Insights

Practical notes on the EU AI Act, risk classification, and compliance operations for teams in the Netherlands and DACH.

Cornerstone articles are published in English only; machine translation of legal analysis is deferred.

• 2026-04-15 · 10 min read

  What Your Big Four Audit Will Miss About the AI Act

  Big Four firms are good at many things. AI Act specifics, today, is not yet one of them — and the gap shows up in surprisingly consistent ways. Here's what we see when auditing their AI Act work for our clients.

  Read article →

• 2026-04-08 · 12 min read

  Deployer Obligations Under Article 26: Complete Checklist

  Most SMEs are deployers, not providers — and the Article 26 obligations are narrower but sharper than the provider list. Here's the complete checklist, with what evidence an auditor will ask for.

  Read article →

• 2026-03-30 · 10 min read

  AI Act vs GDPR: What Compliance Officers Need to Know

  If you already run a GDPR program, the AI Act is not a rewrite — but it's not a free pass either. A side-by-side for DPOs who need to know exactly where their existing program ends.

  Read article →

• 2026-03-18 · 13 min read

  Annex III Decoded: Is Your AI System High-Risk?

  Annex III is the list that determines whether your AI tool needs a €30K documentation exercise or a checkbox. We go through every category, and the Article 6(3) escape hatch most companies don't know about.

  Read article →

• 2026-03-03 · 11 min read

  EU AI Act for Dutch SMEs: 2026 Survival Guide

  The AI Act's 2 August 2026 deadline lands squarely on companies that have never had to think about AI regulation before. Here's what Dutch SMEs actually need to do — not the Big Four version.

  Read article →