Language set automatically from your region. Switch anytime.
Begin the migration Work with us
◆ Privacy · AI Governance · Legal-AI Specialty

From DPO to AI Governance.
Trained, advised, implemented.

We're a Privacy & AI Governance consultancy with a specialty in AI for legal teams. We help privacy, legal and compliance teams make the move to AI Governance. Our model is 2-in-1: we train your people and implement the program in your own infrastructure.

Work with us → Explore products & services
2-in-1 · Training plus real implementation In your infrastructure · not a black box Legal AI · built for law firms & legal teams EU AI Act & PL 2338/2023 ready
1,300+
Trained in LGPD & GDPR
400+
Trained in AI Governance
6
Courses built & taught
40+
Modules
9
Frameworks taught

The same instincts. A wider mandate.

Everything that made you a strong DPO is exactly what AI Governance needs.

Where you are · DPO

Data Protection

  • GDPR · LGPD · CCPA
  • ISO 27701 · RoPA · DPIA
  • Risk, rights & accountability
Where you're going · AI Gov

AI Governance

  • EU AI Act · ISO/IEC 42001
  • NIST AI RMF · AI inventory
  • Algorithmic impact & assurance
Our thesis
AI Governance isn't a new department. It's privacy's mandate, extended: to the models, the data, and the decisions they make.
What we offer

Everything to run AI Governance, and the team to implement it

The tooling to run AI Governance, plus the team that trains your people and implements it with you.

2-in-1 Service

Training plus real implementation

Our flagship engagement. We don't just train your team. We implement the AI Governance program in your own infrastructure: inventory, EU AI Act classification, impact assessments, ISO/IEC 42001 controls and monitoring, wired into your stack and owned by your people.

See how it works →
Service

Consulting & advisory

Hands-on advisory for privacy and AI Governance, from a first AI inventory to a board-ready program and regulator-facing evidence.

Service

Migration lead

We take responsibility for your DPO-to-AI-Governance migration end to end: scope, plan, owners and timelines, with clear milestones your leadership can track.

Service

Train DPOs into AI Governance

A guided track that turns today's DPOs and privacy professionals into AI Governance leaders. See the path below.

See the migration path →
Product

AI Governance platform

AI inventory, EU AI Act risk classification, algorithmic impact assessments, ISO/IEC 42001 controls and continuous monitoring, all running on your infrastructure.

Product

Governance document kit

AI policy, committee charter, roles matrix, AIA/RIA templates and SOPs. The documents your program runs on, ready to adopt.

Our specialty

AI for law firms & legal teams

We came up through the legal world, so we speak it. We help legal practices adopt AI that is productive, lawful and auditable, then govern it the same way we govern privacy.

AI enablement for lawyers

Practical training and an AI fellowship track that turns lawyers into confident, responsible AI users: prompting, tooling and ethics for legal work.

Legal workflow automation

Intake, drafting, document review and due diligence, automated with AI and built into your practice, with humans in the loop where it matters.

Client & intake assistants

AI assistants that handle onboarding, triage and routine client questions, so your team spends its hours on the work only lawyers can do.

Governance for legal AI

Confidentiality, LGPD/GDPR, professional-responsibility and EU AI Act obligations, mapped to a control set your firm can defend.

Service · Train DPOs into AI Governance

The migration path

Privacy professionals become AI Governance leaders. We take your team along a proven path, from privacy foundations to a defensible AI program they own.

Start the path →
Privacy & DPO foundationsGDPR · LGPD · ISO 27701
AI literacy & ethicsAI Governance for Everyone
Build a governance programISO/IEC 42001 · AI Governance in Practice
Safe, lawful, audited AINIST AI RMF · EU AI Act · OWASP LLM
AI Governance OfficerThe natural next role
✦ New first stage

How we run it, from start to assurance

It begins with hands-on training and a snapshot of where you stand.

Training & Snapshot

Train your team + baseline your AI estate

Discover

Find every model & agent

Classify

EU AI Act risk tiers

Assess

Algorithmic impact

Control

ISO/IEC 42001

Monitor

Continuous assurance

Learn it, don't just buy it

Trained by the people who teach it

The same disciplines taught in post-graduate law faculty (EBPÓS) and built as national courses (ESR/RNP), delivered to your team in English or Portuguese.

Explore the Academy →
EBPÓS
AI: Ethics, Regulation & AI Governance in CompliancePost-graduate law · EU AI Act · LGPD · PL 2338/2023
EBPÓS
Agile Mindset & AI Methods in Legal Process AutomationLegal automation · prompting · ROI
ESR/RNP
AI Governance in Practice10 modules · ISO/IEC 42001
ESR/RNP
AI Governance for Everyone6 modules · 24 hours
ESR/RNP
Safe & Ethical Use of AINIST AI RMF 2.0 · OWASP LLM Top 10 · security + ethics
The syllabus

Ten modules, one defensible program

Click any module to expand. Built from post-graduate law faculty and authored national courses.

