Compliance frameworks can feel complex. We've answered the most common questions organisations ask about EU AI Act, GDPR, DORA, NIS2, and getting started with Morclear.
Compliance Essentials
What's the difference between high-risk and low-risk AI?
The EU AI Act defines "high-risk" systems in Annex III — primarily those used in HR screening, credit decisions, law enforcement, biometric identification, and critical infrastructure. A resume screening tool is high-risk; a spam filter is not. Our free assessment tool determines your classification in 10 minutes.
Do I need to comply if I'm not in the EU?
If you deploy AI in the EU or serve EU users, yes. The Act applies globally to systems placed on the EU market. US, UK, and APAC organisations with EU customers need compliance.
What happens if I don't comply by August 2, 2026?
Fines start at €15M or 3% of global turnover. For serious breaches: €35M or 7% of turnover. Beyond fines, non-compliant systems can be banned from EU deployment.
How does EU AI Act overlap with GDPR?
Both apply if you're processing personal data with AI. GDPR governs data handling; the AI Act governs AI system behaviour. You need to comply with both. We show how to build one unified framework and avoid duplicate work.
Do I need to hire a legal team?
Not necessarily. Many mid-market organisations use our frameworks plus a small internal team. You'll want legal review at the end, but our frameworks handle the technical compliance work. That's why we're significantly cheaper than large consulting firms.
What's the time remaining to comply?
Organisations beginning now can be audit-ready by August 2026. Those starting later face increasing risk. The earlier you start, the better positioned you'll be.
Morclear Services
How long does implementation take?
Gap assessment: 2 weeks. Compliance Programme Build: 8–12 weeks. After launch, CORA™ Managed Compliance runs continuous monitoring — not point-in-time audits.
Do you provide legal advice?
No. We provide compliance frameworks, implementation, and managed oversight. All resources include a disclaimer that they are not legal advice. We recommend legal review of final documentation.
How is your pricing structured?
Transparent, engagement-based pricing confirmed before work begins. Gap assessments from €999. Compliance Programme Build and Managed Compliance scoped individually. See services page →
Can we upgrade from gap assessment to CORAâ„¢?
Yes. Most clients start with gap assessment (2 weeks) to understand obligations, then upgrade to Compliance Programme Build. Gap assessment findings inform full programme scope and pricing.
Do you offer Virtual DPO separately?
Yes. Virtual DPO is available as a standalone service for organisations that only need GDPR support without broader compliance frameworks. Learn more →
How do you compare to large consulting firms?
Large firms charge €200k–€500k+ over 6+ months. We deliver in 8–12 weeks at a fraction of the cost. We're compliance specialists using AI to automate the manual work consultancies charge by the hour for.
CORAâ„¢ in Detail
Is CORAâ„¢ self-serve or managed?
CORA™ is fully managed. Morclear operates the AI modules on your behalf. It's not a DIY tool — it's a managed compliance service combining AI-powered automation with expert oversight. A client portal is planned as the business scales.
How does CORAâ„¢ monitor continuously?
CORA™ monitors against regulatory obligations on an ongoing basis — detecting changes, drift, and compliance gaps as they occur rather than at annual audit. Morclear interprets what changed and updates your programme.
What happens when an issue is detected?
CORAâ„¢ alerts you immediately. For serious incidents, we provide classification, reporting templates, and guidance on regulator notification. Proactive management, not reactive.
Can CORAâ„¢ be customised by industry?
Yes. CORA™ covers EU AI Act, DORA, GDPR, NIS2, and ISO 27001 as standard. We customise for your industry's specific risks and regulator expectations — fintech, healthcare, HR tech, critical infrastructure.
Does CORAâ„¢ include bias monitoring?
Yes. CORAâ„¢ scans for demographic parity, equalised odds, and disparate impact across protected attributes. Critical for high-risk AI systems under the EU AI Act.
What is Regulatory Radar?
A weekly regulatory change digest covering EU AI Act, DORA, GDPR, NIS2, and ISO 27001. Monthly expert briefing with impact analysis. Key date tracking and deadline alerts. Available standalone at €199/month, or included in CORA™ Managed Compliance.
What AI does Morclear use?
CORAâ„¢ is powered by the Anthropic Claude API. All AI outputs are reviewed by a Morclear compliance expert before delivery. No client data is used for model training. All processing is routed through EU infrastructure.
Getting Started
What's in a first consultation?
30 minutes, free. We discuss your organisation, AI systems, current compliance efforts, and timeline. You'll understand which frameworks apply and whether Morclear is the right fit.
Who is your typical client?
Mid-market organisations (50–500 people), technology-enabled companies (fintech, HR tech, healthtech, critical infrastructure), and those with high-risk AI needing August 2026 compliance or DORA/NIS2 readiness.
How do we start?
1: Free 10-min assessment → 2: Free 30-min scoping call → 3: Gap assessment (2 weeks) → 4: Compliance Programme Build or Managed Compliance
Can we pay monthly?
For Compliance Programme Build and Managed Compliance, we offer flexible payment terms. Monthly instalments are available and can be discussed during your scoping call.
Who this is for
How it works
Start with a free 10-minute assessment to understand your scope, then book a 30-minute scoping call. We discuss your situation and recommend the right engagement: Gap Assessment, Compliance Programme Build, or Managed Compliance.
Still have questions?
Book a free scoping call with our team. We'll discuss your compliance needs, timeline, and budget — and tell you exactly what applies to your organisation.
Morclear compliance services are provided as practical compliance support and do not constitute legal advice.