Service — AI Audit
Know your AI risks. Spot your AI wins.
Half of your team is already using ChatGPT. You don't know what they're pasting into it. The EU AI Act is live. GDPR fines are rising. Meanwhile, your competitors are quietly shipping AI that actually helps. Fly AI's AI Audit gives you two things: a clear picture of your risks and a roadmap of the opportunities you're missing. No hype. No fearmongering. Just honest answers.
Three types of AI audits
Choose the audit that matches where your business is on its AI journey.
Opportunity Audit
Focus on the upside. We identify the 5–10 places where AI could make a real difference in your business, with effort and ROI estimates.
Legal & Compliance Audit
Focus on risk mitigation. GDPR compliance check, EU AI Act classification, shadow AI discovery, and policy drafting.
Full Company AI Audit
The complete picture. Combines opportunity mapping, legal compliance, shadow AI discovery, and a 90-day implementation roadmap.
Your AI risk is bigger than you think. So is your AI opportunity.
Two things are happening at the same time, in almost every Belgian SME and public body we talk to.
Thing one: your team is already using AI. ChatGPT, Copilot, Gemini, Claude, Perplexity. They're pasting client data, internal documents, maybe even HR files into tools you never approved. Nobody wrote a policy. Nobody measured the risk. Nobody knows whether it's GDPR-compliant. This is called "shadow AI" and it's the fastest-growing data risk of 2026.
Thing two: while you worry about shadow AI, your competitors are deploying AI agents, automating their back office, and winning bids you should have won. The gap between "AI-ready" and "AI-clueless" organisations is growing by the week.
The AI Audit fixes both. In two to five days, we map what AI you're already using (authorised or not), we rate your risks against GDPR and the EU AI Act, and we show you the top 5–10 opportunities you're sitting on. You walk out knowing exactly where you stand — and exactly what to do next.
What exactly does an AI Audit cover?
Our AI Audit is a structured deep-dive into three things:
1. Your AI risk surface
Everything your organisation currently does with AI — shadow or official. What data goes in. Where it goes. Who approved it. What could go wrong.
2. Your compliance position
GDPR (lawful basis, data minimisation, DPIA, international transfers) plus the EU AI Act (risk classification, transparency, human oversight, literacy requirements). We tell you exactly what to fix and in what order.
3. Your AI opportunity map
The 5–10 places in your organisation where AI could genuinely make a difference — with realistic estimates of effort, cost and impact. Not every AI project is worth doing. We'll tell you which ones are.
What the audit does NOT do
It's not a 200-page report that ends up in a drawer. It's not a generic compliance checklist copied from the internet. It's not a sales pitch for our other services. It's a focused, practical document designed to be read, acted on, and shared with your leadership team.
Why AI audits are urgent in 2026
The EU AI Act is live
Key provisions are already in force, including the prohibition on "unacceptable risk" AI systems (February 2025), the literacy obligation (Article 4, February 2025), and general-purpose AI rules (August 2025). High-risk system obligations come into full force in August 2026 — months, not years away.
Shadow AI is the new shadow IT
Gartner estimates that most employees in knowledge organisations use generative AI at work, and the vast majority do so without explicit approval. Every one of those interactions is a potential data exposure.
GDPR fines are still rising
Belgian DPA enforcement is active and specifically interested in AI use cases. A single badly-scoped AI pilot can generate a GDPR investigation that takes months and costs real money.
Your competitors aren't waiting
Every quarter you delay an AI strategy is a quarter your competitors spend getting ahead. The audit isn't about being paranoid — it's about being prepared.
Our 5-step audit process
Discovery call (30 minutes, free)
We listen to your context, your worries, your current AI usage (what you know of it). We'll tell you honestly if an audit is the right next step — or if you'd be better served by a smaller workshop or a direct build.
Kick-off & data gathering (1 day, remote)
We interview the key people (IT, HR, legal if you have them, and 2–3 operational leads), we survey your team about their AI usage, and we inventory the tools you know about.
Risk & opportunity assessment (2–3 days, our side)
We analyse everything we've collected. We map your AI risks against GDPR and EU AI Act requirements. We score each risk. We identify the top 5–10 opportunities where AI could genuinely help you, with realistic impact estimates.
Report & workshop (half-day, on-site or remote)
We walk you through our findings in a working session with your leadership team. Every risk gets a clear fix. Every opportunity gets a clear next step. You leave with a prioritised roadmap — not a stack of paper.
Implementation support (optional)
An audit without follow-through is wasted money. If you want, we help you execute the top opportunities — either directly (Fly AI builds the agents or tools) or by pointing you to the right sister company in The Fly Group (Agifly for custom software, Flydoo for Odoo, Flyeo for SEO). No extra handovers, no finger-pointing between vendors.
What's included in your AI Audit
An AI inventory
Every AI tool currently in use across your organisation, authorised or not, with the data flows behind each.
A GDPR risk map
Every AI use case rated against GDPR requirements, with a traffic-light score and a fix for each red.
An EU AI Act classification
Each AI system classified by risk tier (minimal / limited / high / prohibited), with a compliance checklist for each.
A top 10 opportunity list
The 5 to 10 AI projects most likely to pay off for your specific business, with rough effort, cost and impact estimates.
