Anti-Money Laundering (AML) and Financial Compliance

AI Auditing & Governance Course | EU AI Act (Spain)

An online professional certificate that takes you from the fundamentals of AI governance to audit-ready command of Regulation (EU) 2024/1689 — so you can assess, document and defend the AI systems your organisation builds or buys.

  • 85 students
  • Last Updated on June 5, 2026

Resumen

 

AI Auditing & AI Governance

This course trains professionals to audit and govern AI systems under the EU AI Act.

The EU AI Act is the world’s first comprehensive legal framework for AI. For a deeper breakdown of the law’s structure, see our guide on AI risk classification under the EU AI Act and our overview of AESIA in Spain. Officially, the Act is set out in EUR-Lex and the European Commission’s AI Act policy page.

Across five modules you will learn the Act's risk-based classification, the obligations placed on providers and deployers, Spain's AESIA supervision framework, AI risk management and fundamental-rights impact assessment, conformity assessment and internal auditing, and the ISO/IEC 42001 AI management-system standard. By the end you can run an internal AI audit, build the technical documentation a regulator expects, and lead an organisation's AI compliance programme. 

 

WHY THIS MATTERS NOW

The EU AI Act is the world's first comprehensive law for artificial intelligence, and it is already live. Its bans on the most harmful AI practices have applied since February 2025, the rules for general-purpose AI models since August 2025, and the penalty regime is in force. What changed in 2026 is the timetable for the heaviest obligations: under the Digital Omnibus on AI agreed by EU institutions in May 2026, the requirements for high-risk systems were deferred — Annex III (use-based) systems now apply from 2 December 2027, and AI embedded in regulated products (Annex I) from 2 August 2028. Other transparency duties still arrive on 2 August 2026.

Read that as a runway, not a reprieve. Building an AI inventory, classifying systems, producing technical documentation, standing up an AI governance committee and passing an internal audit is 12–18 months of work, not a weekend project. The organisations that will be ready in 2027 are the ones building the capability now — and the professionals who can lead that work are scarce.

Spain has moved faster than most. It became the first EU member state to create a dedicated national AI authority, the Agencia Española de Supervisión de la Inteligencia Artificial (AESIA), which already runs a regulatory sandbox for high-risk systems and has issued a growing series of technical guides interpreting the Act. When the rules bite, AESIA will act as Spain's market-surveillance authority with inspection and sanctioning powers. If you operate AI in Spain, this is the body whose expectations you need to meet — and this course is built around them.

 

THE COST OF GETTING IT WRONG

The EU AI Act carries one of the steepest penalty regimes in European digital law. Under Article 99, fines run to three tiers, charged at whichever is higher — the fixed amount or a share of worldwide annual turnover:

  • Up to €35 million or 7% of global annual turnover for deploying a prohibited AI practice.
  • Up to €15 million or 3% for breaching the core obligations on providers, deployers and transparency.
  • Up to €7.5 million or 1% for supplying incorrect or misleading information to authorities or notified bodies.

Resultados del aprendizaje

By the end of the course you will be able to:

  • Classify any AI system correctly across the Act's four risk tiers and explain the consequences of each
  • Map the obligations that fall on providers, deployers, importers and distributors — and identify which role your organisation plays
  • Conduct a fundamental rights impact assessment and a structured AI risk assessment
  • Build the evidence file a regulator expects: technical documentation, model cards, data sheets and audit trails
  • Run an internal AI audit and prepare a high-risk system for conformity assessment and inspection
  • Test AI systems for bias, explainability, robustness, cybersecurity and human oversight
  • Stand up the governance structures — AI committees, escalation models, incident reporting and continuous monitoring — that keep compliance live
  • Align with ISO/IEC 42001, ISO 31000 and the NIST AI RMF so your programme maps to recognised international frameworks

Requisitos

There are no formal prerequisites. This course is designed to be accessible whether you are coming from a compliance, legal, risk, technical or management background — or moving into AI governance from a different field entirely. You do not need prior knowledge of AI systems or EU regulation. Module 1 builds the foundation from scratch, and every subsequent module layers on top of it. All you need is a professional interest in AI compliance and the intention to apply what you learn.

Este curso incluye

  • 5 modules and 20 focused lessons moving from AI and governance fundamentals to audit-ready practice
  • EU AI Act compliance coverage built around the law as it stands in 2026, including the updated high-risk timetable
  • Spain-specific content on AESIA, the national supervisory framework and enforcement structures
  • Practical audit tools — internal audit methodology, technical documentation templates, conformity assessment guidance and audit testing techniques
  • ISO/IEC 42001 alignment showing how the international AI management-system standard maps to the Act's requirements
  • Fundamental rights and AI risk assessment frameworks you can apply immediately inside your organisation
  • Online, self-paced access on any device, so you study around your schedule
  • Certificate of Completion from the Spanish Compliance Institute on finishing the course

Certificación

Certificación

On completion you receive a [Certificate of Completion] from the Spanish Compliance Institute, confirming you have covered EU AI Act compliance, AI auditing and AI governance to a professional standard.

Por qué elegirnos

The Spanish Compliance Institute builds practitioner-focused compliance training for businesses operating under Spanish and EU regulation. This course reflects that focus: it is current (built around the 2026 timeline and AESIA's own guidance), practical (every module ends in something you can do, not just recall), and dual-purpose — equally useful whether you are certifying yourself or rolling consistent training out across a team.

