02 · Service
Compliance
Engineering
I help teams design and implement privacy controls, DPIA-ready documentation, access and retention logic, and architecture changes that reduce regulatory and customer-diligence risk.
EU AI Act enforcement begins August 2026. If you deploy AI systems in the EU, I can help identify likely exposure and translate requirements into engineering tasks and documentation.
What I provide
Privacy and access controls
Data minimization, role-based access, retention logic, processor boundaries, and audit-ready implementation details built into the system.
DPIA-ready documentation
Practical documentation for high-risk processing activities, written with enough technical detail for legal, product, and engineering teams.
EU AI Act readiness work
Classification support, technical documentation mapping, data governance controls, and engineering tasks for AI systems deployed in or sold into the EU.
Security and NIS2-oriented controls
Incident response, supply chain risk, operational security, and implementation tasks that reduce avoidable compliance exposure.
Digital health and clinical software support
Engineering support around ISO-62304 software lifecycle concerns, MDR technical documentation, clinical data pipelines, and privacy-aware workflows.
How it works
Discovery or audit
Focused initial review
We establish your data flows, product risks and regulatory concerns. A technical audit is available when you need a formal prioritised starting point.
Sprint planning
2-3 days
We choose the highest-impact controls and documentation work that fits your team, budget, and business deadline.
Implementation
2-6 weeks
I work alongside your engineers to implement controls, architecture changes, documentation, and review checkpoints.
Verification
1 week
Final review of the implemented changes and documentation package so the team knows what is complete and what remains.
Typical engagement: 4-8 weeks for review and implementation, depending on the controls and documentation your team needs to implement.
Pricing
Technical Audit
from €1,200
A focused architecture and data-flow review when you need a written risk map and implementation priorities first.
Compliance Engineering
Scoped engagement
Hands-on privacy controls, documentation, architecture changes and verification shaped around the work required.
Final scope depends on timeline, complexity, data sensitivity, compliance exposure, and the level of hands-on implementation support required.
Best for
- +Startups building products that process personal, sensitive, or regulated data
- +Teams processing EU personal data or deploying AI systems in the EU
- +Companies preparing for investor or customer diligence with compliance questions
- +Digital health teams building clinical software or SaMD that needs MDR / ISO-62304 awareness
Not the right fit if
- –Companies needing purely legal advice (I'm an engineer, not a lawyer. I work with your legal team)
- –Organizations looking for checkbox compliance that won't survive an audit
- –Businesses with zero engineering capacity to implement changes
Have questions? Email first, or discuss your compliance engineering needs.