Skip to main content
AI regulatory readiness

AI regulation is arriving in layers. Readiness beats reaction.

AI regulatory readiness from Aun & Co.: obligations under the EU AI Act, privacy frameworks and sectoral rules mapped to your systems before enforcement asks first.

AI regulation is no longer hypothetical: the EU AI Act is phasing in with risk-tiered obligations that reach non-European businesses whose systems touch the EU market, privacy frameworks in Israel and abroad already govern the data layer, and sector regulators are adding expectations of their own. Readiness work is the translation exercise — which of your systems fall where, which obligations attach on what timeline, and what documentation, transparency and oversight the rules require you to be able to show.

The work spans
  • System classification against the EU AI Act's risk tiers
  • Applicability analysis: which regimes reach your business and how
  • Gap assessment: current practice against attaching obligations
  • Documentation and transparency artefacts the rules expect
  • A phased compliance plan aligned to the regulatory timelines
  • Your product or service touches EU users and someone mentioned the AI Act applies to you.
  • A tender, client or investor questionnaire asked about AI compliance and the answer was improvised.
  • AI systems make decisions about people in your business and the regulatory duties are unmapped.
  • You want compliance built once, coherently — not re-improvised for each regime as it lands.

The firm inventories the AI systems in and around your business, then classifies each against the regimes that plausibly reach it — the EU AI Act where European market contact exists, privacy law wherever personal data flows, sector rules where your industry adds them. Obligations are translated from regulation-speak into artefacts and behaviours: the records to keep, the notices to give, the oversight to install. The plan sequences the work against the actual enforcement calendar, so effort lands where deadlines do.

04 · What you get

Classification first

Each system placed in the regulatory map before any compliance spend — most businesses discover their real obligations are narrower, and different, than feared.

Obligations as artefacts

Rules translated into the concrete records, notices and oversight steps your team must produce — compliance you can show, not just claim.

Sequenced to the calendar

Work phased against actual application dates and enforcement priorities, spending readiness effort where the deadlines genuinely are.

A typical engagement: an Israeli company with EU-facing services commissions a readiness review. Classification places one system in a regulated tier and clears the rest; the plan produces its transparency documentation and oversight mechanism ahead of the applicable phase-in date, and the questionnaire answers write themselves.

Described in abbreviated, anonymised form to preserve client confidentiality.

Does the EU AI Act apply to Israeli companies?

It can — the Act reaches providers and deployers outside the EU where their systems are placed on the EU market or their outputs are used there. For Israeli businesses with European customers or users, applicability analysis is the mandatory first step, not a formality.

What does the EU AI Act require in practice?

It depends on the tier: prohibited practices are banned outright, high-risk systems carry documentation, oversight, and quality obligations, and lighter transparency duties attach to certain interactive and generative uses. Most systems fall outside the heavy tiers — which is exactly why classification precedes compliance spend.

What does regulatory readiness involve for a business already using AI?

An inventory and classification of the systems in use, an applicability map across the regimes that reach you, a gap assessment, and a phased plan tied to the enforcement calendar. First classification results typically arrive within weeks; the artefact-building follows by priority.

Start a conversation.

The firm replies within one business day.

AI regulatory readiness — Aun & Co.