EU AI Act · GDPR · signed by a practitioner
Know exactly where you stand on the EU AI Act.
Lex maps every AI system you run to its EU AI Act risk tier and GDPR obligations, then delivers a gap report and roadmap that a practitioner reviews and signs off by name.
For DPOs, legal leads, and founders of AI-native companies. Ireland, the UK, and the EU.
- UnacceptableArt. 5
- High-riskAnnex III · Art. 6
- LimitedArt. 50
- Minimal—
The deadline moved. The work didn't.
The 2026 AI Omnibus deferred the standalone high-risk deadline to December 2027 — a deferral, not a removal. Prohibited uses are already enforceable and general-purpose-model duties are already live. Building a defensible AI inventory and classifying every system is a 12-to-18-month exercise. Starting late is the only real risk.
- €35M / 7%
- Maximum fine — €35M or 7% of global annual turnover, whichever is higher.
- 12–18 mo
- Typical time to inventory and classify an organisation's AI systems.
- Most
- Most organisations have taken no meaningful compliance steps yet.
- Feb 2025live
Prohibited AI practices enforceable
- Aug 2025live
General-purpose AI model obligations apply
- Through 2026live
Transparency duties phase in
- Dec 2027upcoming
Standalone high-risk (Annex III) deadline
- Aug 2028upcoming
High-risk AI in regulated products
From a list of AI systems to a signed roadmap.
- 01
Structured intake
A guided, conversational intake interviews your team about every AI system in use — built, bought, or embedded — including shadow tooling. No spreadsheet archaeology.
- 02
AI-assisted mapping
Each system is mapped to its EU AI Act risk tier, the specific Articles that bite, and any overlapping GDPR obligations — with the reasoning shown, not hidden.
- 03
Signed-off gap report
The founder reviews every mapping, corrects the edge cases a model gets wrong, and signs the report by name. You receive a PDF gap report and a prioritised action roadmap.
- 04
Optional monitoring
A quarterly subscription tracks regulatory change against your inventory and flags what newly applies — so the report stays true as the rules and your systems evolve.
A model can draft. A practitioner is accountable.
Generative tools can produce a plausible compliance document in seconds. None of them will put a name to it. Lex pairs AI-assisted analysis with a human who reviews every classification and stands behind the result.
Analysis, not boilerplate
Your actual systems are classified against the actual law — not a generic checklist that ignores how you really use AI.
A name on the report
Every assessment is reviewed and signed off by a practitioner. That is the accountability layer a self-generated document cannot give you.
Kept current
Optional monitoring tracks regulatory change so a point-in-time report doesn't quietly go stale.
A gap report you can hand to a board or a regulator.
A clear PDF, signed and dated, covering every AI system you run.
- 01A complete inventory of your AI systems, built or bought
- 02Each system's EU AI Act risk tier with the Articles that apply
- 03GDPR overlap — lawful basis, DPIA triggers, data-subject impact
- 04A prioritised gap list, ranked by exposure and effort
- 05A roadmap with owners and sequencing, not a wall of citations
- 06A named, dated practitioner sign-off
Priced for the companies that fall through the gap.
Enterprise compliance suites are priced out of reach for startups and scale-ups. Lex sits in that gap — a serious assessment without an enterprise contract.
Assessment
€2,000–5,000 depending on the number and complexity of your AI systems.
- Full structured intake
- Risk-tier + GDPR mapping for every system
- Signed-off PDF gap report
- Prioritised action roadmap
Monitoring
€300–800/month. Add on after an assessment.
- Quarterly re-check against your inventory
- Regulatory-change alerts that map to your systems
- Updated roadmap each quarter
- Priority on re-assessment
Risk-tier check
Indicative only. A few questions, an instant rough tier.
- Rough EU AI Act tier in two minutes
- A 'you likely have these obligations' summary
- No call required
- Emailed to you to keep
Prices are indicative and scoped per engagement. Assessments are a technical opinion, not legal advice.
