AI Law
AI Governance, Risk & Compliance
The regulatory and operational core of running an AI company. Model licensing, EU AI Act compliance, governance frameworks, risk and liability, and cross-border obligations — six services that together cover what it means to deploy AI legally.
EU · UAE · UK · Global
Jurisdictions
AI companies · Deployers · Investors
Who we work with
Free initial consultation
Getting started
Services in this cluster
Six services covering the full governance and compliance lifecycle of an AI product.
AI Governance
AI Model Licensing
Review and drafting of AI model license agreements — output ownership, training data rights, fine-tuning restrictions, and downstream licensing for commercial AI products.
AI Governance
AI Governance & Risk
EU AI Act risk classification, internal AI policies, oversight procedures, and governance frameworks for companies deploying AI in regulated markets.
Frameworks
AI Governance Frameworks
Selection and implementation of NIST AI RMF, ISO 42001, and EU AI Act Annex IV — adapted to your product lifecycle and team structure, not copied from a template.
Legal Opinions
AI Regulatory Opinions
Formal written opinions on EU AI Act classification and compliance obligations — for investor due diligence, board reporting, and regulatory submissions.
Liability
AI Risk & Liability
Structuring liability across the AI supply chain — MSA drafting, indemnification, EU AI Liability Directive compliance, and insurance assessment.
Cross-Border
Cross-Border AI Compliance
EU AI Act, UAE AI regulation, and UK frameworks mapped into one unified compliance model for companies operating across multiple jurisdictions.
ℹ️ Not sure which service fits your situation?
→ Book a free 30-minute call
and we’ll identify the right starting point.
Why governance and compliance come first
EU AI Act is not optional
The EU AI Act’s substantive obligations — risk classification, technical documentation, human oversight for high-risk systems — are in force. Companies that haven’t mapped their AI systems against these requirements are already non-compliant. The question is whether they know it.
Liability follows non-compliance
The EU AI Liability Directive creates a rebuttable presumption of fault for operators of high-risk AI systems that fail to comply with EU AI Act obligations. Legal exposure and regulatory exposure are now directly connected — which means governance isn’t just a compliance exercise.
Investors ask the right questions now
AI due diligence has matured. VC and PE investors now ask specifically about EU AI Act classification, governance documentation, and training data provenance. Companies that arrive at fundraising without a governance framework are negotiating from a weaker position.
How it works
01
Initial assessment
We map your AI systems against EU AI Act risk categories and identify which governance and compliance obligations apply. We tell you what is urgent, what is medium-term, and what doesn’t apply.
02
Framework design
We design the governance structure: risk classification, documentation requirements, internal policies, and oversight procedures — adapted to your product and team, not copied from a template.
03
Documentation
We draft the deliverables: model license agreements, governance frameworks, regulatory opinions, MSAs, compliance policies. Everything is built for your specific situation.
04
Ongoing support
AI regulation evolves. We stay available for updates, new product features, regulatory developments, and follow-up questions — not just at the point of delivery.
Recent work in this cluster
AI Governance · SaaS · Germany
EU AI Act readiness for a multi-product AI platform
Technology company deploying LLMs across client-facing and internal products in EU and UK. No governance structure, unclear risk classification.
→
Full risk classification across all AI use-cases→
Internal AI policy with approval flows and prohibited use rules→
Governance committee with defined roles and escalation procedures→
Training for legal, product, and engineering teams
⏱ 5–6 weeks
AI Governance →
AI Regulatory Opinions · Startup · Germany
Investor due diligence opinion on EU AI Act classification
B2B HR platform using LLMs for candidate screening. Investor requested formal legal opinion before closing a funding round.
→
HR screening classified as high-risk under EU AI Act Annex III→
Formal opinion covering Annex IV and human oversight obligations→
Compliance roadmap and Q&A memo for investor follow-up
⏱ 2–3 weeks
AI Regulatory Opinions →
AI Risk & Liability · Platform · Germany
Liability framework and MSA rebuild for a B2B AI platform
LLM platform automating decisions for enterprise clients. Aggressive indemnification demands in RFPs, unclear liability split.
→
Supply chain liability map across own models and external APIs→
Rebuilt MSA with AI-specific liability caps and indemnification→
Sales negotiation playbook for enterprise liability discussions
⏱ 4–6 weeks
AI Risk & Liability →
Other AI Law practice areas
Structuring
AI Structuring & Investments
IP holding entities, due diligence for AI investments, and jurisdiction selection for AI companies.
View cluster →
Digital Likeness
Digital Likeness & AI Avatars
Consent frameworks, digital persona IP, synthetic media compliance, and post-mortem digital identity.
View cluster →
Questions about AI governance or compliance?
Initial consultation is free. We respond within 24 hours.
Book a consultation →
Or email us directly: legal@wcr.legal