AI Act Ready

From 0 to AI Act Compliant in 10 Days: the Studio Alfa Case

How an 8-person tax advisory firm completed AI Act compliance in 10 working days, with documented training, an internal AI policy, and client disclosure in line with EU requirements.

15 January 2026

10 days

Tax Advisors

Measured results

AI literacy training hours documented

Before

After

24h/person

+∞

AI tools inventoried and classified

Before

After

7 tools

Internal AI policy

Before

None

After

Adopted & signed

✓

Client AI disclosure (Art. 50)

Before

None

After

Adopted

✓

Context

Studio Alfa is a tax advisory firm with 8 staff members, founded in 2008, primarily serving SMEs and self-employed professionals in the Milan area. In January 2026, during a team meeting, it emerged that 6 of their 8 staff were using AI tools daily — ChatGPT for drafting opinions, Microsoft Copilot for document summaries, DeepL for translations, and various sector-specific tools.

Nobody had talked about it openly. Nobody had asked for authorisation. And nobody knew that since 2 February 2025 there has been a mandatory AI literacy training requirement for all employees using AI systems (AI Act Art. 4).

The Challenge

Three concrete risks had already materialised before our intervention:

1. Ungoverned Shadow AI A client's financial data had been entered into ChatGPT for a comparative analysis — without checking OpenAI's privacy policy, without knowing whether data was being used for training, and without informing the client. A potential hidden GDPR incident.

2. Zero Documented AI Literacy No formal training had ever been provided. With the Art. 4 deadline already passed, the firm was technically non-compliant — even though nobody realised it yet.

3. No Client Disclosure Art. 50 of the AI Act requires that clients are informed when AI systems are involved in interactions with them. The firm's engagement letters contained no reference to the AI tools in use. Neither did they address Italy's national transposition requirements (analogous to Art. 13 provisions under Law 132/2025).

The Intervention — AIRA Method, Phase A (Assessment)

Gitogi's AI Act Ready service covers the Assessment phase of the AIRA method: complete diagnosis, compliance documentation and initial training.

Days 1–2 — Assessment and inventory

The first step was a complete inventory of AI tools in use at the firm. The results surprised even the management:

Tool	Declared Use	Data Processed	AI Act Risk
ChatGPT (OpenAI)	Opinion drafts, analysis	Client data, financials	Low (internal professional use)
Microsoft Copilot	Summaries, emails	Firm & client data	Low
DeepL	Document translation	Client documents	Minimal
Kira Systems	Contract review	Client contracts	Low
Lexis+AI	Case law research	Queries	Minimal
PratoNeve (ERP)	Automated accounting	Tax data	Low
Management plugin	F24 form completion	Tax data	Low–Medium

Each tool was classified according to the AI Act taxonomy (Art. 6, Annex III) and its data practices analysed against the GDPR.

Days 3–5 — Compliance documentation

With the full picture clear, we produced the core documentation:

Internal AI Policy (8 pages) Usage rules for each tool, list of authorised and prohibited tools, approval procedure for new tools, incident responsibility chain, annual update plan. Signed by all staff on day 5.

AI Disclosure Template for Engagement Letters A clause compliant with AI Act Art. 50 and analogous national transparency obligations, to be inserted into all new engagement letters and communicated to existing clients via a separate information letter.

Shadow AI Procedure A simple assessment form to complete before using any new AI tool: 5 questions, 10 minutes, stored in the shared cloud.

Days 6–8 — AI Literacy Training (Art. 4)

We delivered two training sessions:

AI Literacy Workshop — Full firm (4 hours)

What the AI Act is and why it matters to every professional firm
How to distinguish high-, medium- and low-risk AI systems
What algorithmic bias is and how to recognise it
Practical daily use rules: what's allowed, what isn't
Simulations: 3 AI use cases that would have created problems

Advanced training — 2 partners (2 hours)

AI governance for a professional firm: roles and responsibilities
How to manage an AI incident
Regulatory update roadmap for 2026

All participants signed the training register — the key document for demonstrating Art. 4 compliance.

Days 9–10 — Validation and handover

The final step: a 32-point checklist (derived from our "AI Act Ready" checklist) to verify that every obligation was covered. Three points were partially open — we resolved them during the final sessions.

On day 10, the firm received:

Signed AI policy
Complete training register
Client disclosure template
Compliance checklist showing "green" on all points
90-day roadmap for continuous monitoring

Measured Results

At the end of the project, the picture was radically different from day 1:

From shadow AI to AI governance: 7 tools previously used without governance now have clear rules, identified owners and an approval procedure for new tools.

Art. 4 compliance achieved: 24 hours of documented AI literacy training per staff member (8 people × 4 hours for staff + 2 hours for partners). The register is ready for any inspections.

Client disclosure active: The new information letter was sent to all active clients (approximately 140 businesses and professionals). No opt-outs received.

Zero open points: The 32-point checklist shows "green" on all items.

This case study was completed on 24 January 2026. The declared limitations above are an integral part of this documentation.

Declared Limitations

Transparency is part of our method. Here's what this case study doesn't prove.

This firm already had solid GDPR awareness: firms with less compliance experience may need 15–20 working days.
The AI Act is rolling out in phases: compliance must be reviewed at each regulatory deadline (Feb 2025, Aug 2025, Aug 2026).
We did not measure the economic ROI of this project: the objective was compliance, not operational efficiency.
The testimonial is from the firm's managing partner: we did not collect feedback from all staff members.

“We were afraid the AI Act would be a huge problem. Gitogi showed us that with a clear method, it can be resolved in two weeks. And now we know exactly what to do when the next deadlines arrive.”

Managing Partner

Founding Partner — Studio Alfa (name anonymised on request)

Want similar results for your firm?

Book a free call. We'll analyze your situation and tell you honestly whether AIRA is the right fit.