Sphere Partners

High-risk deadline: 2 August 2026

EU AI Act compliance in 8 weeks

We map your AI systems against the Act, classify each one, and put the technical and documentation requirements in place. Eight weeks for a focused engagement covering one or two high-risk systems.

Get in TouchDownload the Whitepaper
EU AI Act risk tiers
Tier
Minimal
~50% of systems
MinimalLimitedHigh riskProhibited
Articles covered
113
Avg time to comply
8 wks
35M

Maximum fine for non-compliance

6

Phase compliance framework

50+

Businesses made compliant

8 wks

Average engagement time

If your business uses AI for decisions about people, money, or safety in the EU, the Act probably applies

Obligations apply per system. A single company often has minimal-risk and high-risk systems running in parallel, and the high-risk ones each need their own technical documentation, risk management, oversight controls, and EU database registration. All of which must be in place by August 2026 for high-risk systems.

  • Сredit scoring, HR screening, biometric ID, medical diagnostics, fraud detection, machinery safety controls. All classified high-risk under Annex I or III.
  • Companies based outside the EU whose AI system or its output reaches an EU user. The Act applies to them too.
  • AI tools bought from vendors and never reclassified. Most off-the-shelf HR and credit-decision software has not yet been certified for AI Act use.
  • Fine-tuning a hosted model and deploying it under your name can shift you from deployer to provider, with the full set of provider obligations attached.

Organizations around the world trust us

ideel
JFrog
Clearcover
91 Seconds
PHC
NextCapital
DigitalOcean
Enova
bp
Groupon
CreditNinja
Navy Pier
DoorDash
Gett
Experify
ideel
JFrog
Clearcover
91 Seconds
PHC
NextCapital
DigitalOcean
Enova
bp
Groupon
CreditNinja
Navy Pier
DoorDash
Gett
Experify

Six phases to full AI Act readiness

A structured, systematic approach that takes you from initial AI inventory to ongoing compliance — with full documentation at every step.

AI System Inventory

Map every AI system in your organisation and document its scope, data use, and purpose.

  • Asset discovery workshop
  • System documentation templates
  • Vendor AI assessment

Risk Classification

Classify each AI system into the correct risk tier and determine which obligations apply.

  • Prohibited use screening
  • High-risk categorisation
  • GPAI model identification

Gap Analysis

Identify compliance gaps against each applicable obligation with prioritised remediation plans.

  • Technical requirements audit
  • Governance gap report
  • Remediation roadmap

Controls Implementation

Deploy technical and organisational controls to meet high-risk and transparency obligations.

  • Human oversight mechanisms
  • Logging & monitoring setup
  • Bias & accuracy testing

Ongoing Governance

Embed compliance into your organisation with policies, training, and continuous monitoring.

  • AI governance policies
  • Staff training programmes
  • Quarterly compliance reviews

Documentation & Registration

Prepare technical documentation, conformity assessments, and EU database registration.

  • Technical file preparation
  • Conformity declarations
  • EU AI database filings

From first call to compliance sign-off in four steps

Sphere staffs every engagement with AI engineers and MLOps practitioners alongside governance leads. We deploy the controls in your stack and integrate them with your existing observability, MLOps tooling, and GRC platforms. Because the same team scopes the gaps and closes them, an eight-week engagement is realistic. Typical legal-only advisory engagements run four to six months for the same scope.

Free assessment

30-minute scoping call. We walk your AI estate, identify immediate exposure, and indicate likely engagement size.

Tailored proposal

Custom plan based on your risk profile, system count, and existing controls. Fixed fee for the framework.

Framework delivery

Six-phase engagement with weekly progress reporting and milestone reviews.

Compliance sign-off

Documentation complete, registered, and audit-ready. Optional ongoing governance as a managed service.

Book Your Free EU AI Act Assessment

Please provide your contact details, and our team will get back to you promptly.

Hear From

Our Clients
Lee Ebreo

Lee Ebreo

VP of Engineering at Credit Ninja

These things would not have been achievable if we did not build our own in-house system and if we did not partner with Sphere to help us achieve our goals.

Selah Ben-Haim

Selah Ben-Haim

VP of Engineering at Prominence Advisors

Our experience with Sphere and their team has been and continues to be fantastic. We keep throwing new projects at them, and they keep knocking them out of the park (including the rescue of a project that was previously bungled by another vendor).

Ben Crawford

Ben Crawford

Senior Product Manager at Enova Financial

I would expect to be delighted. It's been a really positive experience, working with Sphere, and I would expect you to have the same.

