Skip to main content
Image coming soon

EU AI Act Implementation for SaaS Compliance Counsel

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

EU AI Act Implementation for SaaS Compliance Counsel

Build the internal AI Act compliance brief that product, legal, and enterprise customers can actually use.

The EU AI Act is now binding. Your engineering and product teams are shipping AI features into workflows that touch HR decisions, IT service management, and financial approvals. Every one of those features needs a risk classification, a conformity assessment, and a set of transparency obligations documented before it ships. The documentation does not write itself, and the regulation does not come with a template.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Regulatory Compliance Counsel at SaaS platforms sit at the intersection of three urgent conversations. Legal wants a position memo on prohibited practices and high-risk classifications. Product wants a decision framework they can use at sprint planning without calling legal each time. Enterprise customers want a one-pager that confirms the platform is compliant before they sign the next renewal. None of these are answered by reading the regulation. They are answered by building the internal brief, the policy position, and the customer disclosure. Most in-house teams are still at the reading stage when their customers are already asking.

What you walk away with

  • Classify every AI feature in your product portfolio by EU AI Act risk tier using the Annex I and III criteria.
  • Draft the technical documentation required under Article 11 for each high-risk AI system.
  • Build the conformity assessment checklist that product and engineering teams can run at feature release.
  • Produce the transparency obligations register mapping each customer-facing AI touchpoint to Articles 13 and 14.
  • Write the customer-facing compliance disclosure that satisfies enterprise procurement and legal review.
  • Create the internal AI governance policy that covers ongoing monitoring, incident logging, and corrective action under Article 9.

The 12 modules

Module 1. The Regulatory Architecture of the EU AI Act
Walk through the four-tier risk hierarchy from prohibited practices to minimal risk, with close attention to Annex I (AI techniques in scope) and Annex III (high-risk use cases). This module focuses on what makes a SaaS feature subject to high-risk obligations versus a transparency obligation only, using concrete examples from HR automation, IT service management, and financial workflow tools. Output: a one-page risk-tier reference card for your product team.
Module 2. Mapping Your AI Product Portfolio to the Annex III Categories
Apply the Annex III categories to a real product inventory. The module covers how to handle edge cases: AI that augments a human decision versus AI that makes a recommendation the human routinely accepts, systems deployed by your customers rather than operated by you, and features that span multiple risk categories. Output: a risk classification worksheet covering your top ten AI features, with a rationale column for each classification decision.
Module 3. Article 9 Risk Management System: What You Actually Need to Build
Article 9 requires a risk management system for every high-risk AI system, but the text leaves open how to implement it. This module breaks it into four operational components: the risk register, the testing and validation protocol, the residual risk acceptance process, and the post-market monitoring plan. Each component is sized for an in-house team rather than a dedicated conformity assessment body. Output: a risk management system template you can adapt for each high-risk AI product.
Module 4. Article 11 Technical Documentation: The 15-Section Build
Article 11 and Annex IV define fifteen required sections of technical documentation for high-risk AI systems. This module builds each section for a SaaS product context: what counts as training data when you fine-tune on customer data, how to document a model update without triggering a full revalidation, and how to handle proprietary components without exposing trade secrets. Output: a complete technical documentation template for one AI product.
Module 5. Data Governance Under Article 10: Training Data and Bias Controls
Article 10 requires data governance controls covering training, validation, and testing datasets. This module builds the operational checklist: data lineage documentation, bias testing protocols for demographic subgroups, and the data quality criteria you record before training. For SaaS platforms fine-tuning on customer data, it covers the GDPR intersection and what the consent analysis needs to say. Output: an Article 10 data governance checklist for your AI training pipeline.
Module 6. Transparency Obligations Under Articles 13 and 52: Customer-Facing Disclosure
Articles 13 and 52 require instructions for use and AI nature disclosure for systems interacting with natural persons. For B2B SaaS, this appears in product documentation, in-app notices, and contract schedules. This module builds the customer-facing AI transparency notice, the Article 13 product documentation addendum, and the instructions-for-use template covering intended purpose and human oversight requirements. Output: a disclosure pack for your three most customer-visible AI features.
Module 7. Human Oversight Requirements Under Article 14: What Your Customers Need to Do
Article 14 requires high-risk AI systems to support effective human oversight by the deployer. For SaaS vendors, this means your product documentation must tell enterprise customers what oversight measures they are required to implement. This module covers the provider-deployer obligation split and builds the customer-side oversight guidance document your enterprise sales team needs when a prospect asks about their own AI Act audit. Output: a two-page deployer oversight guidance document.
Module 8. The Conformity Assessment: Self-Assessment Versus Notified Body
Most Annex III categories allow internal self-certification; a subset require a notified body. This module walks through the self-certification process: how to structure the assessment, what evidence to compile, how to issue the EU declaration of conformity, and when a significant modification forces a repeat assessment. It also covers when a notified body is mandatory and what the engagement timeline looks like. Output: a conformity assessment plan for your highest-risk AI product.
Module 9. Post-Market Monitoring and Incident Reporting Under Articles 61 and 73
Article 61 requires a post-market monitoring plan; Article 73 requires serious incident reporting to national authorities. This module builds both: monitoring metrics and review thresholds, the serious incident definition and internal escalation path, and the reporting template for notifying the relevant authority within the required timeframe. It covers how customer-reported incidents are triaged against the serious incident threshold. Output: a post-market monitoring policy and a serious incident reporting runbook.
Module 10. The Internal AI Governance Policy: Covering Product, Engineering, and Commercial Teams
A compliance programme is only as durable as the internal policy behind it. This module builds the AI governance policy: the internal approval gate before any AI feature ships, the obligations register product managers use at sprint planning, training requirements for teams who build or deploy high-risk AI, and the review cycle that keeps the policy current as delegated acts arrive. Output: a complete AI governance policy document for a software company with a commercial AI product line.
Module 11. Enterprise Customer Conversations: Closing the AI Act Due Diligence Request
Enterprise procurement teams in financial services, healthcare, and government are sending AI Act due diligence questionnaires to their SaaS vendors. This module works through the most common questions, the documentation needed to answer each one, and how to structure the response to accelerate the deal rather than open a compliance gap negotiation. Output: a model AI Act vendor questionnaire response covering the most common enterprise procurement asks.
Module 12. Monitoring the Delegated Acts, Guidance, and National Authority Decisions
The EU AI Act is a framework; the substantive detail arrives via delegated acts, harmonised standards, and AI Office guidance. This module builds the monitoring infrastructure: the key sources to track, the quarterly review process for updating your compliance documentation, and the horizon-scanning process for AI features in development that will change risk classification once the delegated acts are finalised. Output: a regulatory monitoring calendar and update protocol for your AI Act programme.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Modules 1-2 address the classification question your product team is asking right now.
Modules 3-5 cover the documentation and data governance build that legal and your CISO need before any high-risk AI feature ships.
Modules 6-9 cover the customer-facing and post-market obligations that determine how your enterprise customers experience your compliance.
Modules 10-12 build the governance infrastructure and the ongoing monitoring process that keeps the programme running after initial implementation.

