European regulations on data and artificial intelligence are becoming increasingly complex. Companies are struggling to keep up, and the consequences of non-compliance can be severe. ACCOMPLISH is developing a digital tool to simplify the compliance process for businesses, supporting them from identifying relevant regulations to defining the concrete steps needed to comply.
Too many regulations, too little clarity: businesses struggle to keep up
For those working with data and artificial intelligence, navigating the European regulatory landscape can be challenging. The list of applicable regulations is long and complex, and often overlapping, ranging from the GDPR to the AI Act, Data Act, Cybersecurity Act, and Data Governance Act. Legal requirements can also vary from country to country and across sectors. Staying compliant comes at a cost in terms of human resources, time and money. While large corporations may be able to manage the burden of compliance and certification, for SMEs it can become unsustainable, particularly from a financial perspective. For example, maintaining compliance and obtaining certification for a single AI system can cost up to €52,000 per year. However, investing in compliance is worthwhile as it ensures transparency and reliability for clients and partners while helping to avoid legal risks and steep fines. Consider, for example, the AI Act, which provides for penalties of up to €35 million or 7% of a company’s global annual turnover, depending on the severity of the violation. Another challenge lies in demonstrating compliance in a clear and trustworthy way. Currently, traceability and verification by regulators, government bodies, clients, suppliers or partners remain complex and poorly standardised processes.
What is Europe doing?
Clearly, Europe is investing heavily in digitalisation and artificial intelligence. The most recent initiative is the AI Continent Action Plan, which was launched in spring 2025. This strategy aims to promote AI through a variety of measures, including strengthening digital infrastructure, encouraging data sharing, investing in research, and fostering the development of ethical and responsible AI.
“The European strategy is solid and coherent, but since it was conceived and implemented in just a few years, adapting to the new compliance and certification practices is extremely challenging. We’ve gone from a handful of regulations to dozens, sometimes even hundreds,” explains Elisa Spiller, an AI ethics and responsibility expert and consultant at Deep Blue, where she focuses on compliance and certification for data and AI under the European framework.
“One of Europe’s key challenges today,” Spiller continues, “is to reduce the compliance and certification burden for those who want to invest in this sector, while keeping pace with a constantly evolving regulatory framework and avoiding the multiplication of systemic costs. Adapting to this ‘dynamic’ regulatory landscape is perhaps the greatest challenge of all”.
The ACCOMPLISH Project: making compliance automatic, traceable, and accessible
It is in this context that the ACCOMPLISH project was born — a European initiative that tackles the challenges of compliance and certification through automation. “ACCOMPLISH aims to help those developing products and services to understand, from the outset, which rules they must follow and how to comply, by providing a concrete, guided approach,” explains Daniele Ruscio, cognitive psychologist and Human Factors expert at Deep Blue. To this end, we have developed a digital tool that first supports the self-assessment of applicable regulations or regulatory updates within a specific domain or organisational context, and then guides users through the necessary steps to ensure ongoing compliance,” explains Daniele Ruscio, a cognitive psychologist and human factors expert at Deep Blue. As a project partner, he is leading the human-centric methodology for designing and evaluating the tool and its recommendations.
Towards an integrated tool: preliminary analysis and scenario building
The project started with an initial “mapping” phase: researchers from the consortium are currently analysing relevant technologies and regulatory frameworks, as well as the needs of people involved in compliance across different roles and contexts. “Together with our project partners, we’re gathering baseline information and mapping out all the steps that make up the compliance journey. A process that is constantly evolving and requires adaptation over time, not only from organisations, but also from AI products and systems,” explains Ruscio.
“Based on this preliminary analysis — which also includes the main challenges faced by different stakeholders, from researchers to developers to legal experts — we will design concrete models and use cases where ACCOMPLISH can step in to simplify and support the work of compliance professionals,” Ruscio continues. This will lay the groundwork for developing the digital tool, which will need to ‘digest’ all relevant rules, procedures, and systemic compliance components, and provide clear, role-specific guidance on what actions to take to achieve — and maintain — compliance.
A key feature will be the ability to integrate the ACCOMPLISH tool into existing company systems via API interfaces. This will allow businesses to access compliance services directly within their operational environments, receiving personalised, automated, and real-time guidance.
The ACCOMPLISH project case studies
The tool will be tested in four sectors that are increasingly data and AI-driven: energy, manufacturing, automotive and aviation. “The project consortium includes technical partners involved in data collection and system development, as well as operational partners linked to the contexts in which the use cases will be implemented,” explains Ruscio.
In manufacturing, for instance, ACCOMPLISH will help a company optimise workstations while complying with ergonomic standards and workers’ physical capabilities through an AI system that can collect and use certain health data — the responsibility of the occupational physician — for specific tasks on the production line. How can this be done in compliance with the GDPR? Who can access this data? The ACCOMPLISH tool will help define the legal and operational boundaries of the process.
In the automotive industry, the case study involves a partnership between companies that want to develop AI-based systems requiring the recording of driver videos to detect distraction in automated driving scenarios. If videos are modified and given to a third party to train the AI, who owns the resulting data? Who is responsible for storing it? And if a vehicle equipped with such a system were to be sold in Japan, would different rules apply? ACCOMPLISH will guide companies through this complex scenario.
“The aviation case study focuses on Bergamo Airport and specifically addresses the management of data relating to passengers with reduced mobility, to optimise the visibility/opacity of sensitive information such as passenger identity and physical condition, while ensuring compliance throughout the various steps that comprise regulated airport operations (e.g. the need for security personnel to identify passengers vs. the need for ground handlers to ensure passenger privacy without causing delays),” adds Ruscio. This data will then be fed into a centralised Digital Twin system to further improve passenger flow management, and it could also be shared with other parties involved in optimising air traffic management processes. Once again, the ACCOMPLISH tool will guide professionals in collecting and sharing passenger data.
Towards compliance by design
Compliance by design involves applying a systematic approach to integrate regulatory and normative requirements into manual and automated activities and processes. This is precisely what the ACCOMPLISH project is working on: assessing and improving the regulatory compliance of data — and AI-based products from the earliest stages of their development.
“One of the central elements of this approach is the concept of the Compliance Digital Passport: a digital passport for the product that collects key information such as the system type, operations performed on the data, actors involved, application contexts, processes and regulations concerned,” explains Ruscio. “It is a sort of snapshot of the product’s current state with respect to the applicable compliance requirements”. This passport can be used during the product certification phase and is therefore intended for ‘external’ use by government authorities and regulatory bodies. For internal use, i.e. by those working on product development, ACCOMPLISH has devised a multi-level compliance approach in the form of scorecards. These show which parts of the product are compliant, which could be improved, and which do not meet compliance requirements.
“The idea is to provide a clear overview of compliance objectives according to the product’s specific characteristics, and secondly to highlight any current gaps which the idea’s maturity may justify and how it has been developed. In light of this awareness, useful references and tools can then be provided to help developers achieve reliable compliance concerning legal risk management,” emphasises Spiller. “This is an approach to proactive, by-design compliance that Deep Blue has been pursuing for some time in aviation and manufacturing, in both legal and ethical terms”.
“This initiative channels development towards solutions that, at a higher level of maturity and with greater contextualisation in individual sectors rather than in a single project, are supported by industry regulators, IA Offices and the Commission. These solutions can provide highly usable input that is in line with our vision at Deep Blue: that regulation should facilitate, not hinder, healthy innovation,” concludes Spiller.
