A n n a  A u g u s t  A d v i s o r y

Governance that holds when it is tested.

Govern to grow.

A boutique AI governance and compliance consultancy. Audits and certification readiness, regulatory advisory, and programmes for boards and teams, primarily across the UK, Poland, Ireland and the wider EU, with GCC reach.

Start a conversation See the programmes
What we do

Three ways we work

Audits & certification readiness

Independent audits of AI systems and governance, with board-ready findings and a clear remediation path. Gap analysis, documentation, and pre-audit preparation for ISO 27001 and ISO 42001, taking you to the door of certification ready to pass.

Explore compliance services →

Advisory

AI governance and regulatory compliance across the EU AI Act, NIS2 and national implementations, UK frameworks, and GCC requirements. One coherent structure, evidence that travels across jurisdictions.

Explore governance services →

Training & programmes

Programmes for boards and supervisory boards, and AI training for organisations that build, ship, or operate AI. Every session produces a documented record of competence.

Explore the programmes →

How we work

From conversation to something you can defend

Every engagement begins with a conversation and ends with something you can use, defend, and build on. The path between is structured, transparent, and shaped around where you actually are.

1

Conversation

We start by understanding your situation: the AI you use, build, or sell, the markets you operate in, and the pressure you are under, whether from regulators, investors, buyers, or your own board. This first conversation tells us both whether and how we can help.

2

Scope and proposal

We define the work precisely: what we will assess or build, what we need from you, the timeline, and the deliverables. You receive a clear written proposal before anything begins. No open-ended retainers by default, no ambiguity about what you are getting.

3

The work

We carry out the engagement: audit, classification, documentation, framework design, or whatever the scope defines. We work closely with your teams where needed, and independently where that serves you better, with regular checkpoints so you are never wondering where things stand.

4

Delivery and beyond

You receive work that is board-ready: clear findings, the documentation itself, and a prioritised path forward, presented to your team rather than left in an inbox. From there, some clients move to a retained advisory relationship for ongoing governance; others take what we have built and run with it. Both are by design.

AI Governance

AI governance services for the UK, EU and GCC markets

Helping organisations unleash their AI. Governance is how.

AI is no longer something organisations simply use. It is something they build, embed in their products, and sell. Whether you deploy AI tools internally, ship AI-powered services to customers, or sign enterprise contracts to deliver AI at scale, you are now accountable for how those systems behave. The question is no longer whether AI is part of your business. It is whether you can explain, control, and stand behind how it works.

AI governance is the structure that makes that possible. Not a policy document filed away. A working framework that defines who is accountable, how decisions are made, what data flows where, and how risk is caught before it becomes exposure. Done well, governance is not a brake on AI. It is what lets you move faster with confidence: govern to grow.

Why it matters now

What we do

We help organisations move from scattered, reactive AI use to a governance structure they can actually operate and defend. The work is practical, not theoretical:

The Seven Pillars: the framework behind the work

Every engagement is structured around seven core dimensions of responsible AI. Together they turn abstract principles into something an organisation can actually operate:

  • Human Oversight: clear points where people, not systems, hold final accountability.
  • Technical Safety: systems that perform reliably and fail safely.
  • Data Privacy: lawful, secure, and transparent handling of data across the lifecycle.
  • Transparency: decisions that can be explained, traced, and understood.
  • Fairness: active management of bias and discriminatory outcomes.
  • Social Impact: awareness of how systems affect people beyond the organisation.
  • Accountability: a named, structured chain of responsibility, not diffused ownership.
What is AI governance?

AI governance is the structure that determines how an organisation designs, owns, monitors, and stands behind its AI systems. It defines who is accountable, how decisions are made, what data flows where, and how risk is caught before it becomes exposure. It is not a single policy document or a one-off training session. It is a working framework embedded into how the organisation operates.

Is AI governance the same as AI compliance?

No. Compliance proves you meet the rules that apply to you at a given moment. Governance is the wider structure that decides how AI is designed, owned, and corrected over time, so that compliance holds true as systems, teams, and regulations change. Compliance is essential, but on its own it is a snapshot. Governance is what keeps it true.

Who is responsible for AI in an organisation?

In most organisations, no single person is, and that is the problem. Technology sits with IT, data with the DPO, compliance with Legal, outcomes with the business. Each team owns a piece; no one owns the whole. Effective AI governance resolves this by naming a single accountable owner for each AI system: its risks, its documentation, its obligations, and its consequences.

Does AI governance slow down innovation?

