Prices
Three rows carry fixed entry prices. Two are scoped — and where a row says "scoped" or "per cohort", you receive a fixed written quote before any work begins, and it does not move afterwards. "From" is the genuine entry point, not an anchor.
Why publish prices? Because regulated firms budget in numbers, not in discovery calls. Dousatsu does not sell AI. It sells governed, accountable AI infrastructure — work you can stand behind in front of a regulator, a client, or a board.
The problem
Shadow AI is the unapproved AI tools staff use without oversight — free chatbots, browser extensions, AI features switched on inside existing software.
A fee earner with a five o'clock deadline pastes three paragraphs of a client file into a free chatbot and asks it to tighten the language. The letter improves. Nobody is told, because there is nothing to tell: no policy was broken, because no policy exists.* It is rarely malicious. It is always your liability.
This is not misconduct. It is initiative without infrastructure. For a law firm it puts SRA confidentiality duties in question. Under UK GDPR, client data has gone to a third party with no processing agreement — and if that is a reportable breach, Article 33 gives you 72 hours to notify the ICO. The same pattern engages FCA Consumer Duty and GxP data integrity expectations.
The cost is not a fine on day one. It is the moment you are asked for evidence and have none.
* A composite pattern, not a client case study.
What Dousatsu does
Three things, all documented: a register of what is in use, training records, and a decision trail. UK GDPR's accountability principle requires firms to demonstrate compliance, not merely achieve it.
Governance
Builds the register. The Shadow AI Audit combines network and SaaS usage analysis with no-blame staff disclosure sessions. You receive a register of every AI tool in use, a data-flow map, a risk classification for each finding, a remediation plan and a usable AI policy — evidence you can put in front of a regulator, not a slide deck. EU AI Act Article 4 compliance review included, delivered over a 30-day engagement.
from £2,500 + VAT
Training
Builds the training records. Bespoke training for individuals and teams — Claude-specific or broader AI literacy, in half-day, full-day, online or in-person cohort formats. For firms in scope of the EU AI Act, every session produces the documented records Article 4 requires. For UK-only firms, documented training is the accountability evidence the ICO expects.
Priced per cohort or engagement — quoted in writing before you commit
Opportunity
For firms not yet using AI. The business mapped, highest-value opportunities identified, risks flagged, and a prioritised roadmap delivered in five working days.
From £595
Implementation
Workflow automation, tool selection and integration — built to your operations, not a generic template.
Scoped per engagement
Govern first. Then build. The order is the point.
Jurisdiction
Not automatically. The EU AI Act — Regulation (EU) 2024/1689 — is EU law, not UK law. It binds UK firms only where they have EU operations, EU clients, or products on the EU market. Article 4, which requires firms deploying AI to ensure documented staff AI literacy, has applied since 2 February 2025.
If your business is UK-only, you do not need Article 4 compliance — and any consultant who tells you otherwise is selling you the wrong problem. Your obligations are the UK ones: ICO guidance under UK GDPR, FCA Consumer Duty, SRA rules, MHRA expectations, and the UK Data (Use and Access) Act 2025.
Check each of these yourself: Article 4 applied from 2 February 2025. The Data (Use and Access) Act received Royal Assent on 19 June 2025. Consumer Duty has applied since 31 July 2023. None of this is prediction. All of it is in force.
Accountability
Founded by
AI Governance Consultant · Dousatsu AI Solutions
Northwest England · Regulated sectors · Evidence-based
Chris Hampson, founder of Dousatsu and Anthropic Academy-certified AI governance consultant — a business owner himself, working with regulated UK SMEs in legal, financial services and pharmaceuticals. He delivers every engagement personally: not an account manager, not a junior.
"Some of this law binds you. Some of it does not. I will always tell you which is which. Most won't."
Claude 101
Anthropic Academy · 2025
Enterprise Adoption
Anthropic Academy · 2025
Train the Trainer
Anthropic Academy · 2025
Google AI Ecosystem Training Partner
Openmind AI · 2025
Free · 5 minutes · No signup
7 questions. Scored against EU AI Act Article 4 obligations and Shadow AI exposure. Results shown immediately.
Tell us where you are. We'll tell you where the risk is.
Or email us directly at chris.hampson@dousatsu.co.uk
Dousatsu's Shadow AI Audit starts at £2,500 + VAT for UK SMEs, delivered over a 30-day engagement with EU AI Act Article 4 compliance review included. Shadow AI means AI tools staff use without approval or oversight. The audit delivers a register of every AI tool in use, a data-flow map, risk classifications, a remediation plan and a usable AI policy.
Shadow AI is the use of AI tools — chatbots, browser extensions, unvetted apps — by staff without their employer's approval or oversight. In regulated firms it creates data-protection risk under UK GDPR, because client and personal data can leave the organisation with no contract, no risk assessment and no record.
Only if you have EU operations, EU clients, or products on the EU market. The EU AI Act (Regulation (EU) 2024/1689) is not UK law. UK-only firms are governed instead by ICO guidance under UK GDPR, FCA Consumer Duty, SRA rules, MHRA expectations, and the UK Data (Use and Access) Act 2025.
Article 4 of Regulation (EU) 2024/1689 requires organisations providing or deploying AI systems to ensure their staff have sufficient, documented AI literacy. It has applied since 2 February 2025 and binds UK firms with EU exposure. Article 4 compliance review is included in Dousatsu's Shadow AI Audit & AI Governance engagement, from £2,500 + VAT.
No. Disclosure sessions run on a no-blame basis. Staff who used unapproved tools were solving real problems without infrastructure — the audit exists to replace prohibition with governed access, not to discipline initiative.
Yes. Dousatsu's AI Training & Literacy (Track 03) teaches staff what AI tools can and cannot safely do with firm and client data. For UK-only firms the driver is UK GDPR, professional-conduct obligations and Shadow AI risk — not the EU AI Act. Delivered in half-day, full-day, online or in-person cohorts, priced per cohort with a written quote up front.
Thirty minutes with Chris Hampson, Dousatsu's founder. You describe the firm, the regulatory context, and what prompted the call. You leave with a recommended engagement, a fixed written price, and a start date. No obligation follows the call.
Written by Chris Hampson, Anthropic Academy-certified AI governance consultant.