      
      EU AI Regulatory Framework · Free Assessment
    

Is your organisation
EU AI-ready?

35 questions across 7 domains. Scored against EU AI Act 2024, GDPR Art. 22, ePrivacy Directive 2002/58/EC, ISO/IEC 42001:2023, and NIS2 — with sector benchmarks in EUR.

35

Questions

7

Domains

8

Frameworks

5 min

To complete

SBA 8(a)

Sole Source Eligible

EDWOSB

Women-Owned SB

Azure

Solutions Architect

CyberAB

Registered Practitioner

ISO 27001

Aligned

CAGE 7DBB9

Active Contractor

Trusted by teams at: Microsoft · IBM · EY · PwC · McKesson · GE Power · bp · Eli Lilly · NTT Data · Hitachi

EU Regulatory Landscape

Every question maps to a statute

No proprietary frameworks. Every gap finding cites the exact European regulation your organisation must address.

Incident Response

EU AI Act 2024

6-hour breach reporting, 180-day log retention, NTP sync, empaneled auditor requirement. Applies to all organisations, intermediaries, and government bodies.

EU AI Act Art. 5, 6, 13, 50 • Annex III • Recital 58

Data Protection

GDPR Art. 22 + Art. 5

Consent management, Data Principal rights (erasure, correction), breach notification to Data Protection Board. Penalties up to ₹250 crore. Rules notified Nov 2025.

GDPR Art. 5, 13, 22, 25, 35 • Recital 71 • ICO/CNIL guidance

AI Governance

ePrivacy Directive 2002/58/EC

Seven sutras: Trust, People First, Fairness & Equity, Accountability, Understandable by Design, Safety & Resilience, Innovation over Restraint. Non-binding but sector-referenced.

ePrivacy Dir. Art. 5(1), 13 • GDPR Art. 9 • Member state implementations

Financial Sector AI

ISO/IEC 42001:2023

26 recommendations across 6 pillars: Infrastructure, Policy, Capacity, Governance, Protection, Assurance. Mandatory for banks, NBFCs, and RBI-regulated entities.

ISO/IEC 42001 §4.2 §5.2 §6.1.2 §8.2 §8.3 §8.4 §9.1 §10.2

Critical Infrastructure

NIS2 Directive 2022/2555

March 2025 update added model provenance, third-party AI supply chain risk, and deployer responsibility. Deploying organisations bear full liability for third-party AI component compliance.

NIST AI 100-1 • AI RMF 2.0 Mar 2025 • GOVERN 1.5 • MEASURE 2.2

Synthetic Content

NIST AI RMF 2.0 (Mar 2025)

Synthetically Generated Information obligations: detection, labeling, traceability for AI-generated text, images, audio, and video. Applies to platforms and deployers.

NIS2 Art. 20, 21, 23 • ENISA guidance • National transpositions Oct 2024

Sector-Specific Regulators Also Covered

EU AI Act Annex III (High-Risk) GDPR Art. 35 DPIA EBA AI Guidelines EIOPA AI Principles ESMA AI Use Policy ISO/IEC 42001:2023 ISO/IEC 27001:2022 EU Data Act 2023

Free · 35 Questions · 5 Minutes

EU AI Readiness Assessment

Answer 35 yes/partial/no questions. Get a scored report with gaps mapped to specific Indian statutes and a recommended engagement path — in Indian Rupees.

AI Disclosure

5 questions

Automated Decisions

5 questions

Recording & Consent

5 questions

Risk Classification

5 questions

AI Governance

5 questions

Supply Chain

5 questions

Incident & NIS2

5 questions — NIS2 incident reporting, AI-related breach notification, CSIRT obligations, continual improvement

Free · No login · Results in 5 minutes

India Engagement Pricing

Priced in Euros

Three paths from assessment to EU AI-ready. Scoped to your organisation, priced for the European market.

EU Quick Scan

€3,500

/10 hrs

Live voice AI diagnostic scored against all six EU frameworks, scored gap report, executive briefing with priority remediation order.

Includes

✓ EU AI Act Art. 50 disclosure audit

✓ GDPR Art. 22 automated decision review

✓ ePrivacy consent gap assessment

✓ Executive briefing deck

✓ 90-day remediation roadmap

MOST POPULAR

EU Readiness Sprint

€12,000

/30 hrs

Stakeholder interviews, EU AI Act risk classification, ISO 42001 control mapping, GDPR Art. 22 review, NIS2 obligations assessment, board-ready governance deck.

