AI Act · ISO/IEC 42001 · Governed automation

Adopt AI with method, control and measurable results.

We help SMEs govern and automate artificial intelligence — from real processes to rules, all the way to everyday adoption. Not yet another tool: a method.

NOMO norm · TECN technique · IA.

01 · The problem

AI has already entered your company.
Without direction, it becomes chaos.

Tools used individually, untracked, unstandardised. This is shadow AI: ungoverned, unmeasured use, not integrated into processes.

  • No map of the processes truly worth automating.
  • No policy on the use of AI and company data.
  • Uncertainty around the AI Act, accountability and output quality.
  • Technology purchased and never adopted.

The deadlines that matter

  1. Aug 2024

    AI Act in force (Reg. EU 2024/1689).

  2. Feb 2025

    Unacceptable-risk systems banned; AI literacy obligation.

  3. Aug 2025

    GPAI rules, national authorities and penalties already applicable.

  4. Dec 2027

    Full obligations for high-risk systems.

Source: Reg. (EU) 2024/1689, arts. 4, 5, 99, 113 · penalties up to €35M or 7% of turnover

02 · What we do

Two levers, one promise.

Governed · AI Act art. 26

01 · Automation

We automate real processes

Documents, workflows, back office, sales, marketing. Governed assistants and prototypes: built, tested and genuinely adopted by the team — not demos that stay in a drawer.

02 · AI Governance

We prepare the company for the regulatory side

Policy, register of systems, risk assessment, human oversight. AI Act and ISO/IEC 42001: ready for the audits and certifications that Europe will require from anyone using AI.

It isn't "using ChatGPT". A governed automation is a process: it starts from a trigger, follows defined rules, produces a verifiable output and hands over to a person when a check is needed. Traceable, repeatable, measurable.

Trigger

Email · PDF · Leadsomething arrives

Rules

Defined logicwhat to do, when

Output

Verifiabletraced and repeatable

Oversight

The person decides

The golden rule: first order in your processes, then AI. On top of chaos, artificial intelligence only amplifies the chaos.

03 · The method

From chaos to the first governed results, in six stages.

  1. Map processes, maturity, initial risks.

    We map processes, data and digital maturity, pinpointing where AI creates value and where it hides risk.

  2. Value/feasibility/risk matrix, 90-day roadmap.

    We rank use cases by value, feasibility and risk, turning them into a 90-day roadmap.

  3. Policy, roles, register, human oversight.

    We set policy, roles, a systems register and human oversight — the foundation of AI Act compliance.

  4. Automation sprint, documented workflow, tests.

    We build and test governed automations, with documented workflows and verifiable output.

  5. Procedures, materials, handover, KPIs.

    We hand over procedures, materials and KPIs to the team, so the automation is actually adopted.

  6. Scalable package, annual plan.

    We consolidate what works into a repeatable package and an annual plan for governed growth.

04 · Free diagnosis

Is your company ready for AI?

Not every process should be automated straight away. Here are the signals — then measure your readiness, right now, without leaving your email.

Ready if

  • A repetitive and frequent process.
  • Data and documents already in digital form.
  • Recognisable rules, even with exceptions.
  • A decision-maker who owns the process.

Order first

  • Processes that live only in people's heads.
  • Data on paper or scattered, with no single source.
  • You expect AI to "sort out the mess".
  • No one will follow up on the automation after launch.

05 · Services

Four lines, one journey.

AI Readiness & Strategy

Assessment, process map, priority use cases, roadmap and phased business case.

AI Governance & Compliance

Policy, AI register, risk assessment, AI Act and ISO/IEC 42001 readiness, human oversight.

Governed Automation

Automation sprints on selected processes: workflows, controlled assistants, knowledge base.

AI Market Intelligence

Research, trends and regulation turned into useful outputs: observatories, executive briefs, operational notes.

Any company that produces documents, manages clients and moves data has at least three processes worth automating. Here's where, in concrete terms — tap a function.

Document management
Problem: contracts, invoices and archives that are unstructured; data re-keyed by hand.AI: extracts the data, classifies, builds a queryable knowledge base, prepares drafts.Result: less data entry, fewer errors, information in seconds.
Sales / CRM
Problem: slow follow-ups, incomplete CRM, repetitive quotes.AI: summarises calls, updates the CRM, prepares emails and quotes, scores leads.Result: more time to sell, fewer missed opportunities.
Customer support
Problem: the same questions endlessly, long response times.AI: answers recurring requests, routes tickets, prepares drafts the agent verifies.Result: faster answers, the team free for the cases that matter.
Back office / Administration
Problem: reports, accounting and manual checks duplicated.AI: compiles reports, reconciles data, applies checklists, flags anomalies.Result: faster closes, less dependence on a single person.
Marketing
Problem: stop-start content, inconsistent editorial plans.AI: drafts consistent with your tone of voice, editorial plans, campaign variants, analysis.Result: more speed and consistency, with human control over quality.
Management / Decisions
Problem: decisions made on scattered information.AI: periodic executive briefs, market and competitor summaries, text dashboards.Result: faster, better-informed decisions.

