Pillar page

AI Implementation in the Enterprise

A practical step-by-step guide — from process identification, through pilot, all the way to full scaling. EU AI Act and GDPR compliance, cost control, data security.

AI readiness audit Multi-agent systems

Implementing AI in a company is not about buying a ChatGPT subscription and rolling it out to employees. It is a business-and-technology project that requires: identifying specific processes for automation, integrating with existing systems, ensuring GDPR and EU AI Act compliance, controlling cost, measuring results. In short: it requires engineering.

Good news: you don't have to invent it from scratch. We have a body of AI rollouts behind us — from microservices handling single tasks to the internal HybridCrew platform orchestrating dozens of specialized agents. From every rollout we have extracted lessons that translate into a proven process. This article describes how that process works in practice.

The three most common reasons companies start with AI

  1. Saving administrative team time. Email classification, generating reports, handling support tickets, document drafts — most of that can be automated. Employees reclaim 20-40% of their time for tasks that require human judgment.
  2. Scaling the business without scaling headcount. Fast-growing companies use AI to handle more customers, projects, transactions without proportionally increasing the team. Usually simpler and faster than recruitment.
  3. Compliance and quality. AI does not tire, does not forget, does not skip procedural steps. For audit processes (GDPR, ISO 27001, EU AI Act) — that is a level of quality unavailable to humans working under time pressure.

Six phases of AI implementation

A proven schedule from decision to scaling. Every phase produces a concrete result — it's easy to stop the project if the outcomes do not meet expectations.

1

Discovery (2-4 weeks)

Mapping business processes, identifying automation candidates, ROI assessment for each, EU AI Act classification, GDPR compliance audit. Outcome: a list of 5-10 processes with priorities, pilot plan for the best 2-3.

2

Architecture and technology choice

Selecting LLM models (cloud, local, multi-model), orchestration platform, infrastructure (cloud vs. on-premise vs. hybrid), integrations with existing systems. Decisions account for budget, security requirements, growth plans.

3

Pilot (4-8 weeks)

Deploying the first 2-3 processes end-to-end. Agent configuration, system integration, data anonymization (Anoxy), cost monitoring. Testing with the business team, prompt fine-tuning, quality validation.

4

Measurement and optimization

Analyzing operational and business metrics after 4-6 weeks of production use. Refining agents based on real data, reducing LLM model cost, adding new functionality based on user feedback.

5

Scaling

Expanding to more business processes. Every new process rolled out in a 2-4 week iteration (much faster than pilot — infrastructure is in place). Gradually covering additional departments.

6

Continuous improvement

After 6-12 months: constant optimization based on production data, adding new agent roles, integrations with new systems, refining compliance, reducing cost. AI becomes an integral part of company operations.

Is the company ready for AI implementation?

Six areas to check before starting the project. Missing one „yes" does not block the rollout, but it requires addressing in the discovery phase.

Processes for automation

We have 5-10 repeatable processes that can be described by a procedure.

All our tasks are unique and require human judgment.

Company data

We have organized data (CRM, ERP, customer databases, documents) available via API or export.

Data is scattered across spreadsheets, emails, paper documents.

Executive sponsorship

The board understands the need and is ready for a 6-12 month project.

AI implementation is the initiative of a single employee with no executive support.

Change tolerance

The team is open to new tools and processes.

Every change in the company meets significant resistance.

Budget and time

We have a budget of 50-500k PLN and accept 6-12 months to full ROI.

We expect results in 2 weeks for a few thousand zloty.

Sensitive data

We know what data is sensitive (PII, financial, medical) and accept the appropriate safeguards.

We haven't thought about security and compliance yet.

EU AI Act — what you need to know before implementation

The EU Artificial Intelligence Act (EU AI Act) becomes fully applicable on 2 August 2026. Every company implementing AI in the EU must classify its system and meet the corresponding obligations. Non-compliance: fines up to EUR 35 million or 7% of global annual turnover.

Four classification levels:

  • Prohibited AI practices (subliminal manipulation, social scoring, mass biometrics) — must not be implemented.
  • High-risk AI (HR, education, critical infrastructure, justice) — requires: conformity assessment (CE marking), risk management, technical documentation, transparency, human oversight, robustness/cybersecurity.
  • Limited risk (chatbots, deepfakes, AI generating content) — requires transparency obligations (Art. 50): informing users, marking generated content.
  • Minimal risk (most AI systems) — no additional requirements, voluntary codes of conduct.

Every ESKOM AI implementation starts with EU AI Act classification in the discovery phase. For limited-risk systems (the most common case) we build the transparency obligations in right away: a „You are talking to an AI" banner, AI marking in exports, metadata in documents.

GDPR in AI implementations

Every AI implementation processing personal data requires: a legal basis for processing (consent, contract, legal obligation, legitimate interest), data minimization (only what is necessary), ensuring data subject rights (access, rectification, erasure), data security (encryption, access control, audit log), data processing agreements with LLM providers (Anthropic, OpenAI, Google).