No. Done well, governance is what lets you move faster with confidence. Without a clear structure, every new AI deployment carries unmanaged risk, every regulator query becomes a fire to fight, and every investor or buyer question exposes a gap. Governance built in from the start removes that friction and makes responsible scale possible. This is the principle behind everything we do: govern to grow.

Not governance that looks right on paper. Governance that holds when it is tested.
AI Compliance

AI compliance services for the UK, EU and GCC markets

Helping organisations unleash their AI. Proof is how.

Governance sets the structure. Compliance is where you prove it works, in documents a regulator, an auditor, or an enterprise client will actually accept. This is the evidence layer. When a regulator asks how your AI makes decisions, when an investor's due diligence team asks for your governance documentation, when an enterprise buyer makes certification a condition of signing, compliance is what you put on the table. We build it so that it holds.

What we do

Who needs to comply with the EU AI Act?

Any organisation that provides or deploys an AI system whose output is used in the EU, regardless of where the organisation is based. Obligations depend on your role in the value chain (provider, deployer, importer, or distributor) and on how your system is classified by risk. The heaviest obligations fall on high-risk systems, which include AI used in employment, education, credit and insurance, essential services, and critical infrastructure.

Do UK companies need to comply with the EU AI Act?

Often, yes. The EU AI Act applies based on where your AI system operates and who it affects, not where your company is incorporated. A UK-registered company is in scope the moment its system makes or influences decisions about people in the EU. We help UK organisations identify EU exposure early, before an EU-facing product forces a costly retrofit.

What is a deployer pack?

A deployer pack is the complete set of documents an organisation must have in place before deploying an AI system lawfully. Depending on the jurisdiction and the system, it can include a Data Processing Agreement (DPA), an international transfer agreement, a Data Protection Impact Assessment (DPIA), a human oversight record, an AI literacy record, and a complaints procedure. A single missing document can block go-live, so the pack is built and signed as a whole.

Do I need ISO 42001 and ISO 27001?

It depends on what you build and who you sell to. ISO 27001 covers information security and is widely expected across markets. ISO 42001 is the dedicated standard for AI management systems. Neither is a legal requirement, but both are increasingly how organisations demonstrate trust to enterprise buyers and investors. Because the standards share a common structure, pursuing them together is more efficient than doing each in isolation.

How long does AI compliance documentation take?

Longer than most organisations expect. A full set of deployer documentation for a high-risk system typically takes months, not weeks, once you account for the agreements that must be drafted, reviewed, and signed between parties. Compliance built early is design. Built late, under deadline pressure, it becomes a far more expensive reconstruction.

Training & Programmes

Programmes for boards. Training for the people who build and run AI.

Two distinct practices, one standard of proof: every session produces a documented record of competence. Delivered in English or Polish, on site and online, primarily across the UK, Poland, Ireland and the wider EU, with delivery in the GCC on request.

Board Programmes

Advisory for boards and supervisory boards, delivered as sessions. New cyber laws across Europe place duties directly on boards, and the EU AI Act requires AI competence from those who oversee AI. We pair the two: two duties, one session, one documented record.

NIS2 / national cyber laws

The statutory cyber session

Directors' duties under the new cyber regimes: Poland's KSC Act in force, Ireland's Bill in progress, the UK's CSRB on its way. Obligations, timelines, personal exposure.

2–3 hours · certificate & documentation
EU AI Act

AI governance for boards

AI competence required of those who oversee AI, made practical: the AI inventory, shadow AI (including the board's own), agentic systems and the audit problem.

Half day · workshop
NIS2 + AI Act

Board readiness day

Cyber duties and AI governance together: board and executive at one table, one accountability map, a twelve-month plan.

Full day · flagship
NIS2 across jurisdictions

One directive, many laws

For groups operating across several countries: where national implementations diverge, and how one structure satisfies them all.

Half day · workshop
24/72h reporting in practice

Incident simulation

Sessions teach; the simulation tests. A moderated tabletop on a realistic scenario: cyber, or purely AI (a deepfake of the CEO, an agent acting beyond its authority).

3 hours · tabletop exercise
The destination of the path

Annual board programme

Quarterly sessions, regulatory briefings, updated documentation, and access between sessions. A recurring statutory duty turned into a recurring readiness review.

Year-round · retained

Companion services: scoping assessment · board governance pack · AI use review · 24/72 incident playbook · regulator readiness review · new director onboarding (1:1). Full programme descriptions available on request: office@annaaugust.com.

Organisational Training

AI training for AI companies, startups, and organisations deploying or managing AI at scale. If your teams build, ship, or operate AI, the EU AI Act already expects them to be competent in it: Article 4 makes AI literacy an obligation, not an aspiration.

