GAWEL
Service

EU AI Act compliance counsel.

The EU AI Act regulates artificial-intelligence systems placed on or used in the EU market. The firm advises providers and deployers, including life-sciences and ICT companies, on role and risk classification, high-risk-system obligations, and conformity-assessment documentation, and on how those duties interact with MDR/IVDR for AI medical devices. It provides the legal documentation and coordination, not the technical conformity assessment.

Map AI Act obligations

Who this is for

  • Providers and deployers of AI systems with EU market exposure.
  • Life-sciences and ICT companies placing AI/ML products on the EU market.
  • Manufacturers of AI medical devices navigating the AI Act alongside MDR/IVDR.

What's included

  • Role and risk classification: whether the client is a provider or a deployer (Art. 3(3)–(4)) and the system's risk category, including high-risk classification for products covered by Union harmonisation legislation (Art. 6(1), Annex I).
  • High-risk-system obligations: risk management (Art. 9), data governance (Art. 10), technical documentation (Art. 11), record-keeping (Art. 12), transparency (Art. 13), human oversight (Art. 14), accuracy and cybersecurity (Art. 15), the quality-management system (Art. 17) and post-market monitoring (Art. 72).
  • Deployer duties: obligations of deployers of high-risk systems (Art. 26) and, where applicable, the fundamental-rights impact assessment (Art. 27).
  • General-purpose-AI duties: obligations for providers of general-purpose AI models (Art. 53) and models with systemic risk (Art. 55).
  • MDR/IVDR interplay: how the AI Act's high-risk requirements sit alongside the medical-device conformity assessment for AI/ML devices that are high-risk under Art. 6(1), assessed within the existing notified-body route (Art. 43(3)).
  • Conformity-assessment documentation: legal documentation and governance support, delivered as fixed-fee modules.

How it works

  1. Scoping. The firm maps each AI system and the client's role (provider / deployer / importer) for each.
  2. Classification. The firm determines the risk category and the obligations that follow.
  3. Gap assessment. The firm compares current documentation and governance against those obligations.
  4. Documentation. The firm prepares the legal documentation and governance framework as fixed-fee modules.
  5. Ongoing advisory. The firm supports post-market monitoring and change management on a retainer.

Indicative pricing

from CHF 5,500 / month subscription, with fixed-fee modules. Gap-assessment from CHF 9,000; conformity-support CHF 18,000 to 40,000.

Indicative starting prices, net and exclusive of Swiss MWST (VAT) where applicable; final fee per written engagement letter.

Frequently asked questions

Does the EU AI Act apply to a company based outside the EU?
Yes, it can. The AI Act reaches providers and deployers established outside the Union where the output produced by the AI system is used in the Union (Art. 2(1)(c)), and it applies to providers placing an AI system on the EU market irrespective of where they are established (Art. 2(1)(a)). A Swiss or US company with no EU entity can therefore fall within scope through its EU-facing AI use.
What is the difference between a provider and a deployer?
A provider develops an AI system (or has one developed) and places it on the market or puts it into service under its own name or trademark (Art. 3(3)). A deployer uses an AI system under its own authority in a professional capacity (Art. 3(4)). The same company can be both (for different systems), and the two roles carry different obligations, so classification is the first step in any engagement.
How does the AI Act interact with MDR/IVDR for AI medical devices?
An AI system that is a medical device, or a safety component of one, is high-risk under the AI Act where the device must undergo third-party conformity assessment under the Union harmonisation legislation in Annex I, which lists the MDR (Regulation (EU) 2017/745) and the IVDR (Regulation (EU) 2017/746) in Section A (Art. 6(1), Annex I). The AI Act's high-risk requirements apply in addition to MDR/IVDR conformity assessment, and are intended to be assessed within the existing notified-body route rather than through a separate AI-only assessment (Art. 43(3)). AI medical devices are therefore dual-regulated, not exempt.
When do the AI Act's high-risk obligations take effect?
Under the AI Act as in force, the high-risk obligations for AI embedded in MDR/IVDR products (Annex I) apply from 2 August 2027, while most other provisions apply from 2 August 2026 (Art. 113). A pending reform, the Digital Omnibus on AI (COM(2025) 836), on which the EU institutions reached a provisional agreement on 7 May 2026, would defer the Annex I product date to 2 August 2028 and streamline the AI Act / MDR–IVDR conformity interface, while keeping medical devices high-risk. As of 31 May 2026 that reform is not yet adopted or in force, so the 2 August 2027 date remains binding until it is published in the Official Journal. The firm monitors this file and scopes engagements to whichever timeline governs.

Related

Last updated: 2026-05-31

Discuss an AI Act engagement