Is the Readiness Sprint a conformity assessment?

No. The sprint is a time-boxed readiness and operational-baseline exercise around one in-scope system. A conformity assessment, where you need one, is a different process. The sprint is built to produce outputs you can use in product and in internal governance, not a certification packet.

Is this a consulting project or a path into software?

Nordic AI Integrity runs the sprint. Guardian is the product for an ongoing governance and evidence record above the monitoring you already use—not a stack replacement. Most teams use sprint outputs to fund and scope an initial Guardian rollout. The sprint is the practical commercial entry into that path.

Do we have to be sure the system is legally “high-risk” before we start?

No. You pick the system you are running as in-scope for the sprint. The work clarifies likely exposure, criticality, and what level of evidence and monitoring you should build, whatever label you use internally.

One system is easier to approve, faster to execute, and the only way to get concrete evidence and a credible story inside your organisation. Programme-wide efforts without that first proof point usually stall.

What happens when the four weeks end?

You have a baseline, clear owners, and a readout. The usual next step is to move the operating pattern into Guardian: same owners, same governance and evidence record on top of your monitoring inputs. We align that handover in week four.

Is the sprint fixed-price?

The sprint is structured as a fixed-scope, fixed-timeline offer designed to be easy to evaluate and approve. Background:

Readiness sprint · 4 weeks · one system

A four-week governance baseline for one in-scope production system

Fixed scope and fixed timeline: working sessions to map how the system is monitored and reviewed today, close the largest evidence gaps, and finish with a named baseline plus a Guardian handover—the governance record above the signals you already run. Not a stack replacement; legal compliance remains your determination.

Nordic AI Integrity runs the sprint; Guardian is the product for the ongoing record after week four.

Book a pilot discussion See what you get in four weeks

After the sprint, the operating pattern moves into Guardian. Product overview for stakeholders who need the “what is it” story.

EU AI ActProduction review guideFor AI

Offer at a glance

Fixed scope — one priority production system (live or imminently live)
Fixed timeline — 4 weeks from kickoff to executive readout
Fixed outputs — gap summary, first evidence baseline, review posture, Guardian handover outline
Focused team — a compliance or risk lead, a legal or governance stakeholder, and a model, data, or ML owner

Buyable as a single procurement unit: four weeks, one system, named artefacts each week—so you can fund software and evidence work without a programme office first.

Who this is for

If this matches your situation, the sprint is the right first buy. If you need unfunded discovery or a programme-wide policy design first, pass for now—we anchor on one system you can name on kickoff.

Compliance or risk leads who need a credible AI Act starting point now
Organisations with one live or near-live AI system under scrutiny
Teams that want practical outputs, not another policy-only exercise
Buyers who need a fixed-scope first step that can be approved quickly

Four phases in four weeks

The sprint follows the same week-by-week structure for every engagement. The content is always specific to your one priority system.

Phase 1Week 1

Mapping & scope

Lock onto one in-scope system, owners, and how it is run in production—so the sprint stays concrete and approvable.

Single-system scope, interfaces, and decision rights
Annex III / high-risk exposure framing where relevant
Map existing monitoring inputs, incidents, and documentation sources

Deliverable: Scope & risk framing summary

Phase 2Week 2

Signals & oversight review

Review how the system is monitored today, how oversight is documented, and where the governance record breaks—not a replacement for your observability stack.

Existing monitoring inputs and metric lineage
Human oversight and review touchpoints
Change management and documentation gaps
Model and data risk touchpoints (without centralising raw personal data)

Deliverable: Governance and control gap summary

Phase 3Week 3

Review triggers & scenarios

Clarify what should trigger review—drift, quality, robustness, incidents—so evidence and ownership are clear before pressure arrives.

Threshold and alert posture vs. material risk
Representative failure modes and incident patterns
Edge cases that deserve explicit review and sign-off
Where evidence should live for repeatable internal and external review

Deliverable: Review & evidence readiness scorecard

Phase 4Week 4

Readout & Guardian handover

Executive readout, first evidence baseline, and a practical handover into Guardian as the layer above your monitoring—supporting EU AI Act readiness without claiming legal compliance.

