems. Guides you through the structured assessment of how your AI system affects fundamental rights โ aligned to EU Agency for Fundamental Rights methodology.
Employee-facing policy covering what AI tools can and cannot be used for, how AI-generated content must be labelled, what personal data can be processed, and what to do when unexpected or harmful output occurs.
Section-by-section self-assessment against the EU AI Act. Covers prohibited systems (Article 5), high-risk categories (Annex III), GPAI model requirements (Articles 51โ55), and governance requirements โ with built-in action plan table.
The EU AI Act applies to any organisation that uses AI systems โ not just the companies that build them.
Demonstrate governance and oversight to regulators and shareholders.
Get documented policies and assessment records you can stand behind.
Inventory AI systems and manage vendor obligations systematically.
Whose AI tools (recruitment, performance) fall under Annex III high-risk categories.
Can't afford Big Four consultancy fees โ but can't afford non-compliance either.
Limited availability โ Michael works with a small number of organisations each month.
Pyralink Innovation Ltd is a UK-based cybersecurity and AI governance consultancy founded by Michael Adedeji. Michael holds CISM, CISA, CEH, and CC certifications and an MSc in Data Science from the University of Sunderland.
Pyralink advises organisations across financial services, healthcare, professional services, and public sector on information security, AI governance, and regulatory compliance. Our documentation packs are used by boards, compliance teams, and legal counsel as the foundation for defensible, auditable governance programmes.
We have helped clients across the UK, Ireland, Australia, Canada, and Singapore build compliance programmes that stand up to regulatory scrutiny โ without the six-figure consultancy fee.
Get governance documentation that's ready to use โ not a 300-page framework that requires six months of interpretation.
The documents in this AI Governance Pack are provided as templates and guidance materials for information purposes only. They do not constitute legal advice and should not be relied upon as such. The EU AI Act and related regulations are complex legal instruments, and your organisation's specific obligations will depend on your individual circumstances. Pyralink Innovation Ltd accepts no liability for any regulatory enforcement action, fine, penalty, or other consequence arising from the use or non-use of these documents. We strongly recommend that you seek qualified legal advice before making compliance decisions. Free updates for 12 months are included for Full Pack purchasers. ยฉ 2026 Pyralink Innovation Ltd. All rights reserved. Unauthorised reproduction or distribution of these documents is prohibited.