Can you guarantee EU AI Act compliance?

No — and nobody serious can. We offer measurable risk reduction: you know what you have, where you are exposed, what to fix first and what documentation to keep.

How fast does an AI Act check start?

The Shielding Check starts within the week and is delivered in 5-7 business days. It is preceded by a free 45-minute mapping session.

EU AI ACT COMPLIANCE & AI SECURITY FOR SMALL & MID-SIZED BUSINESSES

You put AI in your business. Who is liable when it gets it wrong?

Q: I just have a chatbot from an off-the-shelf platform. Does the AI Act apply to me?

Most likely yes. As a deployer you have your own obligations — the AI must disclose that it is AI, and there must be human oversight. Your liability to your customer for what the bot says remains yours.

We check what you signed with your AI vendor, what the EU AI Act requires of you, and how you stay protected — before you learn it the hard way.

Book a 45′ mapping session How we work → Free EU AI Act guide

AI UPDATE · all news →

2 August 2026: the EU AI Act applies in full — transparency and oversight obligations reach SMBs too. See what applies to you →

Article: Your chatbot promised something that wasn't true — who's liable? The Air Canada case in plain language. Read →

Article: Is your team using ChatGPT? What Article 4 requires for staff training. Read →

Workshop: AI Literacy for teams — the training the regulation requires, in 3 hours. Details →

TIMELINE

When the EU AI Act binds you

The regulation applies in phases. The critical date for chatbots & voice agents — the transparency obligations of Article 50 — is 2 August 2026.

EU AI ACT · APPLICATION

— UNTIL 2 AUG '26

Aug '24

Entry into force

Feb '25

Bans · AI literacy

Aug '25

GPAI · penalties

★ 2 AUG '26

Transparency · Article 50

Dec '27

High-risk uses ↦

Aug '28

High-risk products ↦

TODAY

Regulation (EU) 2024/1689 · source: European Commission ★ transparency: NOT postponed · ↦ postponed (AI Omnibus)

REAL INCIDENTS

"The chatbot promised the customer a discount that didn't exist. The tribunal ruled: the company is liable."

Moffatt v. Air Canada, 2024 — the case that set the rule.

Air Canada argued the chatbot was a "separate legal entity responsible for its own actions." The argument was rejected. A business is liable for whatever its AI says — even when it makes things up.

If your AI gives prices, promises or instructions to customers, this affects you today — before we even get to the AI Act.

"A customer talked a dealership chatbot into 'selling' him a brand-new car for $1 — and declaring the deal legally binding."

Chevrolet dealership, USA, 2023.

The bot was set up with no limits on what it could promise. A few clever prompts later, the conversation was viral and the dealership was in the headlines.

AI in a sales role with no boundaries = promises you don't control. Scope and a non-binding disclaimer aren't a luxury — they're the first line of defence.

"A customer got a courier company's chatbot to swear during the conversation — and write a poem about how 'useless' the company itself is."

DPD, United Kingdom, 2024.

After an update, the guardrails slipped. A frustrated customer needed only a few minutes to get the bot to mock its own employer — in public.

The damage isn't always legal; often it's reputational. Behavioural testing before production and oversight after — not "we shipped it, we're done."

"Employees pasted confidential code into ChatGPT 'to get some help.' The company found out — and banned all AI tools."

Samsung, 2023.

Three leak incidents in a few weeks: source code and internal meeting notes ended up in an external system, beyond the company's control.

Your staff already use AI — with or without permission. A usage policy and training (also required by Article 4) cost very little next to a leak.

"An executive approved a $25M transfer after a video call with the 'CFO.' Everyone on the call was a deepfake."

Arup, Hong Kong, 2024.

The fraud didn't exploit a gap in the systems — it exploited trust in what we see and hear.

AI isn't only your own risk; it's also a weapon in others' hands. Payment approval and identity-verification processes need hardening against synthetic content.

SERVICES

From mapping to continuous monitoring.

EU AI Act readiness check, gap analysis, staff training and ongoing monitoring — every engagement with a defined scope, documented deliverables and a fixed fee.

Shielding Check

For those who "added a chatbot" and want to know where they stand.

