EU AI Act & Digital Compliance Advanced Beginner

AI Auditing & Governance Course | EU AI Act (Spain)

An online professional certificate that takes you from the fundamentals of AI governance to audit-ready command of Regulation (EU) 2024/1689 — so you can assess, document and defend the AI systems your organisation builds or buys.

  • 85 students
  • Last Updated on June 3, 2026

Overview

 

AI Auditing & AI Governance

This course trains professionals to audit and govern AI systems under the EU AI Act.

The EU AI Act is the world’s first comprehensive legal framework for AI. For a deeper breakdown of the law’s structure, see our guide on AI risk classification under the EU AI Act and our overview of AESIA in Spain. Officially, the Act is set out in EUR-Lex and the European Commission’s AI Act policy page.

Across five modules you will learn the Act's risk-based classification, the obligations placed on providers and deployers, Spain's AESIA supervision framework, AI risk management and fundamental-rights impact assessment, conformity assessment and internal auditing, and the ISO/IEC 42001 AI management-system standard. By the end you can run an internal AI audit, build the technical documentation a regulator expects, and lead an organisation's AI compliance programme. 

 

WHY THIS MATTERS NOW

The EU AI Act is the world's first comprehensive law for artificial intelligence, and it is already live. Its bans on the most harmful AI practices have applied since February 2025, the rules for general-purpose AI models since August 2025, and the penalty regime is in force. What changed in 2026 is the timetable for the heaviest obligations: under the Digital Omnibus on AI agreed by EU institutions in May 2026, the requirements for high-risk systems were deferred — Annex III (use-based) systems now apply from 2 December 2027, and AI embedded in regulated products (Annex I) from 2 August 2028. Other transparency duties still arrive on 2 August 2026.

Read that as a runway, not a reprieve. Building an AI inventory, classifying systems, producing technical documentation, standing up an AI governance committee and passing an internal audit is 12–18 months of work, not a weekend project. The organisations that will be ready in 2027 are the ones building the capability now — and the professionals who can lead that work are scarce.

Spain has moved faster than most. It became the first EU member state to create a dedicated national AI authority, the Agencia Española de Supervisión de la Inteligencia Artificial (AESIA), which already runs a regulatory sandbox for high-risk systems and has issued a growing series of technical guides interpreting the Act. When the rules bite, AESIA will act as Spain's market-surveillance authority with inspection and sanctioning powers. If you operate AI in Spain, this is the body whose expectations you need to meet — and this course is built around them.

 

THE COST OF GETTING IT WRONG

The EU AI Act carries one of the steepest penalty regimes in European digital law. Under Article 99, fines run to three tiers, charged at whichever is higher — the fixed amount or a share of worldwide annual turnover:

  • Up to €35 million or 7% of global annual turnover for deploying a prohibited AI practice.
  • Up to €15 million or 3% for breaching the core obligations on providers, deployers and transparency.
  • Up to €7.5 million or 1% for supplying incorrect or misleading information to authorities or notified bodies.

Learning Outcomes

By the end of the course you will be able to:

  • Classify any AI system correctly across the Act's four risk tiers and explain the consequences of each
  • Map the obligations that fall on providers, deployers, importers and distributors — and identify which role your organisation plays
  • Conduct a fundamental rights impact assessment and a structured AI risk assessment
  • Build the evidence file a regulator expects: technical documentation, model cards, data sheets and audit trails
  • Run an internal AI audit and prepare a high-risk system for conformity assessment and inspection
  • Test AI systems for bias, explainability, robustness, cybersecurity and human oversight
  • Stand up the governance structures — AI committees, escalation models, incident reporting and continuous monitoring — that keep compliance live
  • Align with ISO/IEC 42001, ISO 31000 and the NIST AI RMF so your programme maps to recognised international frameworks

Requirements


There are no formal prerequisites. This course is designed to be accessible whether you are coming from a compliance, legal, risk, technical or management background — or moving into AI governance from a different field entirely. You do not need prior knowledge of AI systems or EU regulation. Module 1 builds the foundation from scratch, and every subsequent module layers on top of it. All you need is a professional interest in AI compliance and the intention to apply what you learn.

This Course Includes

  • 5 modules and 20 focused lessons moving from AI and governance fundamentals to audit-ready practice
  • EU AI Act compliance coverage built around the law as it stands in 2026, including the updated high-risk timetable
  • Spain-specific content on AESIA, the national supervisory framework and enforcement structures
  • Practical audit tools — internal audit methodology, technical documentation templates, conformity assessment guidance and audit testing techniques
  • ISO/IEC 42001 alignment showing how the international AI management-system standard maps to the Act's requirements
  • Fundamental rights and AI risk assessment frameworks you can apply immediately inside your organisation
  • Online, self-paced access on any device, so you study around your schedule
  • Certificate of Completion from the Spanish Compliance Institute on finishing the course

Certification

Certification

On completion you receive a [Certificate of Completion] from the Spanish Compliance Institute, confirming you have covered EU AI Act compliance, AI auditing and AI governance to a professional standard.

Why Choose Us

The Spanish Compliance Institute builds practitioner-focused compliance training for businesses operating under Spanish and EU regulation. This course reflects that focus: it is current (built around the 2026 timeline and AESIA's own guidance), practical (every module ends in something you can do, not just recall), and dual-purpose — equally useful whether you are certifying yourself or rolling consistent training out across a team.

