ODO24 Logo
ODO24 Logo
ODO24 Logo

Management of compliance with AI

Artificial intelligence drives innovation, but is it legal? We provide full support to meet the requirements of the AI Act -- from auditing to documentation and training.

Ask about the offer.

How does this service work?

Artificial intelligence (AI) opens up new opportunities for companies, but implementing it also means meeting certain legal requirements. Our service helps you to use AI safely - from compliance audits to documentation preparation to training for your team.

You don't need to delve into the complexities of the AI Act regulations - we take care of everything. We identify risks, ensure technical and legal compliance, and your employees get clear guidance. As a result, you avoid penalties and build customer trust by using technology in compliance with the law.

A man reading a newspaper who's about to slip on banana leather

What exactly are we doing?

We offer comprehensive AI compliance support, including:
Check

Audit and analysis of AI systems – Identify and classify all AI systems within an organisation and assess their compliance with legal requirements.

Check

Verification of technical documentation – Review and evaluation of existing AI documentation for compliance with the General Data Protection Regulation (GDPR) and support for its complementarity.

Check

Preparation of conformity documentation – Creating and updating regulatory documentation, including AI usage policies, operating instructions and data protection impact assessments.

Check

Risk management related to AI – Identifying potential risks from the use of AI systems and supporting their minimisation.

Check

Preparation to comply with the obligations under Article 26 of the AI Act – Adapting AI systems to transparency, accountability, and documentation requirements.

Check

Training for teams – Conduct training for legal departments, compliance and technical teams, as well as general training for staff to raise awareness of the Artificial Intelligence Act.

Check

Consultancy and targeted support – Answering current questions about compliance with the AI Act and preparing legal and technical opinions.

Check

Support for the implementation of AI in accordance with regulations – Assistance with the implementation of new regulated AI systems, from the design phase to full implementation.

Check

Monitoring of compliance – Regular verification of compliance of AI systems with regulations and updating of documentation in response to legal changes.

Ask about the offer.
A man in a tie juggling currencies

How are we gonna work?

  • Let's start with a brief analysis. – without unnecessary formalities.
  • Transparency - we'll discuss your needs together and your support range, and you'll immediately know what the whole process is all about.
  • Proactive support - we regularly monitor the compliance of your AI systems.
  • Flexible training on your own terms - we'll train your team in a convenient form.
  • Tailored documentation – Every document we create for you will be tailored to the specific needs of your company.
  • Support on request - got a question? A new project? We're available.
  • Permanent contact and transparency - we regularly report on the progress of our work.
  • We're developing with your company. - we track changes in the AI regulations and automatically adjust your documents and procedures.

What kind of problems are we solving?

Check

Chaos in the records and a lack of clear procedures:
We organize your technical and legal documentation related to AI systems, creating comprehensive and AI Act-compliant policies, instructions and risk assessments.

Check

Uncertainty about compliance with the AI Act:
We'll audit your AI systems, identify which ones are regulated, and what you need to do to make them work accordingly.

Check

Lack of knowledge of the new regulations:
Your teams will gain hands-on knowledge of AI Act through tailored training from legal to technical teams.

Check

Risk of penalties and reputational damage:
We'll ensure that your AI systems comply with regulations, minimizing the risk of sanctions and loss of customer trust.

Check

Problems with implementing new AI systems:
We support you legally and technically from the planning phase, through design, through full implementation and documentation.

Check

Lack of expert support on a daily basis:
We're available whenever you have any questions, from quick consultations to comprehensive compliance analyses.

Check

Uncertainty about responsibility for AI:
We can help you understand the role your company plays in the AI value chain as a supplier, user or other entity and the obligations that come with it.

Check

Problems with control of external systems:
We're here to support you in assessing AI vendors and verifying that they're compliant.

Ask about the offer.

What our customers say about our services

Marcin Wieczorek

Wojas

foto-lizard-media.jpg

I am very impressed with the high level of substantive expertise of the training staff"

From 13 to 17 March I attended the "Course for Information Security Administrators" organized by ODO 24 sp. z o.o. I am very impressed with the high substantive level of the training staff and the comprehensive program. Working as an ABI requires knowledge not only of legal provisions but also of IT matters, which ODO 24 took into account. Noteworthy is the curriculum, which gradually introduces increasingly advanced nuances of personal data protection, starting from the legal basics and ending with practical aspects of auditing and working with documents within a company. The complete set of materials, editable documents and publications I received will facilitate my daily work as an ABI. I can certainly recommend ODO 24 as a reliable partner offering training services of a high standard.

