REGULATION (EU) 2024/1689 - PROGRESSIVE ENTRY INTO FORCE

AI Act: map
your usage before you're asked to

The European regulation on artificial intelligence progressively governs AI systems, including those already built into your everyday tools (Microsoft 365 Copilot, for example). SYAGA helps you inventory your actual usage, understand the obligations that apply to you, and build an action plan, without jargon and without unverified numerical promises.

2024
Regulation published (2024/1689)
Tiers
Progressive application over time
EU
Horizontal scope, all sectors
Copilot
AI already present in your M365 tools

The context

A European regulation that already applies, often without the company having noticed

The European AI regulation is already published

Regulation (EU) 2024/1689 (source: EUR-Lex) governs the governance of artificial intelligence systems within the European Union. Its entry into application takes place in successive tiers depending on the type of obligation concerned.

🤖

AI is already in your current tools

Artificial intelligence features are already built into office suites widely deployed in companies, such as Microsoft 365 Copilot. Many organizations use them without having formally inventoried this scope.

📋

Few companies have mapped their AI usage

Between tools provided by vendors, internal developments, and automated agents deployed on existing platforms, the actual scope of AI systems in use is rarely documented centrally.

🔐

Anticipating is better than enduring

As with any new regulation, it is better to clarify your exposure early than to discover an obligation during an audit or a request from a client, an insurer, or a partner.

The AIACT-Express approach

A 5-step support process, calibrated with you according to your actual scope of AI systems

1
Step 1 - Scoping

Interview with management or the IT manager

Understand the context, the tools already in place, and ongoing or planned AI projects. Goal: define a realistic scope of analysis, not a theoretical list.

2
Step 2 - Mapping

Inventory of AI systems in use

Vendor tools (including AI features already included in your office suites), internal developments, automations, and agents deployed on your existing platforms.

3
Step 3 - Analysis

Qualification of your role and associated obligations

Determine, for each system identified, to what extent you are a provider or a deployer within the meaning of the regulation, and what general obligations arise for your organization.

4
Step 4 - Action plan

Prioritization of compliance actions

A structured action plan, prioritized by risk and effort, without any promise of legal outcome: sensitive points are flagged for verification by specialized legal counsel.

5
Step 5 - Handover

Presentation of the diagnosis and handover

Delivery of the mapping file and the action plan, with time for discussion to answer your teams' questions.

What you receive

Concrete working documents, tailored to your actual scope

📝

AI systems mapping

Structured inventory of the usages identified during scoping and mapping.

  • Vendor tools and integrated AI features
  • Internal developments and automated agents
  • Role identified for each system (provider / deployer)

Summary of general obligations

A plain-language document linking each identified system to the major categories of obligations under the regulation.

  • View by AI system inventoried
  • Points to have verified by a specialized lawyer
  • No sanction amount stated without legal verification
📈

Prioritized action plan

An operational roadmap for your organization.

  • Actions ranked by priority
  • Reference to the relevant scope (GDPR, IT governance)
  • Editable format for internal tracking

Scope covered

The AI Act cannot be analyzed in isolation: it interacts with texts you already know

AI

AI Act (Regulation (EU) 2024/1689)

Reference text on the governance of artificial intelligence systems within the European Union. Source: EUR-Lex.

GD

GDPR

Whenever an AI system processes personal data, GDPR obligations (Regulation (EU) 2016/679) remain applicable alongside the obligations specific to the AI Act.

GO

Existing IT governance

Mapping AI usage naturally fits into a broader IT governance approach (security policy, risk management), particularly if your organization is already concerned by NIS2 or an ISO 27001 process.

M365

AI already present in Microsoft 365

Features like Copilot introduce AI into tools already used daily. Their use falls within the scope to be mapped, even without a "visible" AI project.

A quote, not a standard rate

The scope of an AI Act diagnosis varies too much depending on the number and nature of AI systems in use to offer a generic price. We provide a quote after the scoping phase.

Custom AI Act diagnosis

Scope established with you from the scoping stage

  • Scoping and interview included
  • Mapping of identified AI systems
  • Summary of general obligations, with no invented legal figures
  • Prioritized action plan
  • Quote established after scoping, before any commitment
Request a quote

Frequently asked questions

The answers below are deliberately general. They do not constitute legal advice and do not replace the analysis of legal counsel specialized in digital law.
Is my company affected by the AI Act?
The regulation applies broadly whenever an organization develops, places on the market, or uses an artificial intelligence system within the European Union, including via features already built into existing tools (for example Microsoft 365 Copilot). Unlike other texts, the AI Act does not set a simple threshold based on number of employees or turnover: the exact scope and obligations depend on the role held (provider or deployer) and the system concerned. A diagnosis makes it possible to determine this for your organization.
What is the difference between provider and deployer?
The regulation notably distinguishes organizations that develop or place an AI system on the market (providers) from those that use it in the course of their professional activity (deployers). The obligations that apply differ according to this role. Most SMEs are primarily deployers of the tools they use daily.
What are the risks of non-compliance?
The regulation provides for a specific sanctions regime. We deliberately do not communicate any amount on this page until it has been verified and validated by specialized legal counsel for your precise situation: this is precisely one of the points the diagnosis helps clarify with the right contacts.
Does the diagnosis replace a lawyer's opinion?
No. AIACT-Express is an operational support tool (mapping, plain-language summary, action plan) and does not constitute legal advice. For any question of legal interpretation of the regulation, the involvement of a specialized lawyer remains necessary.
How much time do I need to commit my teams?
Mainly a scoping interview with management or the IT manager, then a debrief session at the end of the process. The exact volume is specified in the quote, once the scope is known.
What makes SYAGA legitimate on this subject?
SYAGA Consulting has been carrying out security and compliance audits of information systems since 2009, for organizations of various sizes. AIACT-Express relies on this same audit method (scoping, mapping, analysis, action plan) applied to the specific scope of artificial intelligence.

Ready to map your AI usage?

Write to us for an initial discussion and a personalized quote.