Designing an Effective Governance Framework for AI Compliance in SMEs under the EU AI Act
DOI:
https://doi.org/10.63282/3050-9246/ICRTCSIT-138Keywords:
EU AI Act, SME Governance, AI Compliance, High-Risk AI, Regulatory Sandboxes, Quality Management System, HR Tech, TransparencyAbstract
The EU AI Act, set for enforcement in 2026, imposes stringent compliance requirements on small and medium-sized enterprises (SMEs) deploying high-risk AI systems, such as HR CV screeners. These obligations, while critical for trust and safety, pose resource challenges for SMEs. This paper proposes a modular, cost-effective governance framework tailored to SMEs, aligning with the Act’s six pillars: risk management, data governance, technical documentation, human oversight, transparency and cybersecurity. Drawing on regulatory texts, cost studies and pilot programs like EU sandboxes and European Digital Innovation Hubs (EDIHs), we outline a step-by-step lifecycle covering system inventory, quality management systems (QMS), risk management and continuous improvement. Our framework, tested via simulations with a prototype HR CV screener, reduces compliance costs by 20% and enhances stakeholder trust. This blueprint empowers SMEs to operationalize compliance-by-design, turning regulatory demands into competitive advantages
Downloads
References
[1] European Parliament, “EU AI Act: First regulation on artificial intelligence,” 2024. https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation- on-artificial-intelligence
[2] Intellera Consulting, “The AI Act: Help or hindrance for SMEs?” 2024. https://www.intelleraconsulting.com/wp- content/uploads/2024/07/AIactpaper_v16_singola_web.pdf
[3] European Commission, “Small Businesses’ Guide to the AI Act,” 2024. https://artificialintelligenceact.eu/small-businesses-guide-to-the-ai-act/
[4] European Commission, “Commission announces renewed funding for 83 European Digital Innovation Hubs,” 2024. https://digital-strategy.ec.europa.eu/en/news/commission-announces- renewed-funding-83-european-digital-innovation-hubs-will-support-eus-ai-first
[5] A. Lee, “Operationalising AI Regulatory Sandboxes under the EU AI Act,” arXiv, 2025: https://arxiv.org/pdf/2509.05985.pdf
[6] European Commission, “European Digital Innovation Hubs,” 2024. : https://digital- strategy.ec.europa.eu/en/policies/edih
[7] Thirunagalingam, A. (2022). Enhancing Data Governance Through Explainable AI: Bridging Transparency and Automation. Available at SSRN 5047713.
[8] Kovvuri, V. K. R. (2024). The Role of AI in Data Engineering and Integration in Cloud Computing. International Journal of Scienfific Research in Computer Science, Engineering and Information Technology, 10(6), 616-623.
[9] Mohanarajesh Kommineni, Swathi Chundru, Praveen Kumar Maroju, P Selvakumar, (2025), Ethical Implications of AI in Sustainable Development Pedagogy, Rethinking the Pedagogy of Sustainable Development in the AI Era, 17-36, IGI Global Scientific Publishing.
[10] Kulasekhara Reddy Kotte. 2025. ERP-Based Framework for Transparent and Immutable Audit Trails in Financial Reporting.
[11] Vegineni, G. C. (2024). Designing Secure and User-Friendly Interfaces for Child Support Systems: Enhancing Fraud Detection and Data Integrity. AIJMR-Advanced International Journal of Multidisciplinary Research, 2(3).
[12] Lakshmi Narasimha Raju Mudunuri, Pronaya Bhattacharya, “Ethical Considerations Balancing Emotion and Autonomy in AI Systems,” in Humanizing Technology With Emotional Intelligence, IGI Global, USA, pp. 443-456, 2025.
[13] Hullurappa, M. (2022). The Role of Explainable AI in Building Public Trust: A Study of AI-Driven Public Policy Decisions. International Transactions in Artificial Intelligence, 6.
[14] Bhagath Chandra Chowdari Marella, “Scalable Generative AI Solutions for Boosting Organizational Productivity and Fraud Management”, International Journal of INTELLIGENT SYSTEMS AND APPLICATIONS IN ENGINEERING, vol. 11, no.10, pp. 1013–1023, 2023.
[15] Mohanarajesh, Kommineni (2024). Develop New Techniques for Ensuring Fairness in Artificial Intelligence and ML Models to Promote Ethical and Unbiased Decision-Making. International Journal of Innovations in Applied Sciences and Engineering 10 (1):47-59.
[16] M. Kommineni, S. Panyaram, S. Banala, G. C. Vegineni, M. Hullurappa and S. K. Sehrawat, "Optimizing Processes and Insights: the Role of Ai Architecture in Corporate Data Management," 2025 International Conference on Data Science and Business Systems (ICDSBS), Chennai, India, 2025, pp. 1-7, doi: 10.1109/ICDSBS63635.2025.11031505.
[17] Thallam, N. S. T. (2025). Implementing Zero Trust Security in Multi-Cloud Ecosystems: Strategies and Best Practices for Securing Big Data Workloads. European Journal of Advances in Engineering and Technology, 12(7), 11-18.
[18] Reddy, R. R. P. (2024). Enhancing Endpoint Security through Collaborative Zero-Trust Integration: A Multi-Agent Approach. International Journal of Computer Trends and Technology, 72(8), 86-90.
[19] Arpit Garg, S Rautaray, Devrajavans Tayagi. Artificial Intelligence in Telecommunications: Applications, Risks,and Governance in the 5G and Beyond Era. International Journal of Computer Techniques – Volume10Issue1,January - February – 2023. 1-19.
[20] Kanji, R. K. (2021). Federated data governance framework for ensuring quality-assured data sharing and integration in hybrid cloud-based data warehouse ecosystems through advanced ETL/ELT techniques. International Journal of Computer Techniques, 8(3), 1-9.
[21] Varinder Kumar Sharma - AI-Based Anomaly Detection for 5G Core and RAN Components - International Journal of Scientific Research in Engineering and Management (IJSREM) Volume: 06 Issue: 01 | Jan-2022 .DOI: 10.55041/IJSREM11453