An AI usage policy draft
A one-pager you can sign off and share with your team, covering what AI they can use, what they can't, and why.
An AI literacy plan
What training your team needs to comply with Article 4 of the AI Act.
A prioritised 90-day roadmap
What to fix first, what to build next, who owns it.
Who the AI Audit is built for
Belgian SMEs (25–500 people) who suspect their team is already using AI, want to put the right guardrails in place, and want to find the 2–3 AI projects that would actually move the needle for them.
Belgian public bodies (municipalities, agencies, regional administrations) who must comply with GDPR and the EU AI Act and who want to use AI responsibly to deliver better services to citizens.
Professional services firms (law, accounting, consulting) where client confidentiality is non-negotiable and where an accidental AI leak could be catastrophic.
Healthcare, HR and finance teams — any team that handles sensitive personal data and where AI usage needs strong governance.
Leadership teams who want an outside, honest view of their AI position before making big investment decisions.
Audit packages
| Package | What you get | Duration | Investment |
|---|---|---|---|
| Discovery call | 30-minute honest conversation. Go/no-go. | 30 min | Free |
| AI Literacy Workshop | Half-day session for leadership teams. Covers EU AI Act basics, risks, opportunities. Counts as Article 4 literacy training. | 2–4 h | From €450 |
| AI Quick-Scan | Lightweight audit for SMEs of 5–50 people. Inventory + top 5 risks + top 5 opportunities. | 2 days | From €2.500 |
| AI Audit (standard) | Full audit for SMEs of 50–250 people. Full report + workshop + 90-day roadmap. | 3–5 days | From €5.500 |
| AI Audit (public / large) | Tailored audit for public bodies or large SMEs, including AI Act compliance pack and policy draft. | 5–10 days | On request |
| Implementation support | We build the fixes and the opportunities — or point you to the right Fly Group partner. | Variable | Project-based |
Why choose Fly AI for your AI audit?
We don't just audit — we build. Most audits end in a report nobody implements. Because we also build AI agents and vibe-code tools, we can take the audit into implementation without a new vendor, a new quote or a new delay.
We understand the Belgian context. Belgian DPA interpretations. EU AI Act in Belgian practice. Public procurement. Brussels, Flemish and Walloon regional nuances. FR, NL, EN and DE.
We're practitioners, not compliance-only consultants. A lot of audit firms can quote the law. Few of them have actually deployed a production AI agent. We have — which means we know where the real risks and the real opportunities live.
We're honest. If your biggest AI risk is a single rogue ChatGPT habit, we'll tell you. We won't inflate findings to justify a bigger bill.
We're part of The Fly Group. Four brands (Agifly, Flydoo, Flyeo, Fly AI), one shared network, zero finger-pointing when your audit findings touch software, Odoo, SEO or AI.
AI Audit FAQ
Do we actually need an AI audit? We don't really use AI yet.
If your team has access to ChatGPT, Copilot, Gemini or similar, you're using AI — whether you've approved it or not. The audit is specifically designed to surface this "shadow AI" usage and help you get ahead of it before it becomes a GDPR issue.
What's the difference between a GDPR audit and an AI audit?
A GDPR audit covers all personal data processing. An AI audit focuses specifically on AI systems and combines GDPR requirements with the new EU AI Act obligations, which are more specific (risk classification, transparency, human oversight, AI literacy).
How long does an AI audit take?
From 2 days (AI Quick-Scan) to 10 days (large public-sector audit). Standard audits for SMEs are 3–5 days over a 2–3 week calendar window.
How much does it cost?
Quick-Scan from €2.500. Standard audit from €5.500. Larger or public-sector audits are quoted after the discovery call.
Will the audit disrupt our business?
Minimally. We need 4–6 interviews (1 hour each) with key people, a short survey for your wider team, and access to basic documentation. Everything else happens on our side.
Is the EU AI Act actually enforced?
Yes. Key provisions are already live and the rest come into force in stages through 2026 and 2027. Belgian organisations are already in the compliance window.
Who inside Fly AI does the audit?
A senior Fly AI consultant with both legal/compliance and hands-on AI engineering experience. You don't get a junior auditor reading a checklist — you get someone who has actually built production AI and knows where the sharp edges are.
Can you cover the Article 4 AI literacy requirement?
Yes. Our AI Literacy Workshop is designed specifically for this, and the standard and large audits include an AI literacy plan as part of the deliverables.
Is the report confidential?
Absolutely. We sign an NDA before we start. Your audit findings are never shared, referenced, or used in marketing without your explicit permission.
Do you work with public administrations?
Yes. We have a dedicated package for public bodies that includes compliance with public procurement rules, accessibility requirements and specific guidance for municipal and regional administrations.
What if you find a serious issue?
We'll tell you immediately — we don't wait for the final report to surface a serious risk. And we'll help you fix it, either directly or by pointing you to the right specialist.
Can we do just the opportunity mapping without the risk part?
Yes — that's effectively our AI Quick-Scan package. It focuses on the opportunity side, with just enough risk coverage to make sure you don't chase opportunities that would blow up on you later.
Two questions. Honest answers. One clear roadmap.
Book a free 30-minute discovery call. We'll listen to your context, tell you honestly whether an audit is the right next step, and — if it is — explain exactly what yours would look like and what it would cost.
