AI-AUDIT.IT · AUDITING UNIT · MMXXVIEU AI ACT · ENFORCEMENT FROM 03.08.2026
EU Regulation 2024/1689 · independent audit of AI systems

We look
beneath the
surface of
AI systems.
Black on white.

We inspect your AI systems properly — risk, security, transparency, bias. When everything is in order we certify it, with documentation ready for authorities, clients and suppliers. When it isn't, we give you a prioritized remediation plan and a date.

001 · Risk

The right class

We classify every AI system by the AI Act's risk category — prohibited, high, limited, minimal — and measure its real exposure, not the declared one.

AI Act categories4+
002 · Transparency

Explainable & traceable

We verify model explainability, data provenance and quality, logging and the technical documentation the Regulation requires.

Data chain100%
003 · Compliance

Gap, then remediation

EU AI Act + GDPR gap assessment with a prioritized remediation plan, owners and deadlines. Certifiable, black on white.

Surprises at inspection0
03 / The method

Scope, Inspect,
Report, Certify.

An audit isn't an opinion: it's a repeatable protocol. The same rigor for a chatbot and for a scoring system.

PHASE 01

Scope

AI systems inventory, risk class, audit perimeter and evaluation criteria agreed. You know exactly what we'll look at.

Perimeter + criteria
PHASE 02

Inspect

Technical and documentary examination: data, model, logging, security, bias, governance. Evidence collected, not impressions.

Evidence · tests
PHASE 03

Report

Navigable report with findings classified by severity, gaps against the AI Act and a remediation plan with owners and dates.

Report · plan
PHASE 04

Certify

Once gaps are closed, we issue the audit attestation and compliance documentation. 30-day recheck included.

Attestation · follow-up
04 / FAQ

Everything you
need to know.

The essential answers on what an AI audit is, what it produces and when you need it. If you can't find yours, write to us.

/ 01What exactly is an AI audit?

It's an independent, structured examination of an artificial-intelligence system: data, model, integrations, security, bias and documentation. We verify that the system does what it claims, within the AI Act's risk limits, and produce verifiable evidence.

It's not generic consulting: it's a protocol with declared criteria, classified findings and a measurable remediation plan.

/ 02Does the AI Act require auditing systems?

For high-risk systems, Regulation (EU) 2024/1689 requires risk management, data quality, technical documentation, logging and human oversight. Enforcement starts on 3 August 2026. An audit is the most direct way to prove these requirements are met.

/ 03How long does it take and what do you deliver?

From 1 to 4 weeks depending on scope. We deliver a navigable report (30-50 pages) with findings by severity, gaps against the AI Act, a remediation plan with owners and dates, and — once gaps are closed — a signed audit attestation.

/ 04What's the difference from training?

The audit looks at systems; training at people (art. 4 obligation). They're complementary: an audit often surfaces training needs, and a training path closes the human side of compliance.

/ 05Do you also audit third-party suppliers and models?

Yes. With the Vendor & Supply Audit (A2) we evaluate the third-party models and AI vendors you integrate: clauses, liability and upstream compliance. The risk you inherit becomes visible and manageable.

/ 06Does the attestation have legal value?

It's an independent professional attestation: it documents method, criteria and evidence as of the audit date. It doesn't replace a notified-body certification where required, but it holds up before authorities, clients and tenders as proof of due diligence.

/ 07Where's the best place to start?

With the Gap Assessment (A3): in 2-3 weeks you know exactly where you stand against the AI Act and what to do, in priority order. It's the safest way not to waste the first euro in the wrong place.

05 / Request an audit

Let's put
your systems
to the test.

A 30-minute call to define the scope and risk class. You leave with a clear quote and a date — not a generic PDF.

info@ai-audit.it+39 02 ____ ____Milan, IT