What you get with this course

  • Twelve written modules with worked examples drawn from SaaS product contexts.
  • Downloadable templates for every output: risk classification worksheet, technical documentation, conformity assessment plan, customer disclosure pack, internal AI governance policy, incident reporting runbook.
  • The hand-built implementation playbook tailored to your specific product portfolio and regulatory context, delivered alongside course access.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

You have the regulation. You have a rough understanding of which products are probably high-risk. You do not have the documentation, the internal policy, the customer disclosure, or the governance process. Product teams are asking questions legal cannot yet answer in a format they can act on.

After

You have a classified product portfolio with risk rationale for each feature. You have Article 9 and 11 documentation for your highest-risk AI products. You have a customer-facing disclosure pack. You have an internal AI governance policy product teams can consult at sprint planning. And you have the monitoring process to stay current as the delegated acts land.

What happens if you do not address this

Enterprise customers in financial services, healthcare, and government are already sending AI Act due diligence questionnaires to their SaaS vendors. If your compliance brief is not ready when the questionnaire arrives, the deal stalls or the customer moves to a competitor whose documentation is complete. The cost of building the programme after a deal stalls is higher than the cost of building it before.

Who it is for

In-house regulatory compliance counsel or associate general counsel at a software company with an AI product line. Accountable for tracking new AI regulation, advising product teams on compliance obligations, managing certifications and audits, and preparing customer-facing compliance disclosures. Has legal training and regulatory fluency but has not yet built an EU AI Act compliance programme from scratch. Needs a structured build path, not a summary of the law.

Who this is NOT for. External law firm associates who advise clients rather than build internal programmes. Policy analysts focused on comment letters rather than operational compliance artefacts. Compliance professionals whose companies have no AI product or service.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Twelve modules. Each module takes 25-40 minutes to read and work through. The full course runs approximately six to eight hours across a week.

Why $199 is the right number

Law firm memos describe the regulation but do not build the operational programme. Generic AI Act compliance toolkits produced for consultancies are designed for manufacturing and critical infrastructure, not SaaS product companies. This course is built for in-house counsel at a software platform with an existing AI product line who needs to build the programme, not just understand the law.

FAQ

Does this cover the EU AI Act as it applies to providers versus deployers?
Yes. The course covers both roles and is specific about which obligations apply when your company is the provider, when your customer is the deployer, and when both roles apply simultaneously.
Is this relevant if our AI products are only deployed outside the EU?
If any output of your AI system affects people in the EU, or if your customers operate in the EU, the Act applies to you as the provider regardless of where you are based. The course covers the territorial scope analysis in Module 1.
How does this handle model updates and the re-assessment trigger?
Module 8 covers the significant modification definition and the re-assessment trigger in detail, including a decision tree for evaluating whether a model update requires a new conformity assessment.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!