Compliance with the AI Act relies a great deal on robust risk management.  However, small and medium entreprises (SMEs) often do not have a risk management policy in place and it is difficult for them to identify, analyse, assess, and mitigate risks related to AI systems privacy and security. On the other hand, whichever methodology an organisation chooses, the underlying cybersecurity and privacy issues that accompany the use of AI systems remain technically the same. This session will explore risks that are specific to AI, including information security, legal requirements, and societal and ethical issues, with the aim to help organisations comply with the AI Act.