For AI additionally: the right to explanation of algorithmic decisions. If AI makes a decision affecting a person (e.g. credit approval, application classification), the person has the right to demand an explanation and human intervention. The system architecture must support this — every decision must be reversible and justifiable.

Frequently asked questions

Where to start AI implementation in a company?
Start with identifying specific processes for automation — not with picking an AI tool. Best candidates: repeatable tasks, describable by a procedure, executed by several employees, generating high volume. Classic examples: email classification, report generation, support ticket handling, code review, document analysis. After identifying 5-10 processes, we score each on ROI (time saved × frequency) and risk. The pilot starts with the best 2-3.
How much does AI implementation cost?
Cost depends on scale. A small pilot (1-2 processes, one team) is typically PLN 30-80k. A medium rollout (5-10 processes, 2-3 departments) PLN 150-500k. Large transformational rollouts (entire organization, integrations with business systems) — from PLN 500k upwards, but business value is proportionally higher. Operational costs (LLM models, infrastructure) are typically PLN 5-15k per month for a medium rollout — they can be drastically reduced with local models for repeatable tasks.
How long does AI implementation take?
Pilot for the first process: 4-8 weeks from decision to working automation. Scaling to subsequent processes: 2-4 weeks per process (much faster — we build on the pilot infrastructure). Full implementation covering most administrative processes in a 50-200 person company: 6-12 months in 2-3 week iterations with concrete business outcomes at the end of each.
What are the biggest risks of AI implementation?
Five main ones: 1) Data security — sensitive data sent to external models can be used for training. Mitigation: PII anonymization before sending (Anoxy), local models for sensitive tasks. 2) Hallucinations — AI generates false but plausible-sounding information. Mitigation: result validation, double-checking, escalation of critical decisions. 3) Compliance (GDPR, EU AI Act) — transparency requirements, AI content marking. Mitigation: built in from line one. 4) LLM cost — can quickly spiral out of control. Mitigation: multi-tier routing, limits, monitoring. 5) Organizational resistance — employees fear job loss. Mitigation: communication from day one, involving the team in decisions, focus on freeing time for higher-value tasks.
What about EU AI Act and GDPR in implementation?
The EU AI Act (applicable from 2 August 2026) requires classifying the AI system (prohibited, high-risk, limited, minimal), meeting transparency obligations (Art. 50): informing users of AI interaction, marking AI-generated content, technical documentation. GDPR requires: data minimization, anonymization where possible, legal basis for processing, the right to explanation of algorithmic decisions. Every ESKOM AI implementation starts with EU AI Act classification and GDPR compliance mapping. This is not optional — it is built into the process.
Do I need an IT department to implement AI?
No. Small companies without their own IT can also implement AI — we work as an outsourced delivery department, providing both technology and operational support. Minimum required on the client side: a decision-maker (who makes business choices — which process, what priority), 1-2 business people (who know the processes and can help describe them), administrative access to systems that AI is to integrate. The rest is on us — analysis, design, implementation, tests, deployment, maintenance.
Will employees lose their jobs because of AI implementation?
Based on our experience with implementations so far — no. The most common outcome: employees reclaim 20-40% of their time (especially in administrative departments) and shift it to tasks requiring human judgment, creativity, relationship-building. Companies more often grow faster (more projects handled by the same team) than they reduce headcount. The exception: repetitive low-value tasks (manual data copying, spam email classification, templated report generation) — those disappear, but were rarely anyone's main job.
What LLM models are available and which one to choose?
Main families: Claude (Anthropic) — best for complex analysis, code, reasoning. GPT (OpenAI) — versatile, good Microsoft integration. Gemini (Google) — multimodal, good for images and video. Local models: Llama (Meta), Mistral, Polish Bielik — run on client infrastructure, no per-request cost. ESKOM AI strategy: we do not pick one model, we apply multi-model routing — the right model for the right task. Small classifications → local model. Complex analysis → strongest cloud models. Creative generation → specialized models. The client pays for actual usage, not a uniform subscription to the strongest model.
Is my data safe in cloud LLM models?
It depends on the model and configuration. Anthropic Claude (via API with the „no data training" option) and Azure OpenAI (enterprise contract) guarantee that data is not used for training. Consumer versions ChatGPT.com and Claude.ai — we consider them unsafe for company data. For sensitive data we always apply: PII anonymization before sending (the Anoxy microservice checks and masks), local LLM models (on the client's GPU, with no data leaving the network), enterprise contracts with cloud providers (contractual guarantees).
How to measure AI implementation success?
Three metric tiers. 1) Operational (daily): number of tasks handled by AI, response time, cost per task, accuracy (how often the answer is correct). 2) Business (monthly): time saved for employees, cost saved vs. manual process, user NPS (team and end customers), number of support tickets. 3) Strategic (quarterly): business capacity growth (more customers served, more projects, shorter time-to-market), employee satisfaction, reduction in human errors. Every pilot starts with defining what metrics we will measure — without that, it is hard to prove ROI.

AI readiness audit — free

A 90-minute conversation: we map the current processes, identify the best automation candidates, assess EU AI Act classification, and indicate an estimated ROI. No commitment.

Book the readiness audit Multi-agent systems