IA-07 · Governance · Summum cluster

EU AI Act technical + ISO 42001

The technical side of AI Act and ISO 42001 compliance: model traceability, bias assessment, technical documentation. Summum cluster.

ClusterCons. + IA + Cal.
Timeline3–6 months
OutputAnnex IV + ISO 42001-ready

The AI Act and ISO 42001 have a regulatory side (Consultoría) and a technical side that can only be delivered from the lab: technical documentation for each model, traceability of training data, bias assessment, quality metrics and post-deployment monitoring.

We cover that part. We inventory models in production and in development, generate the technical documentation required by Annex IV of the AI Act, assess bias in every high-risk model, and set up the continuous monitoring system that the regulation requires.

Working as a cluster with Summum Consultoría (legal and procedural side) and Summum Calidad (ISO 42001 management system), we deliver full compliance to the client in a single project. Reference cost: €9,000–18,000 per package, depending on size and number of AI systems.

Technical inventory of AI systems

Own models, third-party models, integrations, agents.

Annex IV §1

Technical documentation

Architecture, training dataset, metrics.

Annex IV §2

Bias assessment

Fairness metrics by subgroup.

Art.15

Post-deployment monitoring

Drift, model quality, alerting and response.

Art.61

Auditable decision logs

End-to-end traceability.

Art.12

The EU AI Act technical + ISO 42001 process.

The process · four stages
01

Technical inventory

Models in production and development, own and third-party.

02

Documentation

AI Act Annex IV: architecture, data, assessment.

03

Bias assessment

For high-risk systems.

04

Monitoring

A system that watches for drift and quality issues. The regulation requires it.

What is included

What EU AI Act technical + ISO 42001 includes.

The operational detail: what we deliver as part of the engagement and what we keep active afterwards.

  • Complete technical inventory

    Each model with architecture, data, metrics, owner.

  • Annex IV documentation

    What the regulator may ask for tomorrow.

  • Bias assessment

    Fairness metrics tailored to the sector.

  • Continuous monitoring

    Drift, quality, bias.

  • Data traceability

    Origin, transformation, use. Auditable end-to-end.

  • Auditable decision logs

    For systems that make decisions about individuals.

Regulatory framework

The regulatory framework.

AI Act + ISO 42001 + GDPR where personal data is involved. Three regulations that stitch together.

EU AI Act Applicable to this service
ISO 42001 Applicable to this service
EU RGPD Applicable to this service
AESIA guidelines Applicable to this service
Summum cluster

How it intersects with related services.

The technical side of compliance. Regulatory matters handled by Consultoría; management system by Calidad.

Frequently asked questions about EU AI Act technical + ISO 42001.

Comply from now?

General purpose already in force. High risk fully applicable on 2 Aug 2026.

What if I use Copilot or ChatGPT?

Third-party tools, but your responsibility. You must document use and policy.

Open source?

Same applies. What matters is the use case.