Career Opportunities

Demand for qualified AI governance and auditing professionals is outpacing supply across Spain and the EU, and the gap will widen as high-risk obligations come into force in 2027 and 2028. This course prepares you for roles including:

  • AI Compliance Officer — owning the internal AI governance programme and regulatory reporting
  • AI Auditor — conducting internal audits of AI systems and preparing organisations for conformity assessment
  • Data Protection Officer (DPO) — extending existing GDPR responsibilities to cover AI-specific obligations under the Act
  • AI Risk Manager — identifying, assessing and controlling AI-related risks across the enterprise
  • AI Governance Consultant — advising organisations on EU AI Act compliance, AESIA alignment and ISO/IEC 42001 implementation
  • Chief Compliance Officer / Head of Risk — building board-level AI oversight and accountability structures
  • AI Product Compliance Lead — ensuring AI systems meet regulatory requirements before and after deployment

Curriculum

1

Module 1 — Foundations of AI Governance and the EU AI Act

4 • 2 hours

  • The groundwork: how AI actually works, what responsible governance means, and the architecture of the law itself. 1.1 Fundamentals of Artificial Intelligence, Machine Learning, and Generative AI 1.2 Principles of AI Governance, Accountability, and Responsible AI 1.3 Regulation (EU) 2024/1689: Structure, Scope, and Key Definitions 1.4 Risk-Based Classification of AI Systems: Prohibited, High-Risk, Limited-Risk, and Minimal-Risk
2

Module 2 — Legal, Regulatory, and Compliance Frameworks for AI Systems

4 • 2 hours

  • Who is obliged to do what — across the EU and specifically in Spain. 2.1 EU AI Act Obligations for Providers, Deployers, Importers, and Distributors 2.2 GDPR, Data Protection, and Privacy Compliance in AI Systems 2.3 Spain's National AI Governance Framework, AESIA, and Enforcement Structures 2.4 Transparency, Human Oversight, Documentation, and Recordkeeping Requirements
3

Module 3 — AI Risk Management, Controls, and Internal Governance

4 • 2 hours

  • Turning the law into working controls inside the organisation. 3.1 AI Risk Identification, Assessment, and Fundamental Rights Impact Analysis 3.2 Governance Structures: AI Committees, Compliance Officers, and Board Oversight 3.3 Vendor Risk, Third-Party AI Systems, and Procurement Due Diligence 3.4 Internal Policies, Incident Reporting, Escalation Models, and Continuous Monitoring
4

Module 4 — AI Auditing, Assurance, and Conformity Readiness

4 • 2 hours

  • he core auditing skillset — and how to pass a regulatory inspection. 4.1 Internal Audit Methodologies for AI Systems and Governance Reviews 4.2 Technical Documentation, Model Cards, Data Sheets, and Audit Evidence Preparation 4.3 Conformity Assessment, High-Risk AI System Controls, and Regulatory Inspection Readiness 4.4 Audit Testing for Bias, Explainability, Robustness, Cybersecurity, and Human Oversight
5

Module 5 — ISO Standards, Cybersecurity, and Operational Compliance

4 • 2 hours

  • Anchoring your programme to international standards and keeping AI secure in production. 5.1 ISO/IEC 42001 AI Management Systems and Governance Frameworks 5.2 ISO 31000, NIST AI RMF, and Enterprise Risk Alignment for AI Compliance 5.3 ENISA Guidance, AI Cybersecurity Controls, and Incident Response Planning 5.4 MLOps Governance, Model Lifecycle Controls, and Secure AI Operations
6

Mock Exam (AI Auditing)

1 • 30 minutes

7

Final Exam (AI Auditing)

1 • 30 minutes

Frequently Asked Questions

Yes. The Act entered into force on 1 August 2024 and applies in phases. Its bans on prohibited AI practices have applied since February 2025, the rules for general-purpose AI since August 2025, and the penalty regime is already live. The obligations for high-risk systems were deferred in May 2026 and now apply from 2 December 2027 (and August 2028 for AI built into regulated products).


No. The course starts with the fundamentals of both AI and AI governance, then builds to audit-ready practice. It is designed for compliance, risk, legal, IT and product professionals alike, as well as newcomers moving into the AI governance field.


Yes. A dedicated section covers Spain's national framework, the role of AESIA as the country's AI supervisory authority, and how enforcement will work in practice — alongside the EU-wide rules.


Yes. Module 4 is built around internal audit methodology, conformity assessment, audit evidence and testing AI systems for bias, explainability, robustness, cybersecurity and human oversight.


The course covers ISO/IEC 42001 — the international AI management-system standard — and shows how it maps to the EU AI Act's requirements, so you can build a programme that works for both the regulator and your customers.


Fines reach up to €35 million or 7% of worldwide annual turnover for prohibited practices, up to €15 million or 3% for breaching core provider and deployer obligations, and up to €7.5 million or 1% for misleading regulators. The course explains how these tiers apply and how to avoid them.

Yes. The course is built to give a team a single, consistent standard for AI governance and auditing.

AI Auditing & Governance Course | EU AI Act (Spain)
$72.00
This Course Includes
  • Access from mobile and PC
  • Study materials included
  • Certificate of completion