Includes

✓ Everything in Quick Scan

✓ ISO/IEC 42001:2023 control mapping

✓ High-risk classification assessment (Annex III)

✓ Technical documentation framework (EU AI Act Art. 11)

✓ NIS2 incident reporting obligations review

✓ Board-ready governance deck

EU AI Launchpad

€6,500

/mo

Ongoing EU AI compliance operations: monthly EU AI Act monitoring, DPO advisory, GDPR Art. 22 reviews, staff training, and ISO 42001 continual improvement cycle.

Includes

✓ Everything in Readiness Sprint

✓ Copilot Studio agent deployment

✓ Monthly EU AI Act enforcement monitoring

✓ DPO advisory (GDPR Art. 22)

✓ Staff training on EU AI regulations

✓ Dedicated engagement manager

Work With Us

Ready to get EU AI-ready?

Tell us about your organisation. We respond within one business day.

Name *

Email *

Organization *

Sector

How can we help?

{ const btn = document.createElement('button'); btn.id = 'pain-' + i; btn.textContent = p; btn.style.cssText = 'padding:5px 12px;border-radius:6px;cursor:pointer;font-size:11px;font-weight:500;font-family:\'Poppins\',sans-serif;border:1.5px solid #E7E5E4;background:#fff;color:#44403C;transition:all .15s;'; btn.onclick = () => togglePain(i, p, btn); c.appendChild(btn); }); })(); function togglePain(i, p, btn) { const idx = state.selectedPains.indexOf(p); if (idx >= 0) { state.selectedPains.splice(idx, 1); btn.style.background = '#fff'; btn.style.borderColor = '#E7E5E4'; btn.style.color = '#44403C'; } else if (state.selectedPains.length < 3) { state.selectedPains.push(p); btn.style.background = '#F0FDFE'; btn.style.borderColor = '#0E7490'; btn.style.color = '#0E7490'; } } // ── PHASE TRANSITIONS ───────────────────────────────────────────────────── function show(id) { ['assess-landing','assess-intake','assess-questions','assess-results'].forEach(x => { document.getElementById(x).style.display = x === id ? '' : 'none'; }); } function startAssessment() { show('assess-intake'); document.getElementById('assess').scrollIntoView({behavior: 'smooth'}); } function showLanding() { show('assess-landing'); } function startQuestions() { const name = document.getElementById('i-name').value.trim(); const email = document.getElementById('i-email').value.trim(); const company = document.getElementById('i-company').value.trim(); const industry = document.getElementById('i-industry').value; const err = document.getElementById('intake-err'); if (!name || !email || !company || !industry) { err.style.display = 'block'; err.textContent = 'Please fill in Name, Email, Organization, and Sector to continue.'; return; } if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) { err.style.display = 'block'; err.textContent = 'Please enter a valid email address.'; return; } err.style.display = 'none'; state.intake = { name, email, title: document.getElementById('i-title').value.trim(), company, industry, employees: document.getElementById('i-employees').value, revenue: document.getElementById('i-revenue').value, pains: [...state.selectedPains], }; state.step = 0; state.answers = {}; state.startTime = Date.now(); show('assess-questions'); renderDomainPills(); renderQuestion(); document.getElementById('assess').scrollIntoView({behavior: 'smooth'}); } // ── QUESTION ENGINE ─────────────────────────────────────────────────────── function renderDomainPills() { const c = document.getElementById('domain-pills'); c.innerHTML = ''; AQ.forEach((domain, di) => { const done = di * 5 <= state.step; const current = Math.floor(state.step / 5) === di; const pill = document.createElement('span'); pill.style.cssText = `padding:3px 10px;border-radius:100px;font-size:10px;font-family:'DM Mono',monospace;font-weight:600;transition:all .2s; background:${current ? '#0E7490' : done ? '#F0FDFE' : '#F5F5F4'}; color:${current ? '#fff' : done ? '#0E7490' : '#A8A29E'}; border:1px solid ${current ? '#0E7490' : done ? '#A5F3FC' : '#E7E5E4'};`; pill.textContent = domain.d.split(' ')[0]; c.appendChild(pill); }); } function renderQuestion() { const totalQ = 35; const di = Math.floor(state.step / 5); const qi = state.step % 5; const domain = AQ[di]; const q = domain.q[qi]; document.getElementById('q-domain-label').textContent = 'Domain ' + (di+1) + '/7 — ' + domain.d; document.getElementById('q-cite').textContent = domain.cite; document.getElementById('q-counter').textContent = (state.step + 1) + ' / ' + totalQ; document.getElementById('q-text').textContent = q; document.getElementById('q-progress').style.width = ((state.step / totalQ) * 100) + '%'; // Restore previous answer highlight if navigating back ['btn-yes','btn-partial','btn-no'].forEach(id => resetBtnStyle(id)); const prev = state.answers[state.step]; if (prev) { const map = {yes: 'btn-yes', partial: 'btn-partial', no: 'btn-no'}; highlightBtn(map[prev], prev); } document.getElementById('q-back-btn').style.display = state.step > 0 ? '' : 'none'; renderDomainPills(); } function resetBtnStyle(id) { const el = document.getElementById(id); if (!el) return; const