Human2Human

Skip to content
Human2Human

AI safety

Ship AI you can defend to the board and the regulator

EU AI Act and GDPR compliance. LLM red teaming. Internal usage policies. Audit-ready documentation.

What we cover

EU AI Act mapping

We classify your AI systems by risk tier (minimal, limited, high, unacceptable) and prepare documentation to meet the obligations for each tier.

LLM red teaming

We test prompt injection, jailbreaking, data exfiltration, and bias scenarios. You get a report listing discovered risks and mitigation recommendations.

AI usage policy

We write an internal policy covering what employees may do with AI, which data they may share, and how to report an incident.

GDPR alignment

DPIA review, data processing agreements, data residency, subject rights - all in the context of LLM systems.

Audit documentation

We prepare the documentation internal and external auditors expect: logs, audit trail, data lineage, model cards, risk register.

Leadership briefing

A short session for the executive team and legal: what the AI Act is, why it matters, which decisions you must make, and who has to sign them off.

How an engagement runs

  1. 01

    Kickoff and inventory

    We list every AI system you use or plan to - commercial and internal. We identify owners, data, and user groups.

  2. 02

    Risk assessment

    For each system we classify risk against EU AI Act, GDPR, and internal policies. Output: a prioritized risk register.

  3. 03

    Red team session

    We target your highest-risk LLM applications - we break them and document what works and what doesn't.

  4. 04

    Documentation and report

    You receive a usage policy, audit documentation, the red team report, and a board-level summary.

Frequently asked

If your company operates in the EU or offers an AI system to EU users - yes. Obligations depend on the system's risk tier and your role (provider, deployer, importer).
Obligations phase in. The prohibition on unacceptable-risk systems applies from Feb 2025, GPAI obligations from Aug 2025, and remaining obligations through 2027. We map your specific requirements in the kickoff session.
Controlled adversarial testing of your own AI systems before someone else does it to you. We test prompt injection, jailbreaking, data leaks, and unsafe inputs. Focus is on realistic scenarios - not theoretical CVEs.
Because your employees do - with private ChatGPT accounts, in browsers, with no oversight. The first thing we do is a 'shadow AI' audit - what's actually happening in your organization.

Ready for AI that passes audit?

One-week risk assessment. Fixed price.

We're here for you