The numbers

Adoption racing ahead, value still to be captured.

Verified · public sources
0%

of Italian companies (10+ employees) use AI in 2025: doubled in a year. ISTAT, Enterprises and ICT 2025

0% vs 53.1%

the gap between SMEs and large enterprises. Demand is growing, the SME market is uncovered. ISTAT, 2025

0%

of SMEs using AI are "AI novices": isolated tools, no integration. OECD, 2025

0 hrs / week

saved by 1 in 3 daily AI users. The brake isn't cost, it's method. St. Louis Fed, 2024

The conclusion is our reason for being: AI is everywhere, but without method it stays a cost, not an advantage.

Governance & AI Act

Not just those who develop AI. Those who use it too.

Compliant · AI Act art. 26

"The AI Act concerns those who make AI, not us who use it": false. The Regulation distinguishes the provider from the user (deployer) — and to your SME, almost always a deployer, it assigns obligations of its own:

  • Competent human oversight
  • Control of input data
  • Monitoring of use
  • Logs kept ≥ 6 months
  • Informing workers
  • Transparency towards people

Reg. (EU) 2024/1689, arts. 26 and 50 · Law 132/2025 (Italy)

06 · Why NomotecnIA

Concrete, proportionate, replicable.

Concreteness

We start from real processes, documents and problems, not abstract presentations.

Proportionate governance

Rules suited to the SME, without pointless corporate bureaucracy.

Modularity

You begin with an assessment or a sprint and grow only if you see value.

Technological neutrality

We don't push a single piece of software: we help you choose, integrate and govern.

07 · The model

A journey in stages.

First we understand, then we govern, then we automate — with an investment always proportionate to value, never to hours.

1 · Diagnosis

Start

AI Entry Assessment

from €8,000

A snapshot of the current state: mapping of AI systems, gap analysis against the AI Act and ISO/IEC 42001, prioritised roadmap. The starting point of every journey.

2 · Governance & Compliance

Readiness · Fractional Office

Fractional AI Governance Office from €3,000/month · rest tailored

A governance Starter Kit, an AI Act / ISO 42001 Readiness path and, for those who need continuous oversight, a fractional AI Governance Office.

3 · Governed Automation

Governed Automation Sprint

tailored

A process automation sprint with governance built in by design and vertical toolkits for your sector.

4 · Network programmes

Network AI Program

by project

For associations, districts and supply chains that want to bring governance and automation to an entire network of SMEs.

No inflated price list, no hidden costs. The exact scope is defined after the Assessment: you pay for value, not for hours. Prices exclude VAT.

Frequently asked questions

AI Act, ISO/IEC 42001 and automation: the answers.

What must an SME do to prepare for the AI Act?

Map the AI systems in use (including shadow AI), classify their risk, define policy and responsibilities, ensure human oversight and keep a register. The AI Act has been in force since August 2024; obligations for high-risk systems apply from December 2027. We start from an AI Entry Assessment with a gap analysis and roadmap.

What is ISO/IEC 42001 and does my SME need it?

ISO/IEC 42001 is the first international standard for managing AI in a company (2023). It isn't mandatory, but it provides a recognised, proportionate framework to govern AI and demonstrate trustworthiness. It complements the AI Act.

How much does AI governance advisory cost for an SME?

The starting point is the AI Entry Assessment, from €8,000 (excl. VAT). For continuous oversight, a fractional AI Governance Office from €3,000/month. You pay for value, not for hours.

Where do you start when automating processes with AI?

From order in your processes, not from the tool: map, prioritise by value/feasibility/risk, define the rules, then build governed automations that the team adopts. First order, then AI.

What penalties does the AI Act provide for?

Up to €35M or 7% of worldwide turnover for prohibited practices; up to €15M or 3% for other breaches. For SMEs and start-ups the amounts are proportionate.

What's the difference between using ChatGPT and having AI governance?

Using tools in an untracked way is shadow AI: risks around data, quality and compliance. Governance defines tools, data, human controls and responsibilities — making the use of AI traceable and compliant.

Does Italy have its own AI law?

Yes. Law 132/2025, in force since 10 October 2025, is Italy's first national AI law: it sits alongside the European Regulation (it does not replace it). It designates AgID and ACN as competent authorities; on the personal data side the Garante Privacy remains. The framework is evolving (implementing decrees by October 2026). NomotecnIA oversees both levels, European and Italian.

Do you certify us for ISO 42001?

No — and be wary of anyone who promises it. ISO/IEC 42001 certification is issued only by an accredited body, not by a consultancy. We prepare you for certification (readiness): management system, documentation, policy and controls aligned to the standard. ISO 42001 is voluntary and complements the AI Act, which is instead binding law.

09 · Let's talk

Book a call or write to us.

A 20-minute call to understand whether and how we can be useful to your company. No commitment.

Book on Calendly