30-Day Compliance Action Plan
A week-by-week 30-day action plan to take a UK SME from "we know we have AI exposure" to "we have the evidence pack for the next buyer review".
When this sample fits
Send when a prospect is anchored on the 2 August 2026 milestone and asks "what should we actually do in the next 30 days".
Sprint Agreement reference
30-day compliance action plan (Sprint Agreement §4.1 — Readiness Sprint).
The full deliverable is produced in a paid GeraCompliance fixed-scope sprint. See the £2,500–£10,000 sprint catalogue for scope and pricing.
Browse the rest of the pack
- Annex IV Technical Documentation SkeletonA 9-section skeleton matching Annex IV of the EU AI Act, populated with the structure a high-risk AI provider would actually file.
- EU AI Act Risk Classification MemoA worked classification memo placing one AI system into the EU AI Act risk tiers with the reasoning and evidence trail an SME compliance reviewer expects.
- Risk-Management Register and Controls MapA risk register and control map structured per Article 9 of the EU AI Act, with risk IDs, owner-ready next steps, and a controls inventory.
- Human Oversight and Transparency ChecklistA practical checklist covering the human-oversight (Article 14) and transparency (Article 13) duties for a high-risk AI system, with implementation notes.
- GDPR DPIA Starter PackA Data Protection Impact Assessment starter, including the lawful-basis analysis, ROPA stub, and proportionality reasoning a UK GDPR DPO would expect.
- Supplier Questionnaire Response PackPre-prepared answers to the AI-supplier questionnaire that EU enterprise buyers send with their procurement pack — written in the voice a buyer's vendor-risk team can paste into their decision file.
Or return to the full sample-pack catalogue.