prev = state.answers[state.step]; const map = {yes: 'btn-yes', partial: 'btn-partial', no: 'btn-no'}; if (prev && map[prev] === id) { highlightBtn(id, prev); return; } el.style.cssText = 'flex:1;min-width:100px;padding:14px 20px;border-radius:12px;cursor:pointer;font-size:14px;font-weight:700;font-family:\'Poppins\',sans-serif;border:1.5px solid #E7E5E4;background:#fff;color:#1C1917;transition:all .2s;'; } function highlightBtn(id, val) { const colors = {yes: '#0E7490', partial: '#EA580C', no: '#DC2626'}; const bgs = {yes: '#F0FDFE', partial: '#FFF7ED', no: '#FEF2F2'}; const el = document.getElementById(id); if (!el) return; el.style.cssText = `flex:1;min-width:100px;padding:14px 20px;border-radius:12px;cursor:pointer;font-size:14px;font-weight:700;font-family:'Poppins',sans-serif;border:2px solid ${colors[val]};background:${bgs[val]};color:${colors[val]};transition:all .2s;`; } function answer(val) { state.answers[state.step] = val; highlightBtn({yes:'btn-yes',partial:'btn-partial',no:'btn-no'}[val], val); setTimeout(() => { if (state.step < 34) { state.step++; renderQuestion(); } else { showResults(); } }, 320); } function prevQ() { if (state.step > 0) { state.step--; renderQuestion(); } } // ── SCORING ─────────────────────────────────────────────────────────────── function calcScores() { const domainScores = AQ.map((_, di) => { let pts = 0; for (let qi = 0; qi < 5; qi++) { const v = state.answers[di * 5 + qi]; if (v === 'yes') pts += 1; else if (v === 'partial') pts += 0.5; } return Math.round((pts / 5) * 100); }); const answered = Object.values(state.answers); let total = 0; answered.forEach(v => { if (v === 'yes') total++; else if (v === 'partial') total += 0.5; }); const overall = Math.round((total / 35) * 100); return { overall, domainScores }; } function getLevel(s) { if (s >= 80) return {l: 'AI-Leading', c: '#0E7490', bg: '#F0FDFE', border: '#A5F3FC'}; if (s >= 65) return {l: 'AI-Ready', c: '#2563EB', bg: '#EFF6FF', border: '#BFDBFE'}; if (s >= 40) return {l: 'AI-Building', c: '#EA580C', bg: '#FFF7ED', border: '#FED7AA'}; return {l: 'AI-Unready', c: '#DC2626', bg: '#FEF2F2', border: '#FECACA'}; } // ── RESULTS RENDER ──────────────────────────────────────────────────────── function showResults() { const { overall, domainScores } = calcScores(); const lvl = getLevel(overall); const sector = SECTORS[state.intake.industry] || SECTORS.other; const sorted = domainScores.map((s,i) => ({name: AQ[i].d, score: s, cite: AQ[i].cite})).sort((a,b) => a.score - b.score); const gaps = sorted.slice(0, 3); // EUR pricing based on score let pkg; if (overall >= 65) { pkg = {name: 'EU Readiness Sprint', price: '€12,000', hrs: '30 hrs', what: 'Stakeholder interviews, M365/Azure diagnostic, CERT-In and DPDP compliance mapping, sector regulator assessment, board-ready governance deck.'}; } else if (overall >= 40) { pkg = {name: 'EU Quick Scan', price: '€3,500', hrs: '10 hrs', what: 'Live voice AI diagnostic scored against all six EU frameworks, gap report, executive briefing with remediation order.'}; } else { pkg = {name: 'EU Quick Scan', price: '€3,500', hrs: '10 hrs', what: 'EU AI Act and GDPR gap assessment, live diagnostic on your systems, scored gap report with priority remediation roadmap.'}; } // Gap citations const gapCites = { 'AI Disclosure': 'EU AI Act Art. 50 — enforced since Feb 2025', 'Automated Decisions': 'GDPR Art. 22 — up to €20M or 4% global turnover', 'Recording & Consent': 'ePrivacy Dir. Art. 5(1) — illegal recording in most EU states', 'Risk Classification': 'EU AI Act Annex III — Aug 2026 deadline for high-risk systems', 'AI Governance': 'ISO 42001 §6.1.2 — EU enterprise procurement requirement', 'Supply Chain': 'EU AI Act Art. 25 — deployer bears full third-party liability', 'Incident & NIS2': 'NIS2 Art. 23 — 24-hour CSIRT notification mandatory', }; const honest = overall >= 80 ? `${state.intake.company} scored ${overall}% — AI-Leading. Ahead of most ${sector.l} organisations (sector avg: ${sector.avg}%). Foundations are strong. Focus on scaling, deepfake compliance, and DPDP Rules 2025 SDF obligations.` : overall >= 65 ? `${state.intake.company} scored ${overall}% — AI-Ready, above the ${sector.l} average of ${sector.avg}%. Gaps in ${gaps[0].name} (${gaps[0].score}%) and ${gaps[1].name} (${gaps[1].score}%) are the last barriers to EU regulatory compliance.` : overall >= 40 ? `${state.intake.company} scored ${overall}% — AI-Building. ${overall > sector.avg ? 'Above' : 'Below'} the ${sector.l} average of ${sector.avg}%. Critical EU regulatory gaps: ${gaps[0].name} (${gaps[0].score}%) and ${gaps[1].name} (${gaps[1].score}%) must be addressed before CERT-In or DPDP Act enforcement exposure.` : `${state.intake.company} scored ${overall}% — AI-Unready. The ${sector.l} average is ${sector.avg}%. ${gaps[0].name} (${gaps[0].score}%) and ${gaps[1].name} (${gaps[1].score}%) need foundational work. CERT-In and DPDP Act obligations are active compliance risks right now.`; const html = `

