Assessment
AI readiness and EU AI Act status
- Use-case inventory and shadow-AI mapping
- EU AI Act classification matrix
- Data-flow diagrams (as-is state)
- Vendor-risk preview for current LLM usage
- Executive summary with prioritisation
EU AI Act, GDPR and vendor risk on a defensible foundation. Plus a secure productive pilot use case in security operations — not just a policy PDF in the wiki.
Your teams are already using AI tools — approved or not. Prompts containing customer data, contract drafts and IP flow to third-party models. Usually only the vendor documents what you shared.
The EU AI Act is in force. Prohibited practices already apply, governance obligations for general-purpose AI from August 2025, and core obligations for high-risk systems from August 2026. Classifying later means negotiating retroactively with the regulator.
What's missing: a governance foundation operationalised in technical controls — not a consulting deliverable that the business ignores.
We combine two axes: AI Governance (EU AI Act classification, GDPR data flows, LLM vendor risk, board reporting) and Secure AI Enablement (technical guardrails, approval workflows, a productive pilot use case from security operations).
Vendor-neutral. We evaluate LLM providers (Anthropic, OpenAI, Microsoft, Google, Mistral, on-premises open-source models) against EU AI Act, GDPR, data sovereignty and contractual structure — never preference. The outcome: a governance foundation that is auditable, and a pilot that runs productively.
AI use-case inventory, EU AI Act classification (prohibited / high-risk / GPAI / minimal), data-flow analysis to external models, shadow-AI mapping.
AI usage policy, vendor risk register for LLM providers, roles and approval model, board reporting template. Fully integrated with existing ISO 27001 / NIS2 structures.
Technical controls: system-prompt standards, tool restriction, PII and secrets filters, prompt-injection hardening, logging and auditability. Human-in-the-loop where compliance requires it.
A productive pilot use case from security operations (e.g. LLM-assisted log triage, compliance-evidence automation, AI-supported IR run-books) — with governance, KPIs and handover to internal ownership.
AI use-case inventory, EU AI Act classification (prohibited / high-risk / GPAI / minimal), data-flow analysis to external models, shadow-AI mapping.
AI usage policy, vendor risk register for LLM providers, roles and approval model, board reporting template. Fully integrated with existing ISO 27001 / NIS2 structures.
Technical controls: system-prompt standards, tool restriction, PII and secrets filters, prompt-injection hardening, logging and auditability. Human-in-the-loop where compliance requires it.
A productive pilot use case from security operations (e.g. LLM-assisted log triage, compliance-evidence automation, AI-supported IR run-books) — with governance, KPIs and handover to internal ownership.
We evaluate LLM and AI providers against the EU AI Act, GDPR and data sovereignty — never against vendor preference or partner commissions.
Every governance decision translates into technical controls. No paper-governance programme without guardrails in production.
After the engagement, a productive AI pilot runs in your business — not just a policy document that nobody reads.
AI readiness and EU AI Act status
Full governance foundation plus guardrails
Multi-BU, multi-use-case, ongoing governance
Many clients combine multiple services – for maximum impact.
“Deploying AI today without governance means negotiating with regulators tomorrow — not with customers.”
Whether you face a transaction, need a certification or want to professionalise your security strategy – Woodlands delivers results in weeks, not months.
20 minutes. Confidential. No obligation.