FAQ

An AI Governance & Compliance Check assesses your AI governance status against EU AI Act, FINMA, and Swiss data protection law. We inventory detectable AI tools, evaluate compliance risks, and deliver a prioritized roadmap.

The check provides an inventory of detectable AI usage (based on your infrastructure), a compliance assessment for each tool, an amnesty program for voluntary disclosure, and AI usage policies.

Research shows that over 80% of employees use AI tools not approved by their IT department. This creates several risks:

• Data leakage: Sensitive company data uploaded to external AI services
• Compliance violations: Potential breaches of GDPR, FINMA regulations, or industry standards
• Security gaps: Unknown attack surfaces and data flows
• Intellectual property risks: Proprietary information used to train external models

Our check follows a structured 4-phase process:

• Discovery: Network analysis and employee surveys to identify AI usage
• Assessment: Risk evaluation for each identified tool and data flow
• Analysis: Gap analysis against regulatory requirements and best practices
• Recommendations: Actionable roadmap for AI governance implementation

All analysis is performed using Swiss-hosted cloud infrastructure. Your data never leaves Switzerland.

All AI processing runs on infrastructure hosted exclusively in Swiss data centres (Azure Switzerland North, AWS Zurich, or Safe Swiss Cloud). This means:

• No data transmission outside Switzerland
• No US-based cloud API calls during analysis
• Complete data sovereignty: your information stays in Switzerland under Swiss law

This approach is essential for organizations handling sensitive data in finance, healthcare, legal, or government sectors. For clients requiring physical on-premise deployment, this is available as a premium option.

A standard check for a mid-sized organization (50-200 employees) typically takes 2-3 weeks:

• Week 1: Discovery and data collection
• Week 2: Analysis and risk assessment
• Week 3: Report preparation and recommendations

Larger organizations or those with complex IT environments may require additional time. We provide a detailed timeline during our initial consultation.

Every check includes:

• Executive Summary: High-level findings for leadership
• AI Tool Inventory: List of detectable AI usage based on your infrastructure
• Risk Assessment Matrix: Prioritized risks with severity ratings
• Compliance Gap Analysis: Mapping against relevant regulations
• Recommendations Roadmap: Actionable steps with priorities
• Policy Templates: Starting point for AI governance policies

Our checks are designed with Swiss and European regulatory frameworks in mind:

• Swiss Data Protection Act (nDSG)
• GDPR (for EU data subjects)
• FINMA guidelines (for financial services)
• EU AI Act (effective August 2026)
• Industry-specific standards (ISO 27001, SOC 2, etc.)

We offer various services at fixed prices: EU AI Act Classification Report (from CHF 2,500), AI Tool Compliance Cards, AI Usage Policy (from CHF 990), AI Policy Analysis (from CHF 4,500), and the comprehensive Compliance Check (from CHF 5,500) and Compliance Check Plus (from CHF 8,000) with personal consultation.

Contact us for a detailed quote based on your specific situation.

Yes. After the initial check, we offer quarterly review services to track AI adoption trends, assess new tools, and ensure continued compliance. This is recommended as the AI landscape evolves rapidly.

Simply reach out via our contact form or email us directly at contact@shadowai.ch. We'll schedule a free 30-minute consultation to understand your situation and determine if an AI Governance & Compliance Check is right for your organization.