Mark Friedgan

Mark Friedgan

CEO at CreditNinja

Sphere consistently prioritizes the needs of their clients, demonstrating both agility and teamwork. As an offshore team, they have been an integral part of our organization and we plan to continue growing with them.

René Pfitzner

René Pfitzner

Co-Founder at Experify

Sphere provided excellent full-stack development manpower to augment our team and help push our product forward. They are easy to work with, tech-savvy and proactive.

Bruce Burdick

Bruce Burdick

Chief Information Officer at Integra Credit

We've been working with Sphere and its excellent consultants since our founding. I've found that they are true partners in the success of our business.

Jemal Swoboda

Jemal Swoboda

CEO at Dabble

The resources and developers that Sphere Software provides are skilled and have the required technical expertise, but more importantly, they have helped us build a culture of excellence within our team.

Arthur Tretyak

Arthur Tretyak

Founder and CEO at IntegraCredit

With Sphere, we were able to migrate in half the time it would take to train an additional FTE… and for a fraction of the cost. Our experience with Sphere has been exceptional.

Lee Ebreo

Lee Ebreo

VP of Engineering at Credit Ninja

These things would not have been achievable if we did not build our own in-house system and if we did not partner with Sphere to help us achieve our goals.

Selah Ben-Haim

Selah Ben-Haim

VP of Engineering at Prominence Advisors

Our experience with Sphere and their team has been and continues to be fantastic. We keep throwing new projects at them, and they keep knocking them out of the park (including the rescue of a project that was previously bungled by another vendor).

TOP AI CODE GENERATION COMPANY UNITED STATES 2025

TOP AI TEXT GENERATION COMPANY FLORIDA 2025

TOP APP DEVELOPMENT COMPANY MANUFACTURING 2025

TOP ARTIFICIAL INTELLIGENCE COMPANY UNITED STATES 2025

TOP CHATBOT COMPANY UNITED STATES 2025

TOP RECOMMENDATION SYSTEMS COMPANY UNITED STATES 2025

Common questions before the call.

Honestly, nobody knows yet. The Commission proposed pushing it to December 2027 (the Digital Omnibus), but the trilogue on 28 April ended without agreement, and there's another round scheduled. Could go either way. Practically speaking, you should plan against 2 August 2026. If it gets pushed, your work doesn't go to waste – you just have a longer runway. If it doesn't get pushed and you've been waiting, you're stuck doing in three months what should have taken eight.
Scope is determined by where your system is used and what it does. If your AI system or its output reaches users in the EU, the Act can apply regardless of where your company is based. We review each system against its actual use: decisions about people, money, safety, or access to services. In the first session, we map your systems, flag likely high-risk use cases, and give you a clear position per system. You leave with a documented scope decision, not a general interpretation.
Yes, if your AI system is placed on the EU market or its output is used in the EU. A US vendor selling to a German employer falls under the Act. So does a non-EU platform whose chatbot reaches EU users.
Fixed fee, scoped to system count and risk profile. The 30-minute assessment gives you an indicative range. Most enterprise engagements price in the same band as a mid-sized advisory project, with the technical implementation included rather than billed separately.
Using a foundation model as a customer does not make you a provider. Fine-tuning it for a specific purpose, rebranding it, or substantially modifying it can. We assess this case-by-case in Phase 2.
We sequence Phase 5 documentation early so an interim audit position is defensible. If a regulator asks for evidence mid-engagement, we hand them the technical documentation, gap analysis, and remediation plan as evidence of active work.
Yes. Risk is assigned per system, not per company. We classify each system based on its function, data, and impact, using Annex I and III as the baseline. That includes checking for prohibited uses, high-risk categories, and general-purpose AI involvement. You get a written classification with justification, tied directly to the obligations that follow. This becomes the foundation for everything else: controls, documentation, and registration.
Legal defines obligations. We translate them into working systems. That includes mapping requirements to your architecture, implementing logging and monitoring, setting up human oversight, running bias and accuracy testing, and producing the technical file. We work with your legal team and align on interpretation, then handle the technical execution and documentation needed for audit and EU database registration. This is where most compliance efforts stall without engineering support.
You get a complete, system-level compliance package for one or two high-risk systems. That includes a full AI inventory, formal risk classification, gap analysis, implemented controls, and a technical file ready for audit. We prepare conformity documentation and support EU database registration. The outcome is not a report. It is a compliant system with documentation, controls, and governance in place, ready for regulator review and internal use.

The EU AI Act compliance checklist

Self-assessment covering Articles 9–15, conformity assessment routes, and EU database registration.