360 Business Law has launched an AI Audit service to help businesses assess their readiness for the EU AI Act. The service targets companies whose AI systems are sold into or used within the European Union.
The offering focuses on whether organisations can demonstrate compliance with the bloc's new rules, rather than simply say they meet them. Transparency duties under Article 50 are due to apply from August 2026, while requirements for high-risk AI systems are expected to move to December 2027 under Digital Omnibus amendments that still require formal adoption.
The rules extend beyond Europe-based companies. Businesses outside the EU can also fall within scope if their AI systems are used in the Union, increasing pressure on suppliers and service providers in other markets to review how their systems are governed and documented.
The audit is designed to help clients determine their role under the Act and classify the risk level of each AI system they use or provide. It also examines whether they have the governance arrangements, records and internal controls needed to support access to the EU market.
Areas covered include AI system inventories, including so-called shadow AI, as well as risk management processes, data quality checks and bias controls. The review also covers technical documentation, record-keeping, transparency measures, human oversight, system accuracy, robustness, cybersecurity, conformity assessment duties, registration requirements, the possible need for an EU authorised representative, third-party supplier dependencies and post-market monitoring.
Rather than producing only a legal assessment, the firm works with technical teams, business owners, and compliance staff to develop remediation plans. These are intended to help organisations address gaps identified during the audit and prepare evidence that customers or regulators may request.
360 Business Law says it aligns the audits with the NIST AI Risk Management Framework and ISO/IEC 42001. At the end of the process, clients receive an inventory of AI systems, documented risk classifications, a gap analysis and a prioritised action plan.
Robert Taylor, Founder and General Counsel at 360 Business Law, said the new regime would shift attention to proof of compliance.
"The EU AI Act is built around evidence. Businesses cannot simply claim compliance, they need to be able to demonstrate it. An AI audit allows organisations to identify risks, fill gaps and build the evidence they need before customers or regulators start asking questions," Taylor said.
He said some companies had yet to grasp how widely the legislation could affect their operations and internal processes.
"I suspect many businesses have yet to appreciate the full impact that the EU AI Act will have on their operations and internal processes. Through the AI-related legal services we have been providing over the past two years, we have seen first-hand the practical steps organisations need to take. The challenge is not simply understanding the law but being able to demonstrate compliance. Our AI Audit service is designed to give businesses that clarity before they enter the European market, rather than after problems arise," he said.
Wider reach
The launch reflects a broader shift in legal and compliance work around artificial intelligence as regulation moves from principle to enforcement. Customers are increasingly asking companies that develop, deploy, or resell AI tools to demonstrate how their systems are classified, monitored, and controlled, especially when those tools may be used across borders.
For law firms and advisory groups, this has created a growing market for services that combine regulatory interpretation with operational reviews. In practice, many businesses face a more basic problem: identifying where AI is already being used inside the organisation, including tools adopted informally by teams without central approval.
Often described as shadow AI, that issue can complicate compliance because undocumented systems may fall outside governance processes, data controls and oversight structures. For companies trading into the EU, the challenge is not only to understand which rules apply but also to assemble records that can withstand scrutiny from customers, partners and regulators.
Founded in 2014, 360 Law Group operates through 360 Business Law and 360 Law Services in England and Wales. The group says it has more than 700 lawyers across more than 100 jurisdictions, including an England and Wales practice with more than 115 solicitors covering all major legal areas except criminal law.