Article 4, EU AI Act

AI literacy programmes for teams

Role-based AI literacy for the people who work with AI daily: what the systems do, where the risk sits, and what the law expects of them. Designed for the organisation, with a documented record of competence.

Tailored · on site or online
For companies building or selling AI

AI governance training for AI companies

For startups and scale-ups whose product is AI: governance, documentation, and compliance practice that survives investor due diligence and enterprise procurement.

Tailored · workshop series
For organisations deploying AI

Deployer training

For teams rolling out AI internally: human oversight in practice, escalation paths, incident awareness, and the records that prove all of it.

Tailored · on site or online
Designed, not taken off a shelf

Custom programmes

Training built around your systems, your sector, and the regulations that apply to you, not a generic curriculum with your logo on the first slide.

Scoped per engagement
About

Anna August

Portrait of Anna August

Anna August is the founder of Anna August Advisory. She holds a PhD and spent nearly two decades in some of the most demanding regulated environments, from medical devices and healthcare to education, ESG, aviation, and enterprise technology, consistently as the person responsible for making complex, data-driven systems worthy of trust: by regulators, by users, and by the boards who signed off on them.

That experience, sharpened by an earlier academic career of research and lecturing, is what the advisory is built on. She is the creator of the Seven Core Ethical Pillars framework, and writes the practitioner newsletter Notes from the Human Side. She delivers board programmes personally.

18+
years in regulated environments
80+
projects across Europe, UK, USA and GCC
7
pillars: the proprietary framework behind the work
FAQ

Frequently asked questions

What is an AI governance consultancy?

An AI governance consultancy helps organisations build the structure that determines how their AI is designed, owned, monitored, and defended: who is accountable, how decisions are made, how risk is managed, and how compliance is proven across the regulations that apply. Anna August Advisory is an AI governance and compliance consultancy serving organisations primarily across the UK, Poland, Ireland and the wider EU, with GCC reach, with a methodology built on the Seven Core Ethical Pillars.

Do I need an AI governance consultant?

If your organisation uses, builds, or sells AI and cannot clearly name who is accountable for it, the answer is usually yes. Most organisations are not ungoverned; they are under-governed, moving faster than their structures can hold. An AI governance consultant brings the framework, the regulatory knowledge, and the outside perspective to close that gap before a regulator, an investor, or an incident exposes it.

What does Anna August Advisory do?

Anna August Advisory is a boutique consultancy specialising in AI governance, compliance, and ethics. We help organisations design, document, and defend how they use, build, and sell AI. Our work spans AI governance frameworks, regulatory compliance, audits, board programmes, and organisational training, all built on a proprietary methodology, the Seven Core Ethical Pillars.

Which markets does Anna August Advisory work in?

Primarily the UK, Poland, Ireland, and the wider European Union, with engagements in the Gulf Cooperation Council (GCC). This cross-jurisdictional reach is a core part of what we offer: organisations operating across these markets face overlapping and sometimes conflicting requirements, and we structure governance and compliance so that one coherent framework holds across all of them.

What is the difference between AI governance and AI compliance?

Compliance proves you meet the rules that apply to you at a given moment. Governance is the wider structure that decides how AI is designed, owned, monitored, and corrected over time, so that compliance holds true as systems, teams, and regulations change. Compliance is essential, but on its own it is a snapshot. Governance is what keeps it true. We work across both.

Who do you work with?

We work with organisations that use, build, or sell AI: from established companies bringing order to AI that has already spread through their operations, to startups and scale-ups designing governance into their product from the start. Our clients span regulated sectors, cross-border businesses, and organisations raising funding, where scrutiny from regulators, buyers, and investors arrives fastest.

What is the Seven Core Ethical Pillars framework?

The Seven Core Ethical Pillars is the proprietary framework behind all of our work: human oversight, technical robustness and safety, data privacy, transparency, fairness, social impact, and accountability. It turns abstract principles into something an organisation can actually operate, and it maps directly onto the EU AI Act, UK guidance, ISO 42001 and ISO 27001, and GCC frameworks, so one structure produces evidence you can reuse across jurisdictions.

Who is Anna August?

Anna August is the founder of Anna August Advisory. She holds a PhD and brings nearly two decades of experience in highly regulated environments, including medical devices, healthcare, sustainability, and enterprise technology, to the challenge of AI governance. She is the creator of the Seven Core Ethical Pillars framework, writes the practitioner newsletter Notes from the Human Side, and contributes to leading international conversations on AI governance.

Contact

Start a conversation

Whether you are facing a deadline, a due diligence request, or a board that has started asking questions, the first step is the same.

office@annaaugust.com LinkedIn