Book an intro call

Consultancy · AI Governance & Compliance

Governance that works for boards, regulators, and auditors.

Framework design, policy authoring, model lifecycle controls, and board reporting built around EU AI Act, FCA/PRA, and UK DSIT requirements. Practical — not a generic template.

Book an intro call How we engage

What we do

Five capabilities. Board-grade governance outputs.

AI governance is not a compliance exercise for its own sake — it's the structure that lets boards discharge their oversight responsibilities and gives regulators what they need to see.

Governance Framework Design

We design a governance framework specific to your AI use cases, risk profile, and regulatory obligations — not a generic template adapted by a junior consultant.

Policy Authoring

Responsible AI policy, acceptable use policy, model deployment policy, and data governance policy — written in plain English, board-approvable, and legally sound in structure.

Audit Trail Design

The controls and logging architecture needed to demonstrate AI decision provenance — critical for FCA/PRA, EU AI Act high-risk systems, and internal audit functions.

Model Lifecycle Controls

Governance over how models are evaluated, deployed, monitored, and retired — from testing frameworks to production alerting to human-in-the-loop design.

Board Reporting

AI risk metrics and governance reporting designed for board and audit committee consumption — structured, specific, and aligned to how boards actually make decisions.

How we engage

Four steps. From regulatory mapping to board-ready documentation.

  1. 01

    Regulatory mapping

    We establish which regulations apply to your AI use cases — EU AI Act risk classification, FCA/PRA AI governance expectations, UK DSIT AI Assurance requirements, and sector-specific obligations.

  2. 02

    Gap analysis

    We compare your current governance posture — policies, controls, and oversight mechanisms — against the requirements identified. Clear, prioritised gaps with no false comfort.

  3. 03

    Framework design

    We design the governance framework to close the gaps. Practical, not theoretical. Designed for the organisation you are, not for an idealised version of it.

  4. 04

    Documentation and sign-off

    We draft the policies, procedures, and controls. You review and approve. We iterate until the outputs are board-ready and legally sound in structure.

When it's right for you

Five situations where AI governance design is urgent.

Regulated sector buyers

Financial services, healthcare, professional services, or any organisation where AI governance failures carry regulatory consequence — FCA/PRA, CQC, ICO.

EU AI Act compliance preparation

Organisations deploying high-risk AI systems (as defined by the EU AI Act) who need to demonstrate compliance before a regulatory review or audit.

Board-level AI accountability

Boards and audit committees that need formal governance structures to discharge their oversight responsibilities for AI — increasingly a fiduciary requirement.

Pre-procurement governance gaps

Organisations about to procure a significant AI system from a vendor who need governance in place before they sign the contract.

Post-incident remediation

Organisations that have experienced an AI-related incident — bias, data breach, explainability failure — and need governance in place to prevent recurrence and demonstrate remediation.

Frequently asked questions

  • Which regulations does this cover?

    EU AI Act (in force June 2024, enforcement from 2026). UK DSIT AI Assurance Roadmap. FCA/PRA AI governance guidance. ICO guidance on AI and data protection. We reference the specific obligations that apply to your use cases — not a generalised regulatory overview.

  • How long does governance framework design take?

    Typically 4–8 weeks from regulatory mapping to final governance documentation. More complex organisations with many AI use cases across multiple jurisdictions may take longer. We scope this explicitly at the start.

  • Does this include legal advice?

    No — we design governance frameworks and draft policies in plain English, but we are not a law firm. Where specific legal advice is required on regulatory compliance or contract language, we partner with specialist legal counsel and refer explicitly.

  • Can you help us respond to a specific regulatory enquiry?

    Yes. If you are under active scrutiny from a regulator (FCA, ICO, or similar), we can help you assemble the governance evidence and documentation needed to respond credibly.

  • What's the difference between this and an AI Governance Audit?

    The AI Governance Audit (available as part of our audit specialism) assesses whether your governance posture is adequate. This service designs and builds the governance posture. They are often paired: audit first to establish the gap, then governance design to close it.

Compliance reviewer asking awkward questions?

We've drafted governance frameworks aligned to EU AI Act, FCA/PRA, and UK DSIT. Bring your situation — we'll tell you the minimum viable governance to get unstuck.

Book an intro call See AI Readiness Assessment →