How long does an AI Governance Readiness Assessment take?

The G1 assessment takes 2 weeks — one week for discovery workshops and document review, one week for analysis, scoring, and the final report.

Do I need to complete G1 before buying other services?

No. Each product is independent. However, G1 establishes the baseline that makes every subsequent engagement more efficient.

What is the difference between B1 and B2?

B1 builds the governance infrastructure. B2 prepares the organisation for the certification audit. B1 produces the controls; B2 organises the evidence and manages the audit process.

Do you work outside India?

Yes. We serve clients across India, the GCC/Middle East, and the EU. GCC and EU pricing is in EUR.

What we do

We build AI applications. We make sure they are compliant.

Most companies have to choose between moving fast and staying compliant. We remove that choice. We build your AI application and make sure it meets every regulatory requirement — at the same time, not one after the other.

Our work is organised into three phases: Govern — understand your obligations before you build. Build — develop your AI application with compliance built in, or retrofit compliance into a system you have already built. Run — keep it compliant as regulations and your business evolve. Each service has fixed deliverables and clear pricing. No open-ended consulting.

Govern

Before we build anything, we need to understand what rules apply to your AI system, where your gaps are, and what needs to happen first. The Govern phase gives you that clarity.

G1

AI Governance Readiness Assessment

A clear picture of where you stand today — what regulations apply to you, what is missing, and what to do first.

Duration: 2 weeks

Deliverables

Conversations with your key people to understand how you currently use AI
A review of your existing processes and documents
A plain-language report showing where the gaps are
A prioritised list of what to fix first
A recommended next step

What it is NOT

This is not a technical audit and it is not implementation. Think of it as a health check — it tells you what needs attention before you start building.

Frameworks

We check against the regulations that apply to you — which could include EU AI Act, GDPR, DPDP, ISO 27001, or ISO 42001 depending on your geography and industry.

Leads to

G2, G3, B1, B2

G2

DPIA & AI Risk Classification

The documented proof that your AI system has been assessed for risk. This is what regulators and auditors ask for first.

Duration: 2–3 weeks

Deliverables

A simple template for assessing the risk of each AI system you use or plan to use
An inventory of your AI systems with a risk level for each
Written risk assessments that can be shown to regulators
A map of which regulations apply to which AI system
A packaged evidence file ready for auditors

What it is NOT

This is not a one-off document that sits in a drawer. We design it so you can update it yourself as your AI systems change.

Frameworks

EU AI Act, GDPR, DPDP, and any sector-specific rules that apply to your industry.

Leads to

G3, B1, B2

G3

AI Compliance Strategy

A clear plan showing which regulations apply to you, in what order to address them, and how long it will take. Ready to present to your board.

Duration: 3–4 weeks

Deliverables

An analysis of every regulation that applies to your business and AI systems
A decision on which frameworks to pursue and in what order
A step-by-step compliance roadmap with timelines
A board-ready document explaining the plan and the risk of not acting
Guidance on budget and resources needed

What it is NOT

This is the plan, not the execution. Once you have this, you know exactly what Build looks like.

Frameworks

ISO 42001, EU AI Act, DPDP, GDPR, and any sector rules relevant to your business.

Leads to

B1, B2

Build

This is where we build. We develop your AI application and make sure compliance is part of how it works — not something added on top after the fact.

B1

Custom AI Application Development

We build your AI application from scratch — with audit trails, data controls, and compliance documentation built into the system itself.

Duration: 8–16 weeks

Deliverables

Discovery and scoping — we understand your business problem, your data, and your regulatory environment before writing a line of code
AI application development — we build the model, the interface, and the integrations your team needs
Audit trail — every decision the AI makes is logged so you can show exactly what happened and why
Data controls — we document how personal data flows through the system, who can access it, and how it is deleted
Explainability — the system can explain its outputs in plain language, which is required under EU AI Act for high-risk applications
Human override — your team can always review and override any AI decision
Compliance documentation — everything an auditor or regulator would ask for, generated as part of the build
Handover and training — your team knows how to use and maintain the system

What it is NOT

This is not off-the-shelf software. Every application we build is custom — designed around your specific business problem, your data, and your regulatory obligations.

Frameworks

We build to the requirements of whichever regulations apply to you — EU AI Act, GDPR, DPDP, ISO 42001, or sector-specific rules.

Leads to

B2 if certification is required. R1 for ongoing compliance operations.

