Go to content
Novicell AI Services 3

AI Governance and EU AI Act Readiness

Governance that fits how AI actually gets built, not how audits wish it did

AI governance built for delivery, not just compliance

Build an AI governance practice that meets European regulatory requirements and your own risk standards, without slowing delivery. AI governance is no longer optional. The EU AI Act is in force and applying in phases, and most organisations’ own risk and compliance functions are now asking the same questions regulators are. At Novicell, we help you build a governance practice that meets both. We are not a law firm. We are an implementation partner that makes governance operational, embedded in how AI is designed, built, deployed, and reviewed across your business. Where you need formal legal interpretation, we work alongside your legal advisers rather than replacing them.

What you take away

An AI governance framework that maps to the EU AI Act risk tiers and your own risk policy, and that works inside your delivery process rather than being added at audit time. 

What we cover

  • pencil in a cog icon

    AI inventory and risk classification

    We map your AI use cases against the EU AI Act risk categories, namely unacceptable risk, high risk, limited or transparency risk, and minimal risk, alongside your own internal risk policy. The result is a maintained AI register that your technology and risk functions can both rely on.

  • people connection icon

    Governance framework design

    A practical framework covering policy, roles and responsibilities, design and review controls, data quality and lineage, transparency obligations, incident response, and ongoing monitoring, designed to fit how your delivery teams actually work.

  • chess icon

    EU AI Act readiness

    For high-risk use cases, we help you put in place the risk management, data governance, technical documentation, human oversight, conformity assessment, and post-market monitoring the regulation requires. For limited-risk use cases, such as AI that interacts with people or generates content, we help you meet the transparency obligations.

  • lightening icon

    Operating model

    Clear decisions on who approves what gets built, who reviews it, and who signs off, with a lightweight checkpoint pattern that lets many teams ship without each inventing its own approach. We also help you decide where the AI governance owner sits in your organisation.

  • lightbulb icon

    Vendor and model governance

    Standards for assessing model providers and AI software, covering security, data residency, intellectual property terms, notice of model updates, and exit. We assess providers evenly, because we do not develop our own foundation models.

  • people connecting icon

    Operationalising controls in delivery

    Design-stage risk reviews, build-stage evaluation, pre-release human-oversight checks, and post-release monitoring and incident response, built into your normal delivery rhythm rather than running alongside it.

Why this matters now

  • The EU AI Act is in force and applying in stages. Prohibited practices have applied since February 2025, and obligations for general-purpose AI models since August 2025. 
  • Most remaining obligations apply from August 2026, while obligations for high-risk systems have been rescheduled by the Digital Omnibus to take effect from December 2027 for standalone systems and August 2028 for AI embedded in regulated products. 
  • The Act applies beyond the EU. It can cover organisations outside Europe where an AI system is placed on the EU market, used by people in the EU, or where its output is used in the EU. 
  • Boards and audit committees increasingly want an AI position they can defend, and customers and partners increasingly ask for governance evidence during procurement. 
  • Building governance in from the start is considerably less costly than retrofitting it to AI that is already in production. 

How we work

a logic map and a pen icon

Diagnostic

An AI inventory, a first-pass risk classification, a gap analysis against the EU AI Act and your own risk policy, and a prioritised remediation list. This typically takes one to two weeks.

a maze icon

Framework build

A governance framework, operating model, controls, templates, and training, sized to your organisation rather than a long policy document that no one reads. This typically takes three to six weeks.

pen and paper icon

Embed and maintain

Ongoing support, including regular reviews, regulatory tracking, support for new use cases, and incident response.

Our approach to platforms and AI models

The blueprint is platform-aware, not platform-locked. We build agentic commerce on commercetools, BigCommerce, Shopify, DynamicWeb, and others, choosing what fits the business case rather than a single vendor relationship. In the same way, we do not develop our own foundation models. Our role is to help you evaluate, integrate, govern, and adapt the technologies that best support your objectives. Governance is part of this from the start, including mapping your AI use against the EU AI Act and equivalent UK guidance through our dedicated AI governance practice.

Why organisations work with us

  • list icon

    End-to-end delivery

    We combine advisory, architecture, implementation, and operational support in one collaboration model. What we recommend, we are able to deliver, which means our governance advice reflects how AI is actually built and run.

  • head icon

    Technology-neutral approach

    We do not develop our own foundation models. This keeps our advice on vendors and models independent and lets us help you choose, integrate, and govern the technologies that best fit your needs.

  • lightbulb icon

    Practical and proportionate

    Our focus is on governance that teams can actually follow, with controls built into delivery rather than a parallel review process that slows everything down.

  • scales in hand icon

    Collaborative approach

    We work closely with your technology, risk, and legal teams throughout, keeping business goals, technology decisions, and compliance requirements aligned.

About Novicell

Novicell is a digital consultancy that helps organisations strengthen commerce, digital experience, and operational performance.

We work across strategy, platforms, architecture, development, marketing, and data, helping organisations integrate AI into their existing business and technology environments in a practical and measurable way. Our teams combine strategic advisory with hands-on implementation.

We work with CIOs, CTOs, heads of risk, heads of legal, and boards on both advisory and implementation engagements.

Whether you are classifying your AI use against the EU AI Act for the first time or strengthening governance you already have, we help you put practical, defensible controls in place without slowing delivery.

Get in touch to discuss your AI governance and EU AI Act readiness. 

Get in touch