Executive readout for leadership and owners
Prioritised 30–90 day evidence actions
Guardian rollout outline (owners, records, integrations)
Pointers toward Article 11–style technical documentation where useful

Deliverable: Executive readout & Guardian handover plan

Most teams move from the sprint into Guardian for an ongoing governance record aligned with EU AI Act post-market expectations. EU AI Act post-market monitoring requirements.

When it fits—and what changes after week four

Triggers are why teams buy now; outcomes are what is easier once the baseline exists—separate from how the four weeks run in the section above.

Typical triggers

One live or near-live AI system is already under internal or regulatory scrutiny, and evidence is fragmented across tools
Leadership wants a concrete readiness baseline before funding broader governance work
You need a fixed-scope first step your organisation can approve quickly—not a transformation programme

Outcomes after week four

One coherent internal story for compliance, legal, and leadership on that system—not a rebuilt deck each time
A clear map of existing monitoring inputs versus governance and evidence gaps
A structured operating baseline you can extend to more systems—or use to stop work with explicit rationale
Faster, calmer responses when regulator or audit questions land

What you get after four weeks

At kickoff you nominate one production (or imminently live) system; at readout you own the artefacts below for internal use and for scoping Guardian—not a slide-only advisory exit.

Scope and Annex III / high-risk exposure framing for the one system you picked
Governance and control gap summary tied to how you monitor and review today
Review and evidence-readiness scorecard (thresholds, scenarios, ownership)
Executive readout plus prioritised 30–90 day actions for internal stakeholders
Guardian rollout outline—owners, records, integration touchpoints—for the software handover
First evidence baseline your teams extend in Guardian, not a one-off slide narrative

Why one system first

Most AI governance programmes become too abstract too early. They create policies, committees, and broad ambitions before one live system has a credible governance and evidence baseline.

The sprint reverses that. It starts with one real system, one real set of risks, and one concrete operating baseline. That makes the work more practical, more defensible, and much easier to expand later.

What the executive readout includes

System summary and scope definition
Key governance gaps against how you monitor and review today
Priority evidence gaps by workstream
Recommended alert, incident, and review-record structure
Immediate next steps for the next 30 to 90 days
Recommendation on moving into Guardian as the ongoing governance record

FAQ

Is the Readiness Sprint a conformity assessment?: No. The sprint is a time-boxed readiness and operational-baseline exercise around one in-scope system. A conformity assessment, where you need one, is a different process. The sprint is built to produce outputs you can use in product and in internal governance, not a certification packet.
Is this a consulting project or a path into software?: Nordic AI Integrity runs the sprint. Guardian is the product for an ongoing governance and evidence record above the monitoring you already use—not a stack replacement. Most teams use sprint outputs to fund and scope an initial Guardian rollout. The sprint is the practical commercial entry into that path.
Do we have to be sure the system is legally “high-risk” before we start?: No. You pick the system you are running as in-scope for the sprint. The work clarifies likely exposure, criticality, and what level of evidence and monitoring you should build, whatever label you use internally.
Why only one system?: One system is easier to approve, faster to execute, and the only way to get concrete evidence and a credible story inside your organisation. Programme-wide efforts without that first proof point usually stall.
What happens when the four weeks end?: You have a baseline, clear owners, and a readout. The usual next step is to move the operating pattern into Guardian: same owners, same governance and evidence record on top of your monitoring inputs. We align that handover in week four.
Is the sprint fixed-price?: The sprint is structured as a fixed-scope, fixed-timeline offer designed to be easy to evaluate and approve. Background: What an AI incident register should contain

Start with one system. Book a pilot discussion.

The sprint is the main commercial entry: fixed length, one in-scope system, and a handover that points straight into how you will run the governance record in Guardian on top of the monitoring you already have.

Book a pilot discussion See the four-week sprint