Service · All services

AI compliance and governance for companies

Organisations using AI without a governance framework have a risk problem, not a technology problem. Verifiable AI policies, privacy impact assessments, tech risk management frameworks — adapted to GDPR, EU AI Act and sector standards.

Assess my situation →

The problem

Using AI without policy
is a regulatory liability

The EU AI Act is in force. The LFPDPPP applies to any organisation processing personal data in Mexico. Financial and healthcare regulators are starting to require explainability of algorithmic systems. Organisations using AI without documenting usage, assessing risks and assigning clear responsibilities face sanctions, reputational damage and, in the case of law firms, professional liability. AI governance is not bureaucracy: it is risk management.

Process

From risk assessment
to operational framework

Three deliverables that make governance operational, not just on paper.

  1. 01

    AI system inventory and classification

    Identification of all AI systems the organisation uses (including those nobody formally declared). Classification by risk level per EU AI Act and applicable sector frameworks. Deliverable: AI system registry with risk level and legal basis.

  2. 02

    AI use policy

    Drafting the organisation's AI use policy: which systems are permitted, for which uses, with which controls, who is responsible. Adapted to the sector, organisation size and specific regulatory obligations. Deliverable: AI use policy + approval procedures.

  3. 03

    Continuous evaluation framework

    Periodic audit procedures, performance and risk indicators, new system approval process. Responsible team training. AI governance is a continuous process, not a document to file away. Deliverable: AI governance manual + audit programme.

Frequently asked questions

Does the EU AI Act apply to Mexican companies?
The EU AI Act has extraterritorial effect: it applies to any organisation offering products or services in the EU or whose AI systems produce effects in EU territory. Mexican companies with European clients or wanting to export services to Europe must analyse their exposure.
How long does it take to implement an AI governance framework?
A basic framework (inventory + policy + procedures) can be operational in 6-10 weeks for a mid-size organisation. A full framework with team training and initial audit typically takes 3-4 months.
Is AI governance the same as a privacy policy?
No. The privacy policy covers personal data processing. AI governance is broader: it covers algorithmic system usage, biases, explainability, responsibility for decisions and compliance with specific AI regulations. They overlap at privacy impact assessments, but are distinct frameworks.

Contact

Have a project in mind?

Consulting, conference, academic collaboration or just a question.

ratio@legis.digital
Ciudad de México, México