AI strategy for business leaders: a 90-day implementation plan
The practical framework for building an AI strategy that delivers results and meets EU AI Act requirements. Audit, pilot, scale -- in 90 days.
Most organisations know they need an AI strategy but struggle with where to begin. This guide provides a structured 90-day implementation plan in three phases: audit and assess (days 1 to 30), pilot and train (days 31 to 60), and scale and comply (days 61 to 90). Each phase includes concrete deliverables, team responsibilities, and compliance checkpoints aligned with the EU AI Act. Whether you run a five-person consultancy or a 500-person enterprise, this framework adapts to your scale.
AI strategy is not optional. The EU AI Act requires documented AI governance. A strategy is your compliance foundation and your competitive advantage.
90 days is enough to start. You do not need a year-long transformation. A focused three-phase plan delivers measurable progress in three months.
Start with audit, not technology. The biggest mistake leaders make is buying tools before understanding what they already have. Phase 1 fixes that.
Compliance and value go together. The same governance structures that satisfy Article 4 also improve AI ROI, reduce risk, and build staff confidence.
Why you need an AI strategy for your business now
An AI strategy for business is no longer a competitive luxury -- it is a regulatory requirement. Since February 2025, the EU AI Act (Regulation 2024/1689) has mandated that every organisation deploying AI systems ensure adequate AI literacy among staff under Article 4. By August 2026, national enforcement authorities will begin active supervision of high-risk AI obligations.
But compliance is only half the story. Organisations that adopt AI strategically -- with clear governance, measurable goals, and trained teams -- consistently outperform those that adopt AI reactively. The difference is not the technology itself. It is whether leadership treats AI as a tool to be managed or a force to be harnessed.
The challenge most business leaders face is not a lack of ambition. It is a lack of structure. They know AI matters. They see competitors investing. They read the headlines. But they do not have a practical roadmap that connects business objectives, team capabilities, and regulatory requirements into a single actionable plan.
That is what this guide provides.
AI literacy equips providers, deployers and affected persons with the notions necessary to make informed decisions regarding AI systems.
European Commission, AI Act Recital 91The five most common AI strategy mistakes
Before diving into the framework, it is worth understanding what goes wrong when organisations attempt AI adoption without a strategy. These patterns repeat across industries and company sizes.
Buying tools before understanding needs. The most common mistake. A department purchases an AI tool because a vendor pitched it well, not because it solves a documented business problem. Within six months, the tool is underused or abandoned entirely.
Ignoring the regulatory landscape. Organisations that treat the EU AI Act as a future problem discover it is a present one. Article 4 AI literacy obligations have been in force since February 2025. Building AI capabilities without accounting for compliance is building on unstable ground.
Treating AI as an IT project. AI adoption is a business transformation, not a technology deployment. When only the IT department is involved, the result is technically competent solutions that nobody uses because they were not designed around actual workflows.
Skipping the skills assessment. Rolling out AI tools to a workforce that does not understand them creates risk, not value. Staff who lack AI literacy are more likely to misuse tools, ignore outputs, or fail to recognise errors -- all of which create liability under the AI Act.
No measurement framework. Without defined metrics, organisations cannot distinguish successful AI adoption from expensive experimentation. If you cannot measure it, you cannot improve it, and you certainly cannot justify continued investment to the board.
A 2025 survey by McKinsey found that 74% of organisations reported difficulty capturing value from their AI investments. The primary reason was not technology failure -- it was lack of organisational readiness and strategic alignment.
The 90-day AI implementation framework
This framework divides AI implementation into three 30-day phases. Each phase has clear objectives, deliverables, and compliance checkpoints. The phases build on each other -- you cannot pilot effectively without auditing first, and you cannot scale without learning from pilots.
Phase 1: Audit and assess (days 1 to 30)
The first phase is about understanding your current state. You cannot build a strategy on assumptions, and most organisations dramatically underestimate how much AI they already use. The goal of this phase is a complete, honest picture of your AI landscape.
Week 1: AI inventory
Start by documenting every AI system and AI-powered feature in use across your organisation. This includes the obvious tools -- ChatGPT, GitHub Copilot, Midjourney -- but also the embedded AI features that most people overlook. Your CRM probably uses AI for lead scoring. Your email platform uses AI for spam filtering and smart replies. Your analytics dashboard likely has ML-powered forecasting built in.
For each tool, record: what it does, who uses it, what data it processes, what decisions it influences, and who the vendor is. This inventory becomes the foundation of your EU AI Act compliance checklist.
Week 2: Risk classification
Using the EU AI Act risk framework, classify each AI system in your inventory. The regulation establishes four risk tiers: unacceptable (banned under Article 5), high-risk (Annex III, strict obligations), limited risk (transparency obligations under Article 50), and minimal risk (voluntary codes of practice). Most business tools fall into the limited or minimal risk categories, but you need to verify this -- not assume it.
If you are unsure how to classify your tools, our guide on AI risk classification under the EU AI Act walks through Annex III categories with real examples.
Week 3: Skills assessment
Survey your workforce to understand current AI literacy levels. Article 4 of the EU AI Act requires that training be proportionate to role -- which means you need to know where people stand before you can design proportionate training. Use a simple three-tier assessment: basic awareness (can staff identify which tools use AI?), operational competence (can they use AI tools effectively and safely?), and governance understanding (do they know their obligations under the regulation?).
Week 4: Baseline report
Compile your findings into a baseline report. This document becomes your reference point for everything that follows. It should include: the complete AI inventory, risk classifications, skills assessment results, gap analysis, and a prioritised list of opportunities and risks. Share it with your leadership team and use it to secure buy-in for phases two and three.
