Wat valt er onder AI governance?

AI governance covers the policies, processes and controls an organization uses to deploy AI responsibly. This includes risk classification, transparency documentation, bias audits and compliance with the EU AI Act and ISO 42001.

Is the EU AI Act mandatory for my organisation?

The EU AI Act applies to providers and users of AI systems in the EU. The strictest requirements apply to high-risk AI systems. We help your organisation determine applicability and obligations.

AI Governance Services | EU AI Act Implementation

Our services

Choose the service that fits you best

AI Policy & Guidelines

Tailored gemaakt AI-policy: acceptable use, ethiek, datagebruik and menselijk toezicht. Practical guidelines for your teams.

PolicyEthicsOversight

View AI policy →

ISO 42001 Implementation

Implementation of the AI Management System according to ISO 42001. From risk assessment to internal audit.

ISO 42001AIMSAudit

View ISO 42001 →

EU AI Act Compliance

Classification of your AI systems under the AI Act, conformity assessment and CE marking for high-risk systems.

EU AI ActHigh RiskCE

View AI Act →

NIST AI RMF

Risk management for AI according to the NIST AI Risk Management Framework. Govern, Map, Measure, Manage.

NISTRMFRisk

View NIST AI →

Using AI responsibly — and able to prove it? We help you build AI governance that works: from policy to certification and oversight. Free Consultation →

AI Governance is not hype, but a responsibility

AI is being deployed ever more broadly across organizations: from customer service chatbots and HR screening to financial scoring models and generative tools for knowledge workers. At the same time, pressure is growing from legislation and clients to demonstrate that these AI systems are reliable, fair, and explainable. The EU AI Act, ISO 42001, NIST AI RMF, and sector-specific guidelines are no longer abstract frameworks — they require concrete processes around risk classification, data quality, human oversight, incident management, and model lifecycle. Without governance, every AI initiative becomes a risk issue one day.

We help organizations set up AI governance pragmatically. This starts with an AI inventory: which AI systems and generative tools are you already using today, who is responsible, what data goes in, and what decisions come out? Next, we classify systems according to the EU AI Act (prohibited, high-risk, limited-risk, minimal-risk) and determine which controls are appropriate per category. For high-risk systems, we build a governance framework with data quality requirements, bias testing, human oversight, transparency documentation, and incident response procedures.

Governance should not become a brake on innovation. That is why we work with a tiered approach: light governance for low-risk experiments, strict controls for production systems in regulated domains. We deliver templates, checklists, and a governance charter your teams can use themselves, and we train product owners and data scientists to recognize risks in their own working methods. For clients aiming for ISO 42001 certification, we use the governance framework as the basis for the AI Management System and guide you through the certification process.

Frequently asked questions about AI Governance

Does the EU AI Act apply to us if we only use ChatGPT?

Yes, even as an end user of a generative AI system you have obligations. These mainly concern transparency (employees and clients must know when they are communicating with AI), acceptable use policies, and data governance around prompts that may contain personal data or business secrets. The heaviest obligations fall on suppliers of high-risk systems, but end users cannot sit back — we help you determine which rules apply to you.

What about shadow AI in our organization?

Shadow AI — employees using AI tools on their own initiative — is one of the biggest risks we see. Our approach: first an AI use survey to surface what is happening, then a pragmatic acceptable use policy that does not force employees to go underground, and finally controlled alternatives (for example an enterprise version of an LLM) so people can do their work without causing data leaks.

Is ISO 42001 the same as the EU AI Act?

No. The EU AI Act is legislation with legal obligations; ISO 42001 is a voluntary standard for an AI Management System. They overlap strongly — a mature ISO 42001 system covers many AI Act requirements — but compliance with the AI Act always requires a separate legal analysis. We help clients who want both: certification as proof of maturity, plus an AI Act readiness assessment as legal assurance.

AI Governance & EU AI Act Compliance