AI governance for the EU AI Act.
Sentinel for EU-domiciled or EU-operating enterprises, anchored on the EU AI Act (in force, phased through 2027), GDPR, GPAI Code of Practice (July 2025), NIS2 and DORA.
GPAI rules enforceable since Aug 2025. High-risk lands Aug 2026. Digital Omnibus may shift dates.
Prohibited AI uses banned since Feb 2025. GPAI obligations enforceable since Aug 2025 (most major providers have signed the voluntary GPAI Code of Practice, finalised July 2025). High-risk system obligations scheduled for 2 Aug 2026; high-risk AI embedded in regulated products 2 Aug 2027. The Digital Omnibus political agreement (May 7, 2026) may shift high-risk obligation dates — worth tracking. Non-EU companies are in scope if their AI outputs are used in the EU.
Every framework EU cares about — encoded as data, cross-mapped on day one.
The Sentinel Framework Engine ships with these frameworks as machine-readable data, with explicit cross-maps. When you assess a use case, the workpaper, the review pack, and the auditor evidence trail are generated from this library — not authored from scratch.
EU AI Act (Regulation 2024/1689)
PhasedRisk-tiered AI regulation; prohibited / high-risk / limited / minimal. Phased into force.
GPAI Code of Practice
VoluntaryVoluntary code of practice for GPAI providers. Most major providers signed.
Digital Omnibus package
PendingPolitical agreement May 7, 2026 — may shift EU AI Act high-risk obligation dates. Live regulatory motion.
AI Liability Directive
WithdrawnWITHDRAWN Feb 2025 — no longer pending. Liability now handled under existing instruments and revised Product Liability Directive.
General Data Protection Regulation (GDPR)
In forceLawful basis, DPIAs, automated-decision rights under Art. 22.
Digital Services Act (DSA)
In forceAlgorithmic transparency for online platforms; obligations heavier for VLOPs.
Digital Markets Act (DMA)
In forceGatekeeper obligations including AI use.
NIS2 Directive
In forceCybersecurity for essential and important entities, including AI service providers.
DORA — Digital Operational Resilience Act
In forceFinancial services operational resilience including ICT third parties.
Revised Product Liability Directive
In forceUpdated product liability covering software and AI components.
ENISA Cybersecurity Framework for AI
GuidanceTechnical baseline for AI system security.
Plus universal AI standards (every jurisdiction)
Built for international private sector.
DPO, CISO, Chief AI Officer, or General Counsel at any organisation placing AI on the EU market — regardless of HQ location. Strongest fit for financial services (DORA), critical infrastructure (NIS2), GPAI signatories, and any high-risk AI deployer.
What ships, regardless of jurisdiction:
- ✓M1 · AI Use-Case Register
- ✓M2 · AIAF / equivalent Workpaper
- ✓M3 · AI Review Committee Workflow
- ✓M4 · Risk Register
- ✓M5 · Transparency Register
- ✓M6 · Regulatory Gap Tracker
- ✓M7 · Evidence Vault + Audit Log
- ✓M8 · Re-attestation Engine
What changes between jurisdictions is the Framework Library pack — the regulations, statutes, and guidance pre-loaded. The platform structure stays the same.
Help shape Sentinel for European Union Private Sector.
Tell us your jurisdiction-specific needs and we'll prioritise the framework pack accordingly. Registered organisations get founding-partner terms when their jurisdiction goes live.
Sentinel · Arrochar Consulting · sales@arrocharconsulting.com