A two-minute, indicative read on where you stand.
Answer five questions about how you use AI and get a rough EU AI Act tier plus the obligations that likely follow. It is indicative only — not a legal determination — and it ends where the real work begins: a signed-off assessment.
- · No account, no call. Your answers stay with you.
- · Result emailed to you to keep.
- · Built on the same logic the full intake uses — just rougher.
Question 1
Do any of your AI systems make or materially influence decisions about people in these areas?
Select all that apply. These are the Annex III high-risk domains.
The four tiers
- UnacceptableArt. 5
Prohibited practices — social scoring, untargeted face-scraping, certain biometric and manipulation uses. Banned outright since February 2025.
- High-riskAnnex III · Art. 6
Recruitment, credit scoring, education, essential services, biometric ID and more. The heaviest obligations: risk management, data governance, logging, human oversight, conformity.
- LimitedArt. 50
Transparency duties — chatbots, emotion recognition, and AI-generated or manipulated content must be disclosed to the people interacting with them.
- Minimal—
The large majority of AI uses. Few or no specific AI Act duties — but you still have to prove a system belongs here, and GDPR may still apply.
Reference: tiers shown for orientation. 4 tiers under the EU AI Act.
Built and signed by a practitioner, not a platform.
Lex is run by a Dublin-based AI practitioner with a PhD in Computer Science (AI) from University College Dublin, and the founder of Botzone.
The work sits where most compliance help doesn't: close enough to the engineering to classify how AI systems actually behave, and close enough to the regulation to know which obligations follow. Every Lex report is personally reviewed and signed.
The practitioner
Dublin, Ireland
- PhD, Computer Science (AI) — University College Dublin
- Founder, Botzone
- Hands-on AI engineering and applied-research background
You own the client. Lex does the technical AI assessment.
Questions a careful buyer asks.
Is this legal advice?
No. Lex is a technical AI assessment. It is informational and is not a substitute for a lawyer. The sign-off is a practitioner's technical opinion on how your AI systems classify — it complements legal advice, it doesn't replace it. For a binding legal position, engage a qualified lawyer; Lex is designed to give them and you something solid to work from.
What is the December 2027 deadline?
The 2026 AI Omnibus deferred the compliance deadline for standalone high-risk systems (Annex III) to 2 December 2027, and to 2 August 2028 for high-risk AI embedded in regulated products. It is a deferral, not a removal — and prohibited practices and general-purpose-model duties already apply today. Because inventory and classification take 12-18 months, the practical start date is now.
What data do you need from us?
Information about the AI systems you use — what they do, what data they touch, who they affect, and whether you built or bought them. The structured intake walks your team through it. We don't need your training data or production secrets to classify a system; we need an accurate picture of how it's used.
How is this different from an enterprise compliance tool?
Enterprise suites are built for large organisations with the budget and staff to run them. Lex is a fixed-scope assessment sized and priced for startups and scale-ups, delivered as a signed report rather than a platform you have to operate yourself.
How long does an assessment take?
Most assessments run a couple of weeks end to end, depending on how many AI systems you run and how quickly your team completes the intake. Monitoring, if you add it, is quarterly thereafter.
Does the AI Act apply to us if we're not in the EU?
Often, yes. The AI Act reaches providers and deployers whose AI output is used in the EU, much like GDPR's extraterritorial reach. If you have EU users or customers, it's worth checking. The free risk-tier check is a fast first look.
Lex is the technical AI assessment layer. It complements legal advice — it does not replace your lawyer.
Find out where you actually stand.
Request an assessment and we'll scope it to the AI systems you run. Not ready for a call? The free risk-tier check gives you an indicative answer in two minutes.
Tell us what you run.
A short note is enough to start. We’ll reply to scope the assessment to your AI systems and confirm a fixed price before any work begins.
Dublin, Ireland · serving IE, UK & the EU