icon icon

AI Act in Practice – Compliance, Risks, and Obligations

icon

Training process

Training needs analysis

If you have specific requirements regarding the training programme, we will carry out a training needs analysis for you. This will guide us on which aspects of the programme should receive greater emphasis, so that the training programme meets your specific needs.

What will you gain?

icon

AI risk assessment - You will learn how to distinguish AI Act risk categories and quickly assess whether a system in your organization falls under bans, high-risk duties, or only transparency requirements.

icon

Clear compliance duties - You will structure the duties of providers, users, importers, and deployers of AI systems, making it easier to assign ownership and build a practical compliance action plan.

icon

AI Act with GDPR - You will understand how to align AI Act requirements with GDPR so you can use personal data more safely, reduce breach risks, and approach DPIAs for AI systems correctly.

icon

Stronger cyber resilience - You will learn how to identify AI system vulnerabilities, protect inputs and outputs, and improve resilience against manipulation, adversarial attacks, and information leakage.

icon

Better internal policies - You will be able to draft internal AI usage rules covering acceptable use, data handling, human oversight, and incident response instead of relying on inconsistent practices.

icon

Audits and monitoring - You will gain a practical approach to audits, ongoing monitoring, and technical documentation so you can demonstrate AI compliance and spot areas that need correction sooner.

icon

Less bias in decisions - You will learn how to detect sources of bias, assess discrimination risk, and implement fairness and explainability procedures so you can better justify AI-driven outcomes.

icon

Sector use cases - You will see how to apply the AI Act in HR, finance, banking, and healthcare, making it easier to translate legal rules into real processes, tools, and implementation decisions.

Training programme

1. AI Act – current regulatory context and significance for organizations

  • what the AI Act is and why it matters for companies, institutions and IT departments,
  • scope of the regulation – who the provisions apply to: providers, deployers, importers, distributors and users of AI systems,
  • current schedule for implementing the AI Act:
    • entry into force of the AI Act,
    • prohibited AI practices and obligations regarding AI literacy,
    • obligations concerning general-purpose models / GPAI,
    • more comprehensive application of the provisions from 2 August 2026,
    • transitional provisions for selected high-risk systems,
  • the AI Act and other regulations: GDPR, NIS2, DSA, Data Act, Cyber Resilience Act,
  • the significance of the AI Act for organizations using tools such as ChatGPT, Copilot, Gemini, Claude, Perplexity, AI graphic tools and automation systems.

2. Classification of AI systems by risk level

  • risk-based approach – the main logic of the AI Act,
  • AI systems with unacceptable risk – prohibited practices,
  • high-risk systems – examples of applications in HR, education, finance, public services, critical infrastructure and security,
  • limited-risk systems – information obligations and transparency,
  • minimal-risk systems – good practices despite the lack of extensive formal obligations,
  • how to conduct an initial classification of an AI system in an organization,
  • exercise: assessment of sample AI applications in terms of risk categories.

3. Obligations of organizations using AI

  • the role of the organization as a deployer, user or provider of an AI system,
  • obligations regarding human oversight of the AI system,
  • documentation, instructions for use and registers of AI systems,
  • monitoring the operation of AI systems after deployment,
  • rules for the use of general-purpose models / GPAI,
  • responsibility for decisions supported by AI,
  • the importance of AI literacy – the obligation to ensure an appropriate level of competence of persons using AI,
  • how to prepare the organization for an AI Act compliance audit.

4. AI Act, GDPR and data protection

  • processing of personal data in AI systems,
  • sensitive data, confidential data and organizational data – what must not be transferred to AI tools,
  • legal bases for data processing in the context of AI,
  • profiling, automated decision-making and the rights of natural persons,
  • data minimization and privacy by design,
  • AI and trade secrets, know-how and confidential information,
  • data protection impact assessment / DPIA in AI projects,
  • practical examples of breaches and errors related to transferring data to AI models.

