Fixed-scope audit · 10 days · $7,500
Article 14 Gap Audit
Know exactly where you stand against Aug 2 enforcement. 10 days. Written report. Concrete remediation plan.
EU AI Act Article 14 requires human oversight controls (kill switch, policy engine, audit log, attestation) for high-risk AI systems (automated decision-making in credit, hiring, law enforcement, critical infrastructure, and similar regulated domains). Enforcement date: August 2, 2026. If you don't know your gap, you can't close it in time.
$1,500 deposit to reserve your slot. Remainder due on delivery. Non-refundable deposit, full report guaranteed or you don't owe the balance.
What you get.
Article 14 gap analysis across 4 control patterns
Kill switch (can you halt the system under load?), attestation (can you prove what model version ran?), policy-as-code (are human oversight rules machine-verifiable?), audit logs (tamper-evident record of every intervention). Each pattern gets a pass/fail verdict with evidence.
Technical evidence checklist mapped to regulatory ask
Article 14 says "enable operators to understand" and "intervene appropriately." I map each sub-clause to a concrete technical control and tell you whether your current stack satisfies it. The checklist is machine-readable so your compliance team can re-run it quarterly.
Remediation roadmap, prioritized by Aug 2 deadline
Not everything needs fixing before Aug 2. I'll separate what blocks conformity from what's nice-to-have. Items are ranked by severity, estimated engineering effort, and whether they gate the audit trail your regulator will ask for first.
1-hour walkthrough call with your engineering team
I walk your engineers through each finding, answer implementation questions, and flag anything that changed in the stack during the review period. Recorded if you want it.
What this is not.
Not a Big Four compliance program. Those cost €250-500K, take 90 days, and produce a slide deck partners don't touch. This is a 10-day technical audit. You get a written gap report and a working checklist, not a framework certification.
Not a slide deck. The output is a structured technical document with pass/fail verdicts, evidence references, and specific remediation steps. You can hand it to an engineer and they know what to build.
Not legal advice. I tell you what the technical controls are and whether you have them. Whether those controls satisfy your specific legal exposure is a question for your counsel. I work alongside your legal team, not instead of them.
Not applicable to all AI systems. Article 14 applies to high-risk AI systems as defined in Annex III. If you're not sure whether your system qualifies, that's a good thing to cover in the free 20-minute diagnostic first.
10-day process.
Kickoff
You share stack access (read-only). I review architecture docs, deployment manifests, and any existing compliance documentation. We align on scope and which Article 14 provisions apply.
Stack review
I trace the kill switch implementation, signing chain, policy engine, and audit log pipeline. I test whether the kill switch actually stops the system under realistic conditions (not just in unit tests).
Gap analysis
Each of the 4 control patterns gets a full review. I map every Article 14 sub-clause to evidence (or absence of evidence). I draft the remediation items and rank them by severity and effort.
Report
Written report with pass/fail per control pattern, evidence checklist, and prioritized remediation roadmap. Delivered as PDF + markdown. You can share the markdown with your engineering team directly.
Walkthrough
60-minute call with your engineering team. I walk through each finding, answer implementation questions, and flag anything that needs clarification. Balance due on delivery of the report.
Questions.
What's the refund policy on the $1,500 deposit?
The deposit is non-refundable once I've started work (Day 1 kickoff). Before kickoff, I'll refund in full if you cancel at least 48 hours before the scheduled start. If I fail to deliver the report by Day 10, you owe nothing for the balance. The deposit still stands because I still spent time on kickoff and stack review.
Who owns the report?
You do. Full IP transfer on final payment. I retain the right to reference the engagement type in aggregate ("audited N Article 14 implementations"), but will not disclose client name, findings, or specifics without written permission. The report itself is yours to share with regulators, counsel, or investors.
Can I add scope mid-audit?
No. The 10-day window is fixed. Adding scope mid-audit risks the quality of what's already in flight. If you have additional systems or control areas you want reviewed, we schedule a second audit after the first report delivers. I'll apply a 15% returning-client discount on the second engagement.
Aug 2 is 11 weeks out.
If the gap analysis surfaces critical items, you need time to fix them. 10 days for the audit, then however long your engineering team needs to remediate. The earlier you know, the more options you have.
One slot available per 2-week period. Reserve with the deposit.