The agency had to inventory, classify and begin remediating its AI estate ahead of the EU AI Act's high-risk obligations coming into force. The original Big-4 consultancy estimate was 18 months.
The agency had no baseline AI inventory. Internal estimates of the AI footprint ranged from 30 systems to 200 systems, depending on definition.
The Director General had committed to publishing an algorithmic transparency record for every high-risk system by year-end. Three of the candidate systems served citizens directly.
Stood up a working AI inventory platform in week 1, with a workflow for business owners to declare systems, attach documentation and self-classify against AI Act risk tiers.
Ran classification workshops with operational leads in every directorate, with a Moweb partner in the room. By week 6, 147 AI systems had been inventoried and 23 classified as high-risk.
Began remediating the top three high-risk systems in parallel - producing technical documentation, post-market monitoring plans, conformity-assessment artefacts and algorithmic transparency records in the AI Act's required format.
Published transparency records in two languages (national and English) on the agency's public website, ahead of the regulatory deadline. Moweb continues as managed-service partner for the next remediation cohort.
We started with no inventory and finished with a working operating model. The transparency records on our website are the proudest artefact this directorate has produced.