Skip to main content
← Back to Blog
Pricing·10 min read·

AI Compliance Costs: Honest Pricing Breakdown (2026)

Real 2026 numbers for an AI Act compliance programme — internal FTE, external counsel, platform subscriptions, notified body fees, ongoing monitoring — by company size.

#pricing#cost#AI Act#compliance budget#SME#enterprise

Quick answer

A small EU deployer with 2-3 AI systems should budget €5,000-€20,000 for initial readiness and €3,000-€10,000 annually for upkeep. A mid-market deployer (20-50 systems) should budget €30,000-€120,000 initial and €30,000-€80,000 annual. A provider of a high-risk AI system should budget €80,000-€400,000 initial (including notified body) and €60,000-€200,000 annual. These are all-in numbers: internal time, external counsel, platform, notified body, training.

What you are paying for

An AI Act compliance programme has five cost categories:

  1. Internal staff time (by far the largest line for most orgs).
  2. External legal and consulting.
  3. Platform / tooling subscriptions.
  4. Notified body / conformity assessment fees (providers only, for high-risk).
  5. Training and change management.

Cost by org type

Small deployer (SME, 1-5 AI systems, < 200 FTE)

  • Internal time: 30-80 hours (DPO, legal, one product owner). At blended €80/hr: €2,400-€6,400.
  • External counsel for initial review: €2,000-€8,000 one-off.
  • Platform: €0 (DIY) to €10,000 ARR for SME tier (GeraCompliance ~€4,000-€10,000 ARR).
  • Notified body: €0 (not applicable for pure deployers).
  • Training: €500-€2,000.
  • Year 1 total: €5,000-€20,000. Ongoing: €3,000-€10,000/year.

Mid-market deployer (200-2,000 FTE, 10-50 AI systems)

  • Internal time: 400-1,000 hours (DPO, AI lead, legal, several product/engineering leads). €35,000-€90,000.
  • External counsel: €10,000-€40,000 initial, €5,000-€15,000/year.
  • Platform: €15,000-€50,000 ARR (OneTrust AI, Credo AI, mid-tier GeraCompliance).
  • Notified body: €0 (deployer only).
  • Training and change: €3,000-€10,000.
  • Year 1 total: €60,000-€200,000. Ongoing: €30,000-€80,000/year.

Provider of a high-risk AI system

  • QMS build: 500-1,500 hours internal (legal, product, engineering, risk). €40,000-€120,000.
  • Annex IV documentation: 200-500 hours. €15,000-€40,000.
  • External counsel / consulting for conformity pathway: €20,000-€80,000.
  • Platform: €30,000-€150,000 ARR.
  • Notified body conformity assessment: €25,000-€150,000 depending on scope and iterations.
  • Post-market monitoring tooling: €10,000-€40,000 ARR.
  • Year 1 total: €140,000-€580,000. Ongoing: €80,000-€250,000/year.

Notified body fees in detail

For high-risk AI systems in Annex III use cases (except biometrics Annex I-listed), providers can often use internal conformity assessment with QMS. For Annex I biometrics high-risk and for safety-component AI, third-party assessment through a notified body is required. Notified bodies charge €15,000-€50,000 for initial certification and €5,000-€20,000 annually for surveillance audits. Pre-assessment gap analysis adds €5,000-€15,000.

Hidden costs

  • Integration time — connecting the compliance platform to your systems can add 80-200 hours.
  • Vendor follow-up — chasing third-party AI Declarations of Conformity takes 2-8 weeks per vendor.
  • Staff turnover — AI compliance skills are scarce; retention costs are real.
  • Regulatory updates — allow 10-20% annual rework as Commission guidelines evolve.

Where to save

  • Use SME-tier compliance platforms if you are a deployer.
  • Run your own FRIAs with a template; use counsel for review, not drafting.
  • Leverage Commission-provided templates and Member State SME sandboxes.
  • Bundle AI Act with GDPR + ISO 42001 if you are doing them anyway.

Related reading

Platform buyer's guide · 5 AI Act mistakes · GeraNexus — AI platform