€590

one-off · delivered in 1 week

AI Act applicability map for 1 AI system
Your role: provider or deployer — and what it means
Risk classification & transparency obligations
The 5 most important gaps, prioritised
60′ results session

Start here

The full picture

Full Mapping

For businesses with customer-facing AI or critical workflows.

from €2,900

depending on systems in scope · 3–4 weeks

Everything in the Shielding Check
Full gap analysis (OWASP LLM Top 10 + AI Act)
AI vendor contract review — liability clauses*
Remediation plan with cost estimates
Executive summary for management

Request availability

Continuous Monitoring

For those who want to stay protected as their AI evolves.

€290

/ month · cancel anytime

Quarterly compliance re-check
Alerts on regulatory changes that affect you
Review of every new AI tool before it goes live
Priority on questions

Let's talk

AI Literacy Workshop

The staff training required by Article 4 of the AI Act.

€450

/ team of up to 12 · 3 hours

What is and isn't allowed when using AI tools
Practical scenarios from your own sector
Training certificate for your compliance file

Book a date

* Contract findings are delivered as a technical risk analysis and validated by a lawyer before any legal use. θita ai provides consulting — not legal — services. Fees exclude VAT.

METHOD

Four steps. One clean orbit.

Our mark says it all: the circle is your system, the line is the contract, and the two dots — the AI and the human — move together, in balance and under your control.

Mapping

Which AI systems you have, your role under the AI Act, your level of risk.

Review

Contracts, data, processes and AI behaviour — checked against OWASP and the AI Act.

Shielding

Clauses, transparency labelling, oversight procedures — the moves that close the gaps.

Monitoring

AI changes, the regulation changes. We keep your system in orbit, so you move forward without surprises.

TOOLS

Free online tools.

Interactive, in your browser, no sign-up and no data stored. A first picture before any engagement.

Does the EU AI Act apply to you?

A six-question test: your role, your risk level and your obligations — in two minutes.

Take the test →

All tools

AI Usage Policy generator, AI vendor contract check, Article 50 transparency checklist — and whatever comes next.

See the tools →

WHO WE ARE

We speak both languages: technical and business.

θita ai was founded by Maria Bartzoka — with years in AI R&D and product development, an AI trainer, and working on the security and compliance of AI systems for real small and mid-sized businesses.

We don't sell fear and we don't promise "100% compliance" — anyone who does hasn't read the regulation. We sell something more useful: knowing exactly where you stand, and what's worth fixing first.

FAQ

Before you ask.

I just have a chatbot from an off-the-shelf platform. Does the AI Act apply to me?

Most likely yes. The tool being "off-the-shelf" doesn't exempt you: as a deployer you have your own obligations — e.g. the AI must disclose that it is AI, and there must be human oversight. On top of that, your liability to your customer for what the bot says remains yours, regardless of what the platform contract says. The Shielding Check answers exactly this.

Do I need you or a lawyer?

Both, for different things. We map the system technically, the gaps and the risks, and prepare the ground so your lawyer can work fast and targeted — instead of billing hours to understand what RAG is. We don't provide legal advice and every contract finding goes through legal review.

Can you guarantee that I'll be compliant?

No — and nobody serious can. AI systems have inherent uncertainty and the regulation keeps evolving. What we do is measurable risk reduction: you know what you have, where you're exposed, what to fix first and what documentation to keep. In practice, that's what auditors ask for too.

How fast do we start?

The Shielding Check starts within the week and is delivered in 5–7 business days. It's preceded by a free 45-minute session, in which we map your system and define the exact scope of the check.

Free guide

EU AI Act: what changes for your business

The practical guide for small and mid-sized businesses — where your AI falls on the risk pyramid, which deadlines affect you, and the 3 obligations that probably already bind you. Reads in 15 minutes.

The risk pyramid — and where you sit
The timeline, with the 2026 update
AI Act & GDPR: what applies in parallel
A 7-question self-check to see where you stand

CONTACT

Mapping session: 45 minutes, free.

Tell us about the AI systems you use or plan to use. We'll sketch a first picture of your obligations and exposure — and tell you straight whether you need a deeper check.

hello@thetaai.gr LinkedIn