Many organisations must bring existing AI systems into compliance. The first step for brownfield systems is a gap assessment comparing the existing system against each AISDP module. The AI System Assessor examines what documentation exists, what is missing, what testing has been performed, what testing is needed, what governance controls are in place, and what controls are absent.

The gap assessment produces a remediation plan with priorities, owners, and timelines. Priorities are set by compliance criticality: gaps in human oversight capability, serious incident reporting, and basic PMM are more urgent than documentation formatting deficiencies.

The gap assessment should be conducted with realistic expectations. Systems developed before the AI Act’s requirements were well understood will have significant gaps. The purpose of the assessment is to quantify those gaps and plan their remediation, not to achieve compliance in a single step.

Key outputs

• Per-module gap assessment against AISDP requirements
• Remediation plan with priorities, owners, and timelines
• Realistic gap quantification for brownfield systems
• All 12 modules assessed