Practical guides, legal analysis, and compliance strategies for businesses navigating the EU AI Act. Written by the Aurora Trust team — practitioners who build AI compliance tooling and live in the regulation daily.
What makes an AI system "high-risk" under the EU AI Act? A complete guide to all 8 Annex III categories, what compliance requirements each triggers, and how to determine if your AI qualifies — with worked examples.
Read article →A practical 12-week roadmap to EU AI Act high-risk compliance — the deadline moved to December 2027, but the roadmap still applies. Step-by-step phases, what to do each week, common pitfalls, and how to know when you're truly ready.
Read article →Both the EU AI Act and GDPR apply extraterritorially, both have large fines, and both affect businesses using AI and data. But they regulate very different things. Here's what businesses subject to both need to know.
Read article →Eight categories of AI practice have been prohibited across the EU since 2 February 2025 — already in force, ahead of the high-risk obligations. Here is what each prohibition covers, which systems are affected, and what the limited exceptions mean.
Read article →EU AI Act is mandatory law. ISO 42001 is a certifiable management standard. NIST AI RMF is a voluntary US framework. For SMEs building AI governance, here is how they compare, where they overlap, and how to prioritise.
Read article →The high-risk deadline was provisionally deferred to December 2027 — but the checklist is unchanged. Here is exactly what high-risk AI systems must have in place, with a month-by-month plan.
Read article →The EU AI Act's general-purpose AI model rules have been in force since August 2025. They apply directly to AI providers — but businesses using AI APIs still carry compliance obligations. Here is what your business needs to know.
Read article →Article 9 is one of the most demanding obligations for high-risk AI providers. It requires a documented, ongoing risk management system — not a one-off audit. This guide covers exactly what it must include, how to structure it, and how it connects to your other compliance documents.
Read article →Credit scoring and loan decision AI is explicitly named high-risk under EU AI Act Annex III §5(b). A complete compliance guide for fintech and banking — including which AI systems qualify, what the obligations are, and how DORA work already done maps to the EU AI Act.
Read article →Healthcare AI faces some of the most demanding EU AI Act obligations — and unique overlaps with the EU Medical Device Regulation. A complete guide to which healthcare AI is high-risk, what compliance requires, and what the 2027 deadline means for embedded medical device AI.
Read article →On 7 May 2026, Parliament and Council reached a provisional agreement deferring high-risk obligations to December 2027 (Annex III) and August 2028 (Annex I). It is not yet law — and transparency rules plus a new prohibition still land in 2026. Here is what you need to know.
Read article →Article 10 requires providers of high-risk AI to document training data quality, examine data for bias, and record data governance practices — before market placement. A complete guide covering the four requirements, documentation structure, and the five mistakes that create audit exposure.
Read article →New to EU AI Act compliance? These guides cover the fundamentals every business needs to understand — high-risk obligations are now provisionally due December 2027, but transparency rules and a new prohibition apply in 2026.