Magdalena Węglewska

Mazda

foto-mazda.jpg

We can wholeheartedly recommend ODO 24 as a professional and reliable partner"

For many years we have consistently placed great importance on the protection of the personal data of our customers as well as our employees. We took an active part in creating the "Code of Good Practice for the Protection of Personal Data of Customers and Potential Customers,” developed jointly by GIODO and the Polish Automotive Industry Association. Due to the complexity and variability of the rules on personal data protection, as well as Mazda’s dynamic development in Poland and the increasing volume of data we process, we decided to entrust the ABI function to a company specialized in this field. The decision to use the services of ODO 24 was primarily influenced by the experience and competence of the team of experts, the comprehensiveness of the offering and its flexibility in adapting to our organization. After a year of cooperation we can recommend ODO 24 as a professional and reliable partner.

Agnieszka Karłowicz

Spiżarnia

foto-spizarnia.jpg

A practical approach, continuous advisory availability, and positive working relationships"

We have been working with ODO24 for over a year. For us it has been a year of peaceful breathing and a sense of security: at least regarding personal data protection :-) The people at ODO are professionals who explain matters that are incomprehensible to the average person in an understandable way. They understand not only their profession but, which is very important to us, business and its requirements. A practical approach, constant advisory availability, and great relationships — all of this means I can recommend this Company to anyone who wants to work and sleep peacefully.

Tomasz Siwicki

Gefco

foto-gefco.jpg

I recommend the company ODO 24 as a professional partner"

For several years we have been cooperating with ODO 24 in the field of personal data protection. A professional team that efficiently helped us to comply with the requirements of the GDPR. We make use not only of the experts’ knowledge but also of professionally prepared e‑training, thanks to which we were able to train several hundred employees in a very short time. I highly recommend ODO 24 as a professional partner delivering services at the highest level.

See all references
AI Icon

AI compliance management Q&A

What is the AI Act and what are its main objectives?

The AI Act, that is the Regulation on Artificial Intelligence of the European Parliament and of the Council (EU) 2024/1689, is the first comprehensive legal act regulating the rules for the design, implementation and use of artificial intelligence systems in the European Union. Its aim is to establish safe and transparent legal frameworks that enable the development of AI while respecting fundamental rights – in particular the right to privacy and the protection of personal data. The Regulation introduces a risk classification system, ensures harmonisation of rules across the EU and supports innovation by offering clear and predictable rules for market operators and by increasing public trust in AI technologies.

When do the AI Act provisions come into force?

The AI Act entered into force on 1 August 2024, however its provisions will be implemented in stages until 2030.

Key dates are:

  • 02 February 2025 - the start of the application of prohibitions (e.g. manipulative AI, social scoring),
  • 02 August 2025 - obligations for general-purpose models (GPAI) and supervisory authorities,
  • 02 August 2026 - the substantial commencement of application of the Regulation.

Organisations should identify all AI systems deployed before 2 August 2026 and assess whether significant modifications are planned after that date - as this may result in an obligation to adapt them to the AI Act provisions.

Who does the AI Act apply to?

The AI Act has a broad scope and applies to both entities established in the EU and those operating outside its territory, provided their activities have effects in the EU, and includes:

  • Providers of AI systems and general-purpose models who place them on the EU market or make them available for use,
  • Companies and organisations in the EU that use AI systems,
  • Entities outside the EU if the effects of their AI systems’ operation are felt in the EU,
  • Importers and distributors responsible for placing AI systems on the EU market,
  • Manufacturers who integrate AI into their products and offer them under their own brand,
  • Representatives acting on behalf of companies from outside the EU if they are designated to operate in the Union,
  • Natural persons in the EU if they are subject to the operation of an AI system - directly or indirectly.
What are the risk categories of AI systems according to the AI Act?
The AI Act introduces a classification of artificial intelligence systems into four risk levels. The aim is to align legal requirements with the degree of threat that a given system may pose to individuals and society - the higher the risk, the more stringent the rules:
  • Prohibited AI systems- deemed unacceptable, e.g. due to the use of manipulative techniques, subliminal effects or the conducting of social scoring,
  • High-risk AI systems- require detailed conformity assessment, documentation and oversight. They are used, inter alia, in recruitment, employment, education, healthcare,
  • Limited-risk AI systems- require informing the user that they are using AI technology (e.g. chatbots),
  • Minimal-risk AI systems- include solutions that are not subject to specific obligations, apart from the general rules of use.
What are the obligations of providers of AI systems?
Providers, that is entities placing AI systems on the market or making them available to users within the EU, are obliged to meet a number of requirements. Their key obligations include:
  • Risk management - implementation of a risk management system covering the entire lifecycle of the AI system, from the design phase to its use,
  • Conformity assessment - carrying out formal conformity assessment procedures before placing the system on the market,
  • Technical documentation - preparing and maintaining comprehensive technical documentation containing information on the operation, intended purpose and safety of the AI system,
  • Transparency and user information - ensuring that users are aware that they are interacting with an AI system (e.g. a chatbot),
  • Oversight - monitoring the system's operation after its implementation, including responding to reports of threats or irregularities,
  • Incident reporting - the obligation to promptly inform the competent authorities about incidents or breaches of regulations related to the operation of the system.
What obligations do providers of high-risk AI systems have?
Providers of AI systems classified as high-risk are obliged to meet a range of technical, organisational and legal requirements aimed at ensuring safety, regulatory compliance and the protection of fundamental rights. Key obligations include:
  • Carrying out a conformity assessment and a risk analysis prior to placing the system on the market,
  • Implementation of a quality management system covering the entire life cycle of the AI system,
  • Preparation and maintenance of complete technical documentation and registration of the system in the central EU database,
  • Ensuring human oversight of the system's operation and implementation of mechanisms enabling the understanding and explanation of decisions made,
  • Meeting requirements regarding cybersecurity and personal data protection, including obligations arising from RODO, such as the principles of data minimisation, purpose limitation and accountability.