Oportunidades profesionales

Demand for qualified AI governance and auditing professionals is outpacing supply across Spain and the EU, and the gap will widen as high-risk obligations come into force in 2027 and 2028. This course prepares you for roles including:

  • AI Compliance Officer — owning the internal AI governance programme and regulatory reporting
  • AI Auditor — conducting internal audits of AI systems and preparing organisations for conformity assessment
  • Data Protection Officer (DPO) — extending existing GDPR responsibilities to cover AI-specific obligations under the Act
  • AI Risk Manager — identifying, assessing and controlling AI-related risks across the enterprise
  • AI Governance Consultant — advising organisations on EU AI Act compliance, AESIA alignment and ISO/IEC 42001 implementation
  • Chief Compliance Officer / Head of Risk — building board-level AI oversight and accountability structures
  • AI Product Compliance Lead — ensuring AI systems meet regulatory requirements before and after deployment

Currículum

1

Module 1 - Foundations of AI Governance and the EU AI Act

4 • 2 hours

  • 1.1 Fundamentals of Artificial Intelligence, Machine Learning, and Generative AI
  • 1.2 Principles of AI Governance, Accountability, and Responsible AI
  • 1.3 Regulation (EU) 2024/1689: Structure, Scope, and Key Definitions
  • 1.4 Risk-Based Classification of AI Systems: Prohibited, High-Risk, Limited-Risk, and Minimal-Risk
2

Module 2 - Legal, Regulatory, and Compliance Frameworks for AI Systems

4 • 2 hours

  • 2.1 EU AI Act Obligations for Providers, Deployers, Importers, and Distributors
  • 2.2 GDPR, Data Protection, and Privacy Compliance in AI Systems
  • 2.3 Spain's National AI Governance Framework, AESIA, and Enforcement Structures
  • 2.4 Transparency, Human Oversight, Documentation, and Recordkeeping Requirements
3

Module 3 - AI Risk Management, Controls, and Internal Governance

4 • 2 hours

  • 3.1 AI Risk Identification, Assessment, and Fundamental Rights Impact Analysis
  • 3.2 Governance Structures: AI Committees, Compliance Officers, and Board Oversight
  • 3.3 Vendor Risk, Third-Party AI Systems, and Procurement Due Diligence
  • 3.4 Internal Policies, Incident Reporting, Escalation Models, and Continuous Monitoring
4

Module 4 - AI Auditing, Assurance, and Conformity Readiness

4 • 2 hours

  • 4.1 Internal Audit Methodologies for AI Systems and Governance Reviews
  • 4.2 Technical Documentation, Model Cards, Data Sheets, and Audit Evidence Preparation
  • 4.3 Conformity Assessment, High-Risk AI System Controls, and Regulatory Inspection Readiness
  • 4.4 Audit Testing for Bias, Explainability, Robustness, Cybersecurity, and Human Oversight
5

Module 5 - ISO Standards, Cybersecurity, and Operational Compliance

4 • 2 hours

  • 5.1 ISO/IEC 42001 AI Management Systems and Governance Frameworks
  • 5.2 ISO 31000, NIST AI RMF, and Enterprise Risk Alignment for AI Compliance
  • 5.3 ENISA Guidance, AI Cybersecurity Controls, and Incident Response Planning
  • 5.4 MLOps Governance, Model Lifecycle Controls, and Secure AI Operations
6

Mock Exam (AI Auditing)

1 • 30 minutes

7

Final Exam (AI Auditing)

1 • 30 minutes

Preguntas Frecuentes

Sí. El Reglamento entró en vigor el 1 de agosto de 2024 y se aplica por fases. Las prohibiciones sobre prácticas de IA prohibidas rigen desde febrero de 2025, las normas para modelos de propósito general desde agosto de 2025 y el régimen sancionador ya está activo. Las obligaciones para sistemas de alto riesgo se aplazaron en mayo de 2026 y ahora se aplican desde el 2 de diciembre de 2027 (y desde agosto de 2028 para la IA integrada en productos regulados).

Sí. Una sección específica aborda el marco nacional de España, el papel de AESIA como autoridad supervisora de IA del país y cómo funcionará la aplicación práctica de las normas, en paralelo a las reglas de ámbito europeo.

El curso cubre la ISO/IEC 42001 —el estándar internacional de sistemas de gestión de IA— y muestra cómo se alinea con los requisitos del EU AI Act, para que puedas diseñar un programa que funcione tanto para el regulador como para tus clientes.

Las multas llegan hasta 35 millones de euros o el 7% de la facturación anual mundial por prácticas prohibidas, hasta 15 millones de euros o el 3% por incumplir obligaciones esenciales de proveedores y usuarios, y hasta 7,5 millones de euros o el 1% por engañar a los reguladores. El curso explica cómo se aplica cada tramo y cómo evitarlos.

Sí. El curso está diseñado para que un equipo completo comparta un único estándar coherente de gobernanza y auditoría de IA.

No. El curso comienza por los fundamentos tanto de la IA como de la gobernanza de IA y después avanza hasta la práctica lista para auditoría. Está diseñado para profesionales de cumplimiento, riesgos, legal, TI y producto por igual, así como para personas que se incorporan por primera vez al ámbito de la gobernanza de IA.

Sí. El Módulo 4 está diseñado en torno a la metodología de auditoría interna, la evaluación de conformidad, la preparación de evidencia de auditoría y las pruebas de los sistemas de IA para detectar sesgos, evaluar explicabilidad, robustez, ciberseguridad y supervisión humana.

AiAuditing_Governance
$60.00
Este curso incluye
  • 11 hours
  • Acceso desde móvil y PC
  • Materiales de estudio incluidos
  • Certificado de finalización