5. AI Cybersecurity and New Attack Vectors

  • threats resulting from the use of generative AI tools,
  • Prompt injection – what it is and why it poses a risk to organizations,
  • Data leakage – data leaks through AI tools,
  • Shadow AI – uncontrolled use of AI tools by employees,
  • Phishing, spear phishing and AI-supported social engineering,
  • Deepfake, voice cloning and manipulation of multimedia content,
  • attacks on AI models: poisoning, evasion, model extraction, jailbreak,
  • risks related to the integration of AI with email, CRM, ERP, documents and knowledge bases,
  • security of AI agents and automation performing actions on behalf of the user,
  • best practices for reducing the risk of cyberattacks using AI.

6. Work hygiene with AI – safe use of generative tools

  • principles of responsible use of ChatGPT, Copilot, Claude, Gemini and other AI tools,
  • safe creation of prompts,
  • how to anonymize and pseudonymize data before using AI,
  • how to recognize situations in which public AI tools should not be used,
  • verification of AI responses – hallucinations, errors, false sources and the risk of automatic trust,
  • working with documents, code, financial data, customer data and employee data,
  • principles of using AI in external and internal communication,
  • practical checklist for safe work with AI.

7. AI risk management in the organization

  • identification and assessment of AI risks,
  • risk map: legal, technological, reputational, operational, ethical and cybersecurity,
  • Risk assessment for AI projects – how to conduct it,
  • risk control and minimization mechanisms,
  • Human oversight – when and how a human should supervise AI,
  • testing of AI systems before implementation,
  • monitoring the effectiveness, quality and security of AI operation,
  • Incident management – how to respond to AI-related incidents.

8. AI policies, procedures and governance

  • how to create a policy for the use of AI in an organization,
  • rules for approving AI tools for business use,
  • register of AI systems used,
  • division of responsibilities: IT, compliance, legal, HR, security, business,
  • standards for the procurement and implementation of AI solutions,
  • criteria for selecting AI suppliers,
  • contracts with AI suppliers – the most important provisions from the perspective of security and compliance,
  • procedures for approving new AI use cases,
  • compliance documentation and audit readiness.

9. Ethics, transparency and AI responsibility

  • responsible use of AI by employees,
  • bias and discrimination in AI systems,
  • explainability of decisions supported by AI,
  • transparency towards customers, employees and users,
  • labeling of content generated by AI,
  • ethical boundaries of automation,
  • responsibility of the organization for the effects of AI use,
  • building trust in AI within the organization.

10. Building an AI culture in the organization

  • how to develop AI awareness and competencies among employees,
  • AI literacy as an element of organizational culture,
  • the role of the IT department, compliance, and management staff,
  • employee education in the field of security, regulations, and practical use of AI,
  • how to reduce tool chaos and shadow AI,
  • creating internal standards, prompt libraries, and tool acceptance rules,
  • communication of the rules for using AI in the organization,
  • AI maturity model – from experiments to controlled implementation.

11. Practical workshop – risk and compliance assessment of selected AI applications

  • analysis of example AI use cases in the organization,
  • classification of the system according to the level of risk,
  • identification of data processed by the system,
  • assessment of legal, security, and reputational risks,
  • selection of control and organizational measures,
  • preparation of recommendations for the organization,
  • discussion of the results and good practices.

What are the prerequisites for participating in the training?

icon

Data protection basics - You should understand core personal data and GDPR concepts so you can follow examples on profiling, DPIAs, and breach risks connected with the use of AI systems.

icon

Business process awareness - You should understand how business processes, data flows, and ownership of digital tools work in your organization, as this will help you analyze AI Act obligations.

icon

Basic AI understanding - You should have a general understanding of AI systems, generative models, and automated decision-making so you can follow the discussed risks, duties, and use cases.

icon

Risk and compliance basics - You should be familiar with core concepts of risk, audit, and regulatory compliance so you can work more effectively with oversight, documentation, and AI monitoring topics.