Key takeaways:
- The EU AI Act, GDPR, NIS2, DORA, CSRD and AML/AMLR now impose direct obligations on SMEs, with a key deadline in August 2026 for high risk systems.
- Compliance with the EU AI Act can cost between 20,000 and 200,000 euros for an SME developing or deploying a high risk system.
- Eterra Partners is partnering with Themio, an automated compliance platform, to make its institutional expertise accessible to thousands of SMEs simultaneously.
- Themio identifies applicable obligations and generates a sourced audit report in under two minutes, with data hosted exclusively in the EU.
Your EU compliance obligations changed
Since February 2025, the first obligations under the EU IA Act apply to every company using an
artificial intelligence system, including through third-party software. The deadline for
high-risk systems falls in August 2026.
Alongside it, GDPR, NIS2, DORA, CSRD, and the new AML/AMLR framework continue to generate
direct obligations for SMEs. Seven regulations that overlap, update quarterly, and carry
penalties that can reach millions of euros.
The problem isn’t intent. It’s access to information. Identifying which rules apply to your
business, documenting your obligations, demonstrating compliance, without dedicated resources,
that’s weeks of internal work or tens of thousands of euros in external advisory fees.
Between €20,000 and €200,000: the estimated cost of EU AI Act compliance for an SME
developing or deploying a high-risk system.
What Is a High Risk AI System?
An AI system is classified as high risk when it plays a role in decisions that directly affect people, for example recruitment, credit approval, access to a public service or candidate evaluation. The EU AI Act requires these systems to undergo a mandatory conformity assessment, maintain complete technical documentation and ensure human oversight. This is the category that must be compliant by August 2026.
The Eterra Partners x Themio Partnership
Eterra Partners has partnered with Themio, the automated regulatory compliance platform, to support its development and ensure its technical alignment with European regulatory frameworks.
This partnership brings together two complementary strengths. Eterra’s institutional experience, with more than twenty years in compliance, corporate governance and AML frameworks, and Themio’s technological ability to make that expertise accessible to thousands of SMEs simultaneously.
For Eterra’s clients, this means an operational tool available immediately. For Themio’s users, it means a level of regulatory rigor that few SaaS solutions can claim.
The date to remember: August 2026
This is the deadline at which obligations for high risk AI systems become fully binding. Affected SMEs have every interest in identifying their situation before this date, rather than discovering a shortfall once an inspection is underway.
What Themio actually does
Themio analyzes a company’s internal documents, identifies the applicable regulatory obligations and generates structured audit reports, with exact citations of the relevant legal texts. Results in under two minutes.
- Seven European regulations covered: EU AI Act, GDPR, NIS2, DORA, CSRD, AML, AMLR (in effect in 2027).
- Each recommendation links back to the exact applicable article of law.
- Data hosted exclusively within the European Union.
- Available in 37 countries.
- Themio identifies and structures your obligations. For high risk AI systems subject to a mandatory conformity assessment, engaging a notified body is still required. Themio prepares this process, it does not replace it.
Eterra's expertise behind the product
Eterra Partners contributes to Themio’s development by translating more than twenty years of institutional compliance experience (international financial institutions, European regulatory frameworks, governance and integrity) into the logic of a technology tool designed for SMEs.
This involvement brings three things:
- Precise alignment with current European regulatory texts
- Full traceability of every recommendation generated
- Data hosting compliant with European digital sovereignty requirements
For companies already supported by Eterra Partners, Themio becomes the operational layer that extends the advisory relationship. Continuous compliance monitoring, not a static PDF report delivered once a year.
Key Figures
7
European regulations covered
< 2 min
to generate an audit report
20 ans
of institutional compliance experience
100% EU
data hosting
YOUR QUESTIONS
Frequently Asked Questions
Before contacting us, you may have these questions. Here are direct answers from our senior consultants.
What is the Eterra Partners x Themio partnership?
Eterra Partners has partnered with Themio, an automated regulatory compliance platform, to support its development and ensure the rigor of its analyses. Eterra brings more than twenty years of institutional compliance expertise (international financial institutions, AML/CFT frameworks, governance and integrity) to the technology product. Every recommendation generated by Themio is sourced with an exact citation of the applicable legal text, and all data is hosted exclusively within the EU.
Which European regulations apply to SMEs in 2026?
In 2026, European SMEs face obligations arising from several converging frameworks. The EU AI Act (EU Regulation 2024/1689) applies to any company using an AI system, with initial obligations in force since February 2025 and a critical deadline for high risk systems in August 2026. GDPR, NIS2 (EU Directive 2022/2555), DORA (EU Regulation 2022/2554), CSRD and the AML/AMLR framework round out this picture. Themio covers all seven regulations in a single analysis in under two minutes.
Does the EU AI Act already apply to SMEs?
Yes, partially. The EU AI Act is coming into force progressively. Prohibited AI practices have been banned since February 2025. Obligations for general purpose AI (GPAI) systems have applied since August 2025. Obligations for high risk systems become fully binding in August 2026. An SME using an automated recruitment tool, a credit scoring system, or certain chatbots may already be affected. The first step is determining which category applies.
How much does EU AI Act compliance cost for an SME?
This depends on the SME’s role and the risk level of its AI systems. For SMEs deploying high risk systems, current estimates (Witness Compliance, CEPS, Wavect, 2025 to 2026) range from 20,000 to 200,000 euros. SMEs using tools not classified as high risk can often manage with a few thousand euros of internal work to update their policies and train their teams. Themio helps companies pinpoint their exact situation before committing a budget.
What is the difference between a tool like Themio and traditional compliance consulting?
Traditional compliance consulting delivers a tailored analysis, produced once. This is the right approach for complex situations or high risk systems subject to a mandatory conformity assessment. Themio addresses a different need. Identifying regulatory obligations, documenting gaps, and tracking compliance on an ongoing basis. The two approaches are complementary. Themio for continuous monitoring, Eterra Partners for strategic advisory mandates or situations requiring expert human judgment.
Support tailored to your starting point
Not sure which regulations apply to you, or where to start? Two options are available depending on your needs. With its triple expertise in governance, compliance and European financing, Eterra Partners helps SMEs and mid sized companies secure their compliance, now supported by Themio for day to day operational monitoring.


