For organizations doing business in Europe, compliance with the European Union Artificial Intelligence Act (EU AI Act) is a top priority and challenge. The Act governs the development and deployment of AI systems within the EU to mitigate the risks of AI, protect fundamental rights and drive innovation.

Under the Act, AI systems are categorized based on their risk level, including unacceptable risk, high risk, limited risk and minimal risk, and regulated accordingly. The Act’s provisions have been taking effect on a gradual basis since August 1, 2024, with full application of the law slated for August 1, 2026.

Complying with the Act can be complex and costly, with significant fines for non-compliance. For this reason, one of the world’s largest manufacturers turned to CGI for help in achieving compliance by design.

CGI’s relationship with the manufacturer extends back to 1990. Since that time, we’ve delivered end-to-end services across its operations, including managed services, systems integration and consulting. The manufacturer chose us for this strategic AI work not only because of our long-term partnership but also because of our AI and EU AI Act expertise, as well as our work in helping it with other regulatory compliance projects.

The client’s EU AI Act compliance challenges

The client’s key compliance challenges were centered on three aspects: vision, capabilities and timeline.

Vision: In terms of vision, the client needed to ensure that any future use of AI across its business functions and geographies complied with the new legislation. This required developing a centralized repository of AI models embedded within the client’s operational and product-related systems, followed by a risk evaluation to identify high risk or forbidden models. The client also needed to understand and document how many of its professionals were using AI, as well as how and where they were using it.

Capabilities: The second challenge related to capabilities. Did the client have the capabilities required to assess all regulatory implications? Could it assess the explainability of an AI model? Could it perform a security check on a GenAI model running on a platform? Could it explain the results of a decision tree when a decision is motivated by AI? How does it ensure humans are in the loop? How does it perform AI reporting and handle requests from regulators? These questions, each related to the Act’s mandates, required an analysis of technical capabilities especially for those related to explainability and security.

Timeline: Lastly, the law’s enforcement deadlines posed a key challenge. With parts of the law taking effect in August 2024 and subsequent provisions in February 2025, August 2025 and August 2026, the client had to act fast in developing and executing a compliance strategy and plan. 

The client needed more than just a compliance program. Its objective was to secure more business through capability trust—trust that its compliance capabilities are efficient, ethical and aligned with all applicable regulation.

What made CGI’s compliance approach unique

CGI’s compliance team built a unique framework that included an architecture blueprint, information model and standardized processes to fully assess changes to the client’s program required by the EU AI Act, as well as required compliance tools. For example, using this framework, we could assess a particular workflow and analyze whether AI had been or could be applied in a compliant way, as well as identify the right practices and tools to achieve compliance.

Further, our approach helped to reduce compliance complexity and costs for the client. While other compliance service providers might create a compliance to-do list and perform each task, leaving clients dependent on their expertise, we focused on analyzing the client’s architecture to accommodate the use of existing tools.

After assessing the client’s capabilities, a fast process due to our knowledge of the client’s business, we recommended a compliance roadmap and set up a compliance by design approach focused on automation and business line autonomy. The key objective was to centralize all legal analysis aspects while sharing best practices for specific use case integration (e.g., GenAI explanability, transparency implementation, etc.).

The business outcomes we delivered

Cornerstone image of plant and propeller

Overall, we delivered a robust compliance framework that the client can apply on its own to ensure ongoing compliance with the EU AI Act. The framework covers the full compliance life cycle—from ideation and purchasing to implementation an AI system. It also supports critical activities such as usage mapping, risk assessments and tailored implementation plans.

Through this robust framework, the client can align its AI strategies with the EU AI Act, ensure trustworthy and responsible AI by design, raise AI literacy across its organization, and ultimately drive strategic AI enablement across the enterprise.

We also delivered a comprehensive list of system features required to ensure compliance, which most competitors don’t provide, as well as benchmarking for AI systems and a three-year compliance roadmap.

We performed all this work on time and on budget and continue to provide AI solutions and governance support for the client.

Explore how CGI’s business consulting and AI advisory services help global organizations meet evolving regulatory demands and drive responsible innovation.

Business value delivered

  • Compliance management autonomy
  • Support for the full compliance life cycle
  • Alignment of AI strategies with EU AI Act
  • Trustworthy and responsible AI by design
  • Increased AI literacy
  • Strategic AI enablement across the business
  • AI system benchmarking
  • Three-year compliance roadmap
close-up-plant-narrow-image