India AI Readiness Score

${overall}%

${lvl.l}

${honest}

      ${sector.l} avg: ${sector.avg}%  •  Your score: ${overall}%  •  ${overall >= sector.avg ? '+' : ''}${overall - sector.avg}pts vs sector
    

Domain Breakdown

${AQ.map((d,i) => { const s = domainScores[i]; const col = s>=65?'#0E7490':s>=40?'#EA580C':'#DC2626'; return `

${d.d} ${s}%

${d.cite}

`; }).join('')}

Priority Gaps — EU Regulatory Exposure

${gaps.map((g, i) => `

${i+1}

${g.name} ${g.score}%

${gapCites[g.name] || g.cite}

`).join('')}

Recommended Next Step

${pkg.name}

${pkg.price} / ${pkg.hrs}

${pkg.what}

`; document.getElementById('assess-results').innerHTML = html; show('assess-results'); document.getElementById('assess').scrollIntoView({behavior: 'smooth'}); // Submit to API saveResults(overall, domainScores); } function resetAssessment() { state = { step: 0, answers: {}, intake: {}, startTime: null, selectedPains: [] }; show('assess-landing'); document.getElementById('assess').scrollIntoView({behavior: 'smooth'}); } async function saveResults(overall, domainScores) { try { const domains = AQ.map((d,i) => ({name: d.d, score: domainScores[i]})); const elapsed = state.startTime ? Math.round((Date.now() - state.startTime) / 1000) : 999; await fetch('https://www.thebhtlabs.com/api/assessment', { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({ ...state.intake, industryLabel: (SECTORS[state.intake.industry] || SECTORS.other).l, overallScore: overall, stage: getLevel(overall).l, domains, rawAnswers: state.answers, locale: 'eu', timeSpent: elapsed, suspicious: elapsed < 60, pains: state.intake.pains, }) }); } catch(e) { /* silent */ } } // ── CONTACT FORM ────────────────────────────────────────────────────────── async function submitContact() { const name = document.getElementById('c-name').value.trim(); const email = document.getElementById('c-email').value.trim(); const company = document.getElementById('c-company').value.trim(); const message = document.getElementById('c-message').value.trim(); const hp = document.getElementById('c-hp').value; const err = document.getElementById('contact-err'); const btn = document.getElementById('c-submit-btn'); if (hp) return; // honeypot if (!name || !email || !company) { err.style.display = 'block'; err.textContent = 'Please fill in Name, Email, and Organization.'; return; } if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) { err.style.display = 'block'; err.textContent = 'Please enter a valid email address.'; return; } err.style.display = 'none'; btn.textContent = 'Sending...'; btn.disabled = true; try { await fetch('https://www.thebhtlabs.com/api/contact', { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({ name, email, company, sector: document.getElementById('c-sector').value, message: message || 'EU AI inquiry', source: 'eu.thebhtlabs.com', }) }); } catch(e) { /* silent */ } document.getElementById('c-reply-email').textContent = email; document.getElementById('contact-success').style.display = 'block'; document.getElementById('contact-form').style.opacity = '.4'; document.getElementById('contact-form').style.pointerEvents = 'none'; btn.style.display = 'none'; }

Every question maps to a statute

EU AI Readiness Assessment

Before we start

Priced in Euros

Ready to get EU AI-ready?