Compliance with these obligations is a condition for allowing a high-risk AI system to be used in the EU.

What are the obligations of users of AI systems?

Entities using AI systems, that is organisations making use of artificial intelligence (e.g. employers in the recruitment process or financial institutions using AI to analyse credit risk), are obliged to:

  • verify the system’s compliance with the provisions of the AI Act, in particular with regard to any prohibition on its use,
  • comply with the system provider’s guidance, including, inter alia, rules on configuring, using and limiting the system,
  • ensure effective human oversight of the system’s operation, especially where its decisions may significantly affect the rights or obligations of natural persons,
  • carry out a Data Protection Impact Assessment (DPIA) if the system processes personal data,
  • inform the data subjects about decisions taken concerning them in an automated manner (e.g. as part of profiling), where this may have significant legal effects or similarly serious consequences.
How does the AI Act regulate generative AI models, such as ChatGPT?

The AI Act introduces specific requirements for general-purpose generative models (GPAI), such as ChatGPT. Their aim is to increase transparency, accountability and compliance with legal requirements. The main obligations of providers of these models include:

  • Transparency- the user must be clearly informed that they are dealing with content generated by artificial intelligence,
  • Legal compliance- the model must not reproduce content protected by copyright nor infringe the rights of third parties,
  • Conformity assessment and documentation- it is necessary to prepare technical documentation and to ensure the model's compliance with the requirements of the regulation;
  • Obligations relating to copyright- providers must document which data were used to train the model, including whether they included content protected by copyright.

In the case of models with significant systemic impact ("systemic GPAI"), additional obligations may be imposed, e.g. risk assessment and management mechanisms.

Does the AI Act affect copyright law?

Yes, the AI Act indirectly affects copyright law, especially in the case of generative artificial intelligence. It imposes obligations on providers of such models to:

  • disclosure of information about the datasets used to train the models, including whether they contain content protected by copyright,
  • increasing transparency, which is intended to make it easier for creators to identify potential infringements and to pursue their rights.

However, the AI Act does not introduce new provisions in the field of copyright law - the general regulations still apply, in particular the Act on Copyright and Related Rights of 1994. The regulation plays a complementary role, imposing on providers the obligation to disclose information about training data, which makes it easier for creators to enforce their rights.

What penalties apply for non-compliance with the AI Act?

The AI Act provides for substantial administrative fines, depending on the type of breach and the size of the entity. Sanctions may be imposed on both providers and users of AI systems, and their maximum amounts are:

  • up to EUR 35 million or 7% of annual turnover - for the most serious breaches, e.g. the use of prohibited AI systems (manipulation, social scoring);
  • up to EUR 15 million or 3% of turnover - for breaches concerning high-risk systems (e.g. lack of conformity assessment, oversight, safeguards);
  • up to EUR 7.5 million or 1% of turnover - for other infringements, e.g. lack of cooperation with supervisory authorities or incorrect information.

Fines will be determined proportionately, taking into account, among other things, the scale of the breach, its duration and remedial measures undertaken.

Our greatest value is the trust of our customers.

Maciej Kaczmarski

How can we help you?

Write or call, we will find a solution

Cezary Łutyński
Marcin Kuźniak
Form decoration

Use the form

The data controller will be ODO 24 sp. z o.o. with its registered office in Warsaw at ul. Kamionkowska 45. Your data will be processed for the purpose of preparing, sending and archiving the cooperation offer. More information can be found in the Privacy Policy

AI compliance management protection of personal data | ODO 24