AI ACT Compliance Suite - AICS

Our proposal, under the DEP-AI-08-Compliance Call aims to address the increased administrative burden by creating a modular, reusable compliance support system, designed to assist: primarily AI system deployers and secondarily providers,in aligning with the AI Act — starting with selected use cases in the healthcare or energy sector for validation and demonstration in the involved countries/ hubs.

Objectives

·        Design and implementation of an AI Act-aligned compliance suite applicable across multiple sectors and AI use cases.

·        Provision of step-by-step compliance support for high-risk systems, covering the regulatory provisions of the AI Act.

·        Validation of the system via real-life use cases in sectors where AI risk and regulatory complexity are high (e.g. healthcare, public services) in the involved countries/ hubs.

·        Enable trusted adoption of AI, through auditable, secure, and interoperable compliance-by-design mechanisms, in close collaboration with Regulators and Public Authorities.

 Technical approach

The system will be delivered as a modular cloud-based platform, featuring:

·        Risk classification assistant which will map AI use cases to AI Act Annex III risk categories.

·        Compliance workflow engine which will guide users through each regulatory requirement.

·        Governance dashboard, as a centralized monitoring of compliance indicators (risk levels, audit trails, documentation-reporting status, alerts).

·        Data aggregation & governance layer, designed to process and correlate data from multiple levels — from high-level organisational policies (aggregated data) to fine-grained technical inputs such as training datasets, algorithmic decisions, and user interactions (granular data). These will be sourced and validated in collaboration with AI system deployers, providers, and institutional partners participating in the pilots.

·        API interoperability layer to connect with AI systems and public sector databases for real-time validation. Additional APIs will connect with other data for general reporting of regulatory compliance that creates high administrative burden in the sector applied.

·        Privacy & Security stack, including encryption, pseudonymisation, audit logs, and privacy-by-design techniques (e.g. differential privacy).

·        Reporting & registry module, supporting interaction with national and EU-level AI compliance registries and future integration with the European Digital Identity framework and Common European Data Spaces.

 Use Cases & pilot deployment

The system will be designed to be sector-agnostic, capable of supporting any organization obligated to comply with the AI Act.

To validate functionality and demonstrate added value, the project will pilot the solution in selected high-burden sectors, including:

• Healthcare/ energy: AI used for diagnostics, clinical decision support, patient risk scoring, administrative automation (e.g. hospital triage, appointment scheduling),

• Additionally / optionally : Public Administration or financial services: AI in case management, credit scoring, automated eligibility decisions for public benefits or services,

where a template Questionnaire will be used to trace the sources of administrative burden. Each pilot will involve the collection and processing of compliance-related data, including:

·        Aggregated data:
▪ Organisational policies and governance frameworks
▪ Compliance protocols and roles/responsibilities
▪ Historical conformity assessment reports
▪ Risk management policies
▪ Institutional KPIs and internal control systems

·        Granular/technical data:
▪ AI system training data summaries and documentation
▪ Input/output logs of AI decision processes
▪ Records of human oversight, user interventions, and feedback loops
▪ Technical performance metrics (accuracy, robustness, etc.)
▪ Logs of automated decisions and audit trails

These pilots will be carried out in real operational settings, with the involvement of public institutions, regulatory bodies, and AI technology users.

Consortium set-up (tbd)

Confirmed partners:

·        CY - Infocredit Group:

·        GR – ITMC S.A.

Open positions:

·        (at least) One regulatory agency relevant to AI Act enforcement or digital compliance.

·        (at least) One public healthcare institution or AI deployer in healthcare or energy

·        One dissemination/communication partner (e.g. associations, digital innovation hub).