I’m Violeta Klein.
The EU AI Act is now law. Before your organization can comply, it needs to answer one question: does the regulation consider your AI system high-risk?
That answer determines everything — what you document, what you build, what you owe regulators, and what happens when they come asking.
The compliance industry doesn’t want you to think too hard about that question. They’d rather sell you a certification badge, a dashboard, or a readiness assessment. Most of these skip the upstream decision that makes everything downstream meaningful — or worthless.
I show you where the assumptions break.
The standard everyone is certifying against was assessed by the EU’s own research body as not aligned with what the regulation requires. The Commission missed its own deadline to publish classification guidance. The Digital Omnibus is reshaping enforcement timelines — but the obligation to know what your systems are hasn’t moved. And agentic AI systems are breaking assumptions the regulation wasn’t designed to handle.
I’m an ISO/IEC 42001 & 27001 Lead Auditor and former European Patent Office Examiner. I’ve been on both sides of the assessment table. What auditors check and what regulators ask are different questions with different consequences.
This newsletter is for leaders who need to make decisions about AI compliance — not delegate them to consultants who won’t be in the room when the regulator arrives.
No legal advice. No regulatory determinations. Methodology you own.
Mondays. 8:00 AM EET.
