Practical guides, legal analysis, and compliance strategies for businesses navigating the EU AI Act. Written by the Aurora Trust team — practitioners who build AI compliance tooling and live in the regulation daily.
What makes an AI system "high-risk" under the EU AI Act? A complete guide to all 8 Annex III categories, what compliance requirements each triggers, and how to determine if your AI qualifies — with worked examples.
Read article →A practical 12-week roadmap to EU AI Act compliance before the August 2026 enforcement deadline. Step-by-step phases, what to do each week, common pitfalls, and how to know when you're truly ready.
Read article →Both the EU AI Act and GDPR apply extraterritorially, both have large fines, and both affect businesses using AI and data. But they regulate very different things. Here's what businesses subject to both need to know.
Read article →Eight categories of AI practice have been prohibited across the EU since 2 February 2025 — over a year before the August 2026 deadline. Here is what each prohibition covers, which systems are affected, and what the limited exceptions mean.
Read article →EU AI Act is mandatory law. ISO 42001 is a certifiable management standard. NIST AI RMF is a voluntary US framework. For SMEs building AI governance, here is how they compare, where they overlap, and how to prioritise.
Read article →3 months until the EU AI Act's main enforcement deadline. Most SMEs with high-risk AI systems are running out of time. Here is exactly what must be in place by 2 August 2026, with a month-by-month sprint plan.
Read article →The EU AI Act's general-purpose AI model rules have been in force since August 2025. They apply directly to AI providers — but businesses using AI APIs still carry compliance obligations. Here is what your business needs to know.
Read article →Article 9 is one of the most demanding obligations for high-risk AI providers. It requires a documented, ongoing risk management system — not a one-off audit. This guide covers exactly what it must include, how to structure it, and how it connects to your other compliance documents.
Read article →Credit scoring and loan decision AI is explicitly named high-risk under EU AI Act Annex III §5(b). A complete compliance guide for fintech and banking — including which AI systems qualify, what the obligations are, and how DORA work already done maps to the EU AI Act.
Read article →Healthcare AI faces some of the most demanding EU AI Act obligations — and unique overlaps with the EU Medical Device Regulation. A complete guide to which healthcare AI is high-risk, what compliance requires, and what the 2027 deadline means for embedded medical device AI.
Read article →The EU Digital Omnibus proposes shifting the Annex III enforcement deadline to December 2027. The European Parliament voted in favour. But the proposal is in trilogue — and August 2, 2026 remains the legally binding deadline until trilogue concludes. Here is what you need to know.
Read article →New to EU AI Act compliance? These guides cover the fundamentals every business needs to understand before the August 2026 deadline.