DEADLINE EU AI Act core obligations land  |  Colorado AI Act: June 30, 2026  |  Is your organisation ready?
AI Governance & Shadow AI Audit

Your teams are using AI tools you don't know about.

We surface every AI tool in use across your organisation, classify each one against EU AI Act and NIST RMF standards, and build a governance program that keeps you compliant — permanently.

Shadow AI Discovery Report — Sample
ChatGPT (individual accounts)
HR, Sales, Legal — no data policy in place
HIGH
Notion AI — 14 employees
Unapproved, processing client data
HIGH
Microsoft Copilot
IT-approved, not yet risk-classified
MED
HubSpot AI Features
Enabled by default, unreviewed
MED
GitHub Copilot
Approved, policy documented
OK
75%
of knowledge workers use AI tools at work daily
— Microsoft Work Trend Index, 2025
69%
of security leaders suspect unapproved AI tool use in their organisation
— Gartner, 2025
1 in 5
organisations have already experienced a breach linked to shadow AI
— IBM Cost of Data Breach, 2025
$650K
average cost per shadow AI-linked security incident
— IBM Cost of Data Breach, 2025

AI adoption has outpaced governance by 18 to 24 months.

Your teams are already using ChatGPT, Copilot, Notion AI, and dozens of other tools — many without IT approval, many processing confidential client data. Meanwhile, regulators have caught up. The EU AI Act is here. State-level laws are active. Boards are asking questions.

Most organisations of 50–500 people have significant unmitigated AI risk right now — not because of negligence, but because the tools moved faster than the policies. That gap is exactly what we close.

June 30, 2026 Colorado AI Act — in effect
August 2, 2026 EU AI Act core obligations
Ongoing NIST AI RMF — de facto mandatory for US federal contractors

Three ways to work together

From a focused one-time audit to an embedded AI governance function — scoped to your size and risk exposure.

Audit Only
$7,500
One-time engagement

Full shadow AI audit with risk classification and a prioritised remediation roadmap.

  • Shadow AI Discovery Audit (3 weeks)
  • Full tool inventory report
  • EU AI Act & NIST RMF risk classification
  • Prioritised remediation list
  • Executive briefing session
Book a Discovery Call
Fractional AI Officer
$7,500/mo
6-month minimum

Embedded AI strategy ownership — your outsourced AI governance function.

  • All Full Governance deliverables
  • Vendor procurement reviews
  • Board & investor reporting
  • Ongoing build of 2 AI workflows/month
  • Monthly governance call
Book a Discovery Call

Monthly Governance Retainer (for Full Governance clients): $2,500–$5,000/month — quarterly re-audits, policy updates, new tool approvals.

From audit to compliance in 6 weeks

A structured, four-phase engagement — designed so you never have to scramble before a regulatory deadline.

1

Discovery

Kickoff, department interviews, and anonymous employee survey to surface every AI tool in use — including shadow tools.

Week 1
2

Audit

Full tool inventory, EU AI Act & NIST RMF risk classification, SaaS subscription review, and vendor contract audit.

Weeks 2–3
3

Policy Build

All governance documents drafted, reviewed, and prepared for board presentation and immediate deployment.

Weeks 3–5
4

Delivery

Board briefing, staff training session, Q&A — then monthly retainer begins to keep governance current.

Week 5–6

Shadow AI Risk:
What it is and why it's your problem in 2026

A one-page briefing written for General Counsels, CISOs, and Compliance Officers — no jargon, no sales pitch. Take it into your next leadership meeting.

  • What shadow AI is and how it enters organisations
  • The specific EU AI Act and NIST RMF exposure it creates
  • The IBM $650K average breach cost — broken down
  • The five questions your board will ask (and how to answer them)
  • What a compliant governance posture looks like
Get the 1-Pager
Delivered to your inbox instantly. No follow-up unless you ask.
🔒 No spam. Unsubscribe anytime. Your data is never sold.

Here it is.

Download your copy below — no inbox required.

↓ Download the 1-Pager

Want to discuss your organisation's specific exposure?

Book a free 30-min call →

30 minutes.
Zero obligation.

This isn't a sales call — it's a diagnostic. We'll ask three questions about your current AI governance posture and tell you honestly whether you have a problem worth fixing right now. If there's no fit, we'll say so.

What to expect
  • 30 minutes — we do most of the talking
  • 📋 Sample Shadow AI Discovery Report — see a real output
  • 🎯 Honest assessment of your risk exposure
  • 📅 Available Tuesday & Thursday, mornings
  • 💬 No commitment required to book
Schedule a Call →