CS Free assessment
Public sector = high-risk Annex III + NIS2 essential entity

The state decides about citizens.
AI must not do so blindly.

Social benefits, school admissions, justice, migration, employment services — wherever AI affects citizens' rights, you are under AI Act as high-risk. On top of that comes mandatory FRIA per Art. 27, NIS2 essential entity status, and transparency per Art. 86. We help you establish governance, documentation, and training in 2–3 weeks.

Book a free call → Check where you stand (5 min) ▷
76 % of public bodies lack AI governance
Annex III decisions about citizens = high-risk
Art. 27 FRIA mandatory for public bodies
2–3 weeks to full compliance
Public Sector Challenges

Citizens have rights.
AI Act makes you accountable for upholding them.

Public administration is under pressure from AI Act, NIS2, GDPR, and national cybersecurity law simultaneously. Unlike business, you also face mandatory FRIA and transparency — because you decide about citizens' lives.

Decisions about citizens are high-risk

Social benefits, admissions, student assessment, justice, migration, employment services — all fall under AI Act Annex III as high-risk. You need EU database registration, technical documentation, human oversight, and logging. Deadline: August 2026 — 3 months left.

AI Act — Annex III, points 3–8

FRIA — obligation specific to public bodies

AI Act Art. 27 requires public authorities to conduct a Fundamental Rights Impact Assessment BEFORE deploying high-risk AI. Assessment of impact on fundamental rights, affected groups, anti-discrimination measures. Commercial entities are not subject to this duty — you are.

AI Act — Art. 27

NIS2: essential entity under national supervision

Public administration is an essential entity in Annex I, Sector 1. That means regular audits, incident reporting to the national authority within 24 hours, network segmentation, and supply chain governance. Penalties and personal liability for management are tightening across the EU.

NIS2 — Annex I, Sector 1

Citizens have a right to know AI is deciding

AI Act Art. 86 grants citizens the right to a clear and meaningful explanation of an AI decision affecting them. GDPR Art. 22 prohibits purely automated decisions without human review. Supervisory audits and judicial review do not ask whether you know this — they ask whether you can prove it.

AI Act Art. 86 + GDPR Art. 22
What We Deliver

Governance as citizen trust,
not another rubber stamp.

We prepare complete documentation and policies tailored to your public body. You invest 2–3 hours of review, we handle the rest.

AI Policy tailored for public sector

Acceptable Use Policy, AI system classification per Annex III, rules for casework and administrative AI aligned with public-body status.

FRIA per AI Act Art. 27

Fundamental Rights Impact Assessment for each high-risk AI system. Identification of affected groups, discrimination risk assessment, mitigation measures, and monitoring.

Training AI literacy for public servants

AI Act requires AI literacy (Art. 4). We prepare training for public servants, department heads, and IT — with certificates and practical casework examples.

Audit Trail ready for national authority and DPA

Complete documentation of logging, human oversight, and decisions. Ready for national cybersecurity authority, data protection authority, audit office, and judicial review — within a 30-day window.

NIS2 Gap Analysis for essential entities

We map your gaps against NIS2 and national cybersecurity law. Incident response, network segmentation, supply chain, 24-hour reporting.

AI System Registry with Annex III classification

We map all AI systems in casework and operations — from chatbots to predictive models. Classify risks, identify high-risk systems, and prepare EU database registration.

How It Works

Three steps. In 2–3 weeks, your AI will be under control.

You do not need to read hundreds of pages of regulations. We do it for you — and we stand behind it.

1

We assess your status

We conduct an inventory of AI systems in casework and administrative operations. Identify high-risk systems per Annex III, map citizen-data flows, and assess NIS2 gaps. It takes one introductory call and a questionnaire.

2

We prepare documentation

AI policy tailored to your public body, FRIA for high-risk systems, classification per Annex III, training materials for staff and department heads. You invest 2–3 hours of review.

3

We train and hand over

We train public servants, department heads, and IT. Deliver complete documentation and leave you audit-ready for the national authority, DPA, and audit office. With certificates for every participant.

Further Perspectives

Looking at compliance across the entire organisation?

Public sector has specifics (FRIA, transparency), but the core principles of AI governance apply to every role.

For Compliance Officers

AI Act, NIS2, GDPR in one system

Complete overview of regulatory obligations, timelines, and implementation steps — all interconnected, not in separate silos.

Learn more → For Heads and Directors

AI governance as citizen trust

Why compliance is not just bureaucratic overhead. How to turn regulatory requirements into citizen trust and defensible decision-making.

Learn more →

Citizens trust you.
Show them it is warranted.

In 15 minutes, we will assess where you stand with AI governance, what to address first, and what next step makes sense. No obligation, no sales pressure.

Book an introductory call →

Not sure where to start?

Readiness Check — 5 min Discovery Call — free