Regulation archetype
EU SaaS company building or embedding AI
An EU SaaS company using AI should plan for GDPR, AI governance, security controls, and EU AI Act readiness. High-risk AI use requires deeper risk management, documentation, monitoring, and human oversight than ordinary productivity AI features.
Company profile
- A B2B software company that provides, deploys, or embeds AI features in customer-facing workflows.
Likely planning items
- GDPR
- EU AI Act readiness
- ISO 27001
- AI governance controls
Possible additional pressure
- ISO 42001
- NIS2
- Cyber Resilience Act
Next steps
- 01List AI systems, data inputs, model providers, and customer-facing decisions.
- 02Classify AI use cases by impact, transparency needs, and prohibited or high-risk categories.
- 03Connect AI risk work to existing security and privacy controls.
This page is a practical planning guide, not legal or audit advice. Use it to scope questions before confirming obligations with legal, audit, or regulatory specialists.