A completed AI landscape report covering inventory, risk classification, skills baseline, and prioritised gap analysis. This document also serves as the foundation for Article 4 compliance documentation.
Take the free AI Readiness Check
Our diagnostic tool analyses your current AI landscape and generates a personalised baseline report in under 10 minutes.
Phase 2: Pilot and train (days 31 to 60)
With your audit complete, phase two is about controlled action. You select pilot projects, begin staff training, and establish the governance structures that will support long-term AI adoption. This phase is where strategy becomes practice.
Selecting pilot use cases
Choose two to three pilot projects based on your gap analysis. The ideal pilot has three characteristics: a clear, measurable business outcome (reduce processing time by 30%, improve forecast accuracy by 15%), limited scope (one department, one process), and manageable risk (not a high-risk AI system under Annex III). Pilots are experiments, not commitments. They should be designed to produce learning, not just results.
Staff AI literacy training
Article 4 training should begin in this phase, starting with the roles most exposed to AI systems. A practical approach uses three tiers: awareness training for all staff (what AI is, what your obligations are, how to recognise AI systems), operational training for daily AI users (how to use tools effectively, when to trust outputs, when to escalate), and governance training for managers and oversight roles (risk assessment, documentation, regulatory obligations).
Our workforce training guide provides a detailed breakdown of what each tier should cover and how to document compliance.
Establishing AI governance
Create a lightweight AI governance committee. This does not need to be a new department. It can be three to five people meeting monthly: a senior sponsor, someone from legal or compliance, someone from IT, and one or two business unit representatives. Their mandate is to review AI tool requests, monitor pilot progress, and ensure compliance documentation stays current.
Active pilot projects with defined success metrics, staff training programme launched with documented participation, and an AI governance committee with clear terms of reference.
Phase 3: Scale and comply (days 61 to 90)
The final phase takes what worked in your pilots and expands it. You complete training rollout, finalise compliance documentation, and establish the cadence for ongoing governance. By day 90, you should have a functioning AI strategy -- not just a plan.
Scaling successful pilots
Review pilot results against your defined metrics. For pilots that met their targets, develop a rollout plan for broader deployment. For pilots that underperformed, analyse why -- was it the tool, the training, the process, or the expectations? Failed pilots are not wasted investment if they produce actionable learning.
Completing compliance documentation
By the end of this phase, you should have the complete documentation set that national authorities will expect from August 2026: a current AI system register, risk classifications for each system, training records for all staff who interact with AI, governance committee minutes, and incident reporting procedures. This documentation is not bureaucracy -- it is your defence material.
Building the continuous improvement cycle
AI strategy is not a one-time exercise. Set a quarterly review cadence for your governance committee. Define triggers for ad-hoc reviews: new AI tool procurement, significant regulatory guidance, incidents or near-misses, and changes to business processes that involve AI. The organisations that sustain AI value are the ones that treat governance as ongoing, not one-off.
Scaled AI deployments, complete compliance documentation package, and a quarterly governance review cadence in place.
Aligning your AI strategy with EU AI Act compliance
Every element of this 90-day framework maps to specific EU AI Act obligations. This is deliberate. A well-designed AI strategy should produce compliance as a byproduct, not as a separate workstream.
Measuring AI strategy success
A strategy without measurement is a wish list. Define metrics before you start, track them throughout, and review them at the end of each phase. Here are the categories that matter.
Efficiency metrics. Time saved per process, cost reduction per operation, throughput improvements. These are the metrics that justify AI investment to the board.
Compliance metrics. Percentage of AI systems documented, staff training completion rates, documentation completeness score. These are the metrics that satisfy regulators.
Adoption metrics. Tool utilisation rates, staff confidence scores, support ticket volumes for AI tools. These tell you whether people are actually using what you have deployed.
Risk metrics. Number of incidents or near-misses, time to detect and respond to AI-related issues, audit readiness score. These tell you whether your governance is working.
AI Leadership Workshop -- EUR 995
A hands-on workshop for leadership teams covering AI strategy development, EU AI Act obligations, risk assessment, and governance setup. Run by compliance specialists in Amsterdam.
Investment and ROI
The investment required depends on your organisation size, industry, and current maturity. Here is a realistic breakdown based on organisations we have worked with across Europe.
These figures include training costs, tool subscriptions, and internal time allocation. They do not include the cost of non-compliance -- which, under the EU AI Act, can reach EUR 35 million or 7% of global annual turnover for the most serious violations (Article 99).
Next steps: where to start today
You do not need to have everything figured out before you begin. The entire point of a phased approach is that each step informs the next. Here is what you can do this week.
Take the free AI Readiness Check
Our diagnostic tool takes under 10 minutes and produces a personalised baseline report. It covers AI inventory, risk exposure, and literacy gaps -- giving you the starting data for Phase 1.
Enrol your leadership team
If you are a decision maker, the AI Leadership Workshop (EUR 995) covers strategy development, EU AI Act obligations, and governance setup in a single intensive session. It is the fastest way to get your leadership team aligned.
Enrol your staff in AI literacy training
Article 4 obligations are already in force. Our Staff AI Course covers everything from basic awareness to operational competence, with documentation that satisfies compliance requirements.
Book a free compliance call
Our team will help you estimate the scope, timeline, and investment required based on your organisation size, industry, and current AI maturity.
Frequently asked questions
Sources and further reading
Official EU institutional sources and industry research.
Talk to our compliance team
Book a free 15-minute call to discuss your organisation's AI strategy and compliance needs.