Appointment of external AI officers
hire a lawyer now

External AI Officer – Professionally Organizing AI Compliance

The AI regulation brings with it a number of specific obligations: systems must be classified and documented, employees must be trained, contracts with AI providers must be reviewed, and contact with authorities must be coordinated. What the law doesn't specify is who in your company should handle all of this. Rogert & Ulbrich takes on this role as your external AI officer – with clearly defined responsibilities, legal expertise, and a support model tailored to your business.

We set
your demands
through.

Enforce legal claims in just 3 steps
Simple, convenient & fast – we enforce your rights.

commissioning

Give us your mandate easily and conveniently via online form from home.

lawsuit & trial

We will take care of all the remaining steps for you. Sit back and relax.

Success

We will successfully enforce your claim and you can enjoy the success immediately.

Why lack of jurisdiction is a real problem

In many companies, it often goes like this: Management hears about the AI regulation, somehow passes the issue on to IT, IT says it's a legal matter, the legal department – if there is one – says they need technical input, and in the end, nothing happens. This pattern isn't malicious intent, but rather the perfectly normal result of a lack of responsibility for an issue that cuts across all departments.

The problem is: The AI regulation doesn't allow for any excuse of lack of jurisdiction. The company is liable – regardless of who internally failed to act. If authorities investigate or damage occurs, the only thing that matters is whether the obligations were fulfilled, not why they weren't.

This is precisely where the function of the external AI officer comes in: A clear, responsible body that structures, coordinates and implements the topic – so that nothing is left behind.

Sounds like a problem you're familiar with? Let's talk.

We will take care of your case – quickly & with commitment.

Hire us now

What an external AI officer will specifically do for you

As your external AI officer, we handle the operational and legal coordination of your AI compliance. Specifically, this means:

Inventory and classification: We identify all AI systems used or developed in your company and assign them to the correct risk categories of the AI regulation. This is the necessary first step – without which everything else is pointless.
Documentation structure: We create and maintain the necessary technical documentation for your systems. This is not an end in itself, but rather proof that you take your obligations seriously.
Training coordination: We support you in developing and implementing the legally required training courses for affected employees – tailored to your systems and your business.
Contract review: Many standard contracts with AI providers are not designed to meet the requirements of the AI Regulation. We check whether the essential provisions – for example, regarding liability allocation and disclosure obligations – are included. If not, we assist with renegotiation.
Government communication: If authorities have questions, registration is required, or reporting obligations arise, we will coordinate this for you.
Ongoing monitoring: The AI regulation is not a finished project. New systems are being added, existing ones are changing, and the interpretation of the law is constantly evolving. We are keeping a close eye on this and will inform you of any relevant changes in a timely manner.

That sounds like a lot? For you, it mainly means: you have a contact person who will take care of it.

The difference to a data protection officer

Many companies are familiar with the model of an external data protection officer from GDPR practice and wonder whether their existing DPO can also take on the AI issue. The honest answer: This is possible if the person possesses the necessary legal expertise regarding AI. The tasks are similar in many areas – inventory, documentation, coordination, and communication with authorities. And the substantive overlaps between the GDPR and the AI regulation are real: Almost every AI system used in a company also processes personal data.

The key difference: The GDPR mandates a data protection officer under certain conditions and clearly defines their tasks and role. The AI Regulation does not have a comparable obligation. The external AI officer is an organizational solution, not a legally required position. This gives you more flexibility in its implementation – but also means that you must take the initiative yourself.

We offer combined models where we take on both the data protection officer and AI officer roles. This is the most efficient solution for many companies – one contact person who is familiar with both topics and keeps an eye on their interrelationships.

Are you already working with an external data protection officer? Ask us about a combined support model.

For initial consultation

For whom is an external AI officer particularly useful?

Based on our consulting experience, there are three main situations in which an external AI officer makes particular sense. First: companies that use AI systems in sensitive areas – for example, in personnel selection, credit assessment, medical diagnostics, or automated customer communication. Here, the risk profile is higher, and the requirements of the AI regulation are correspondingly stricter.

Secondly: Companies that are about to implement a new AI system. Those who seek legal advice before implementation avoid costly mistakes that will later require expensive corrections. Early system classification, a review of vendor contracts, and planning of necessary training cost significantly less upfront than mitigating damage afterward.

Thirdly: SMEs that don't have their own compliance department. With an external AI officer, they gain access to professional, specialized expertise – without having to create a new position and without the risk of delegating the topic internally to someone who has to do it alongside their regular job.

Still unsure whether this makes sense for your business? Contact us – we'll explain honestly whether and in what form external support is right for you.

What happens without clear responsibilities – and why it becomes expensive

Companies without a designated AI compliance function face risks on multiple levels simultaneously. The most obvious: fines from authorities. Missing documentation, insufficient training, unsuitable contracts with AI providers – all of these can lead to sanctions during an audit. The maximum fines are substantial, but even amounts far below the legal limit can be significant for small and medium-sized enterprises (SMEs).

The less obvious aspect: claims for damages. If an AI system makes faulty decisions—for example, wrongly excluding someone from a job application or discriminating against them in a credit decision—the affected person can sue. And if it turns out that the company lacked sufficient control mechanisms, the company will be held liable.

And finally, there's the reputational aspect: data breaches, discriminatory AI spending, or publicly disclosed compliance violations can destroy trust among customers, partners, and employees. Especially in B2B relationships, large clients are increasingly demanding proof of AI compliance from their suppliers. Those who cannot provide this proof risk losing contracts.

A clearly defined, externally staffed AI compliance function costs a fraction of these risks. Act before an incident forces you to.

FAQs – Frequently Asked Questions about the External AI Officer

Am I legally required to appoint an AI officer?

No. The AI regulation does not mandate such an obligation. However, it distributes many tasks across the company without specifying who should be responsible internally. An external AI officer is the practical solution to this organizational gap.

Can my data protection officer take on this task?

Generally, yes, provided they possess the necessary legal expertise regarding AI. However, many data protection officers (DPOs) are not yet specialized in AI compliance. We offer combined models and are happy to clarify whether integration makes sense.

How much does an external AI officer cost?

It depends on the scope: How many AI systems are you using, how complex are they, and how intensive the support should be? We work either on a flat-rate basis or based on time spent. Contact us – we'll make you a specific offer.

Does the liability remain with me as the entrepreneur?

Yes. Legal responsibility and liability always remain with the company as operator or provider. The external AI officer takes over the operational and coordinating work, but does not release you from your entrepreneurial obligations.

What happens when an authority conducts an audit?

Then we are here for you. We coordinate communication, compile the necessary documents, and represent your interests – out of court and, if necessary, in court.

How quickly can the function be implemented?

Typically within a few days of being commissioned. We start with a structured inventory and quickly gain a complete overview of your AI systems and your current compliance status.

Will a lot of internal effort be required?

We do need an internal contact person – someone who can answer our questions about your systems and processes. Beyond that, we keep the internal effort to a minimum. We'll take care of the rest.

Does this model also apply to large companies?

Yes. Large companies often use external AI officers to complement internal compliance teams – for example, for specialized legal issues or as an escalation point in official proceedings.

Can the feature be cancelled later?

Yes. We also provide support during the transition for those who initially want to set up the function externally and later continue it internally.

When should you act now?

Immediately. The first deadlines of the AI regulation are already in effect. Anyone who hasn't yet established a compliance structure is at a disadvantage. The sooner you act, the easier it will be to catch up.