B2

Certification Readiness Programme

Everything you need to walk into an ISO certification audit with confidence — and come out the other side with your certificate.

Duration: 6–8 weeks

Deliverables

A check of where you stand against the certification requirements before the audit begins
Organisation of all your compliance evidence into a format the certification body expects
A complete documentation pack ready for the auditor
Support through your internal audit and management review
A practice run so there are no surprises on audit day
Management of the audit process from start to finish

What it is NOT

We prepare you for the audit and manage the process. The certification body conducts the audit itself and issues the certificate.

Frameworks

ISO 27001, ISO 42001, or both — depending on what your business needs.

Leads to

R1 for ongoing compliance after certification.

B3

AI Compliance Retrofit

Your AI system is already live. We assess it, identify the compliance gaps, and add everything needed to make it defensible — without rebuilding from scratch.

Duration: 6–12 weeks

Who this is for

You have already built and deployed an AI system. It works. But it was built without compliance in mind and you are now facing a regulatory deadline, an audit request, or a board that wants answers. Rebuilding from scratch is not an option.

Deliverables

A full assessment of your existing AI system against current regulatory requirements — we tell you exactly what is missing
Audit trail implementation — we add logging to your system so every AI decision is recorded and traceable
Data controls — we document and implement how personal data flows through your system, who can access it, and how it is handled
Explainability layer — we add the ability for your system to explain its outputs, which regulators increasingly require
Human override controls — we implement the ability for your team to review and override AI decisions
Compliance documentation — we produce the full evidence pack an auditor or regulator would expect to see
A gap closure report showing what was fixed, how, and what the current compliance position is

What it is NOT

This is not a rebuild. We work with your existing system and add what is missing. That said, if we find issues that cannot be fixed without a rebuild, we will tell you clearly and honestly before any work begins.

Why retrofit costs more

Adding governance to a system that was not designed for it is always harder than building it in from the start. If you are evaluating a new AI project, building governance-first with B1 will cost less and take less time than retrofitting later.

Frameworks

EU AI Act, GDPR, DPDP, ISO 42001 — whichever regulations apply to your system and geography.

Leads to

B2 if certification is required. R1 for ongoing compliance operations.

Run

Getting compliant is step one. Staying compliant is the ongoing work. Regulations change. Your AI systems evolve. New risks emerge. Run is our retainer service that keeps you on top of it — without you having to think about it.

R1

Ongoing Governance Operations

A monthly retainer that keeps your AI systems compliant as your business and the regulatory environment evolve.

Engagement: Monthly retainer · 12-month minimum

Monthly deliverables

A monthly check of your AI systems against current regulatory requirements
Updates to your compliance documents as things change
A standing advisory channel — email or Slack — for questions as they come up
A monthly summary of any regulatory changes that affect you

Quarterly deliverables

A quarterly review of your overall compliance position
A scan of new and upcoming regulations in your markets
An updated roadmap if priorities have shifted

Advisory day rate

Need deeper work in a given month? Additional days are available at our standard day rate.

How most clients start

Every engagement is different, but most clients follow one of three paths depending on where they are starting from. All paths begin with understanding your situation — and end with a compliant, auditable AI system.

Path A — Start from scratch

G1

G3

B1

B2

R1

You are new to compliance and want to do it properly from the beginning. We assess where you stand, build a plan, develop your AI application with compliance built in, prepare for certification, and then keep you compliant on an ongoing basis.

Path B — You have a specific regulatory deadline

G2

G3

B1

R1

You have a deadline — EU AI Act, GDPR, or DPDP — and need to move quickly. We assess your risk, build the governance infrastructure, and keep you compliant. Certification can come later.

Path C — You are already set up and need audit support

B2

R1

You already have controls in place. You need someone to prepare you for the certification audit and keep you compliant after you get your certificate.

Path D — Your AI is already live and needs to be made compliant

G1

B3

R1

Your AI system is already running but was not built with compliance in mind. We assess it against current regulations, retrofit the controls and documentation that are missing, and then keep you compliant on an ongoing basis. Add B2 if certification becomes a requirement.

Not sure where to start? That is exactly what the first call is for.

Whether you are building something new and want to do it right from the start, or you have an existing AI system that needs to be made compliant, we can help. Tell us where you are and we will tell you honestly what the right next step is. The call is 30 minutes.

Book a Scoping Call