An illustrative excerpt of a written FounderAIO Phase 01 Diagnostic. The example below is for an EU AI Act readiness engagement; diagnostics for other practice areas follow the same structure.
CLIENT currently uses 11 AI systems identified during the inventory phase, of which 1 is classified as high-risk under Annex III, 4 as limited-risk requiring transparency obligations, and 6 as minimal-risk. No prohibited practices were identified.
The high-risk system (an automated CV-screening tool used in recruitment) requires the full compliance package binding from August 2026: risk management system, data governance, technical documentation per Annex IV, deployer obligations including human oversight, monitoring logs, and informing affected workers.
Three of the four limited-risk systems (chatbot on the customer portal, AI-generated marketing copy, an internal summarisation assistant) require basic transparency notices to be added by August 2026.
The current AI literacy programme is informal. Article 4 of the Act has bound since February 2025; the programme should be formalised within two months to close this gap.
Total estimated implementation effort to reach August 2026 readiness: 8-10 weeks of focused work, sequenced across three workstreams.
This diagnostic covers EU AI Act applicability and readiness for AI systems currently in use, planned for use within twelve months, or embedded in third-party software in the company's stack. It does not address GDPR data flows (subject of a separate engagement) nor sectoral regulatory regimes (CSSF, AIFMD II, MiCA) that may overlap.
The inventory identified 11 AI systems across the business. Each was documented with: function, vendor (where third-party), data inputs, decision outputs, business owner, and approximate user volume.
| # | System | Function | Owner |
|---|---|---|---|
| 01 | XXXXXXX | CV screening for recruitment | People team |
| 02 | XXXXXXX | Customer support chatbot | Customer team |
| 03 | XXXXXXX | Marketing copy generation | Marketing |
| 04 | XXXXXXX | Internal document summarisation | Operations |
| 05-11 | (7 minimal-risk systems, full inventory in Appendix A) | ||
Each inventoried system was assessed against the Act's classification framework: prohibited practices (Article 5), high-risk under Annex III, high-risk under Annex I, limited-risk transparency obligations (Article 50), or minimal risk.
| System | Classification | Binding date | Risk |
|---|---|---|---|
| CV screening tool | High-risk, Annex III, point 4(a) | 2 Aug 2026 | High |
| Customer support chatbot | Limited-risk transparency | 2 Aug 2026 | Medium |
| Marketing copy generation | Limited-risk transparency | 2 Aug 2026 | Medium |
| Document summarisation | Limited-risk transparency | 2 Aug 2026 | Low |
For each system above minimal risk, the obligations binding by August 2026 were mapped against the current state. The gap analysis surfaced 17 distinct obligations across the four classified systems, of which 12 are not currently met.
Critical gaps (those at material risk of late delivery without immediate action):
Non-critical gaps (transparency notices, log retention configuration, monitoring scripts) listed in full in Appendix B.
The action plan below sequences the gap closures across three workstreams running in parallel over 8-10 weeks. Estimated effort and recommended owner are noted for each.
| Action | Workstream | Effort | Owner |
|---|---|---|---|
| Formalise AI literacy programme + record | Cross-cutting | 1-2 weeks | People & Compliance |
| CV tool: risk management system documentation | High-risk system | 2-3 weeks | People & Compliance |
| CV tool: deployer notice to workers/works council | High-risk system | 1 week | People & Legal |
| Limited-risk transparency notices (3 systems) | Transparency | 1 week | Product & Marketing |
| Monitoring log configuration + retention | High-risk system | 1-2 weeks | IT & Compliance |
| AI register + governance policy | Cross-cutting | 2 weeks | Compliance |
Recommended Phase 02 (Roadmap) and Phase 03 (Build) would convert this diagnostic's action plan into delivered work. Estimated combined scope: 10-14 weeks across three workstreams.
Sub-scopes that may be considered for separate engagements:
A real diagnostic is typically 12-25 pages depending on scope. The structure above is consistent across practice areas: executive summary, scope, current state, gap analysis, prioritised action plan, recommended next phase. Get in touch to discuss a diagnostic for your situation.