1Why AI needs governanceEthics, risk and the case for control+
From sensitization to substance: where AI creates legal, ethical and reputational risk, and why the answer is governance, not prohibition.
EthicsRisk framing
2The regulatory mapEU AI Act · LGPD · GDPR · PL 2338/2023+
The global regime, compared: the EU AI Act's risk tiers and obligations, how they relate to LGPD/GDPR, and where Brazil's PL 2338/2023 and the ANPD fit.
EU AI ActPL 2338/2023
3AI inventory, context & scopeISO/IEC 42001 foundations+
Map the data, algorithm and infrastructure system, define organizational scope, and build your first AI inventory using ISO/IEC 42001 context.
ISO/IEC 42001AI inventory
4Risk management & control objectivesFrom risk matrix to controls+
Build a risk matrix, set control objectives, and design mitigations aligned to ISO/IEC 42001 and the AI Act's high-risk duties.
RiskControls
5Roles, committee & accountabilityThe operating system of governance+
Stand up an AI ethics committee, define roles and a responsibility matrix, and adapt governance to public-sector and private structures.
CommitteeRACI
6Algorithmic Impact AssessmentAIA / RIA & bias testing+
Produce an Algorithmic Impact Report (RIA): impact analysis, bias and discrimination testing, robustness validation, and human-review requirements.
AIA / RIABias testing
7Safe & ethical AISecurity, red-teaming, OWASP LLM Top 10+
Adversarial ML, prompt-injection defenses and guardrails, plus responsible datasets and bias detection, mapped to NIST AI RMF 2.0 and the OWASP LLM Top 10.
NIST AI RMFOWASP LLM
8Monitoring, audits & improvementKeeping the program alive+
KPIs, audit checklists, incident analysis and corrective actions. The continuous-improvement loop that keeps governance defensible.
AuditMonitoring
9Legal AI automationAgile, prompting & ROI+
Apply agile and AI to legal work like contracts, due diligence and document review, with prompt engineering for lawyers and a clear ROI/KPI model.
AutomationPrompting
10Capstone: your governance programShip a mini-governance plan+
Assemble everything into a mini AI governance plan for your own organization, reviewed and ready to take to leadership.
CapstoneBoard-ready
Regulation & standards

Built for the EU AI Act, PL 2338 and the AI-bill umbrella

One control set, mapped to every regime you answer to, wherever you operate.

★ Brazil spotlight

PL 2338/2023: Brazil's AI bill

We track Brazil's framework bill for AI and the ANPD's emerging role, and map it to the EU AI Act so a single program satisfies both. That's essential for teams operating in or with Brazil.

PL 2338/2023ANPDLGPD bridge

The AI-bill umbrella

Where AI law is heading, worldwide. We keep your program ahead of it.

EU AI Actin force, risk-tiered
Brazil · PL 2338/2023framework bill
US · state AI & federalColorado, exec actions
OECD & UNESCOprinciples & ethics
EU AI ActRisk tiers & duties
ISO/IEC 42001AI management system
NIST AI RMF 2.0Risk management
OWASP LLM Top 10LLM security
ISO 27701Privacy bridge
LGPDBrazil privacy
GDPREU privacy
PL 2338/2023Brazil AI bill
Alex Rabello, Founder and AI Governance Lead at PrivaMax.AI

Alex Rabello

Founder & AI Governance Lead
CIPP/USISO 27701 LIIAPP AI GovOneTrustEBPÓS Faculty
The company

Taught in the classroom. Built in the field.

Today

Founder & AI Governance Lead, PrivaMax.AI

Leading a Privacy & AI Governance consultancy with a legal-AI specialty: advisory, training and real implementation, guiding the move from DPO to AI Governance.

Faculty

Post-graduate law faculty, EBPÓS

Teaching AI ethics, regulation, governance and legal automation to lawyers and compliance professionals.

Author

National AI Governance courses, ESR/RNP

Authored the ESR/RNP curriculum on AI Governance, safe & ethical AI, and the EU AI Act.

Credentials

CIPP/US · ISO 27701 LI · IAPP AI Governance · OneTrust

A decade-plus in privacy & data protection, now centered on responsible AI.

PrivaMax.AI is built by a founding team with deep expertise across three disciplines, so the same people who train your team can also implement and govern what they build.

Engineering & AI Governance

Builds and audits the AI systems, then governs them to the EU AI Act, ISO/IEC 42001 and NIST AI RMF. Backed by CIPP/US, IAPP AI Governance and ISO 27701 credentials.

Digital Law & Data Protection

Digital-law specialists and certified DPOs (EXIN) in LGPD, GDPR and ISO/IEC 27701, active in the ABNT privacy and cybersecurity committee, the IAPP and the OAB Digital Law commission.

Legal Practice & Innovation

Practising lawyers and law-faculty professors with 25+ years at the bar, who know the workflows AI should automate and how to bring a whole firm along.

Begin the migration

Your privacy program is the head start.

Book a working session. We'll map your AI estate and show you the shortest path from DPO to a defensible AI Governance program.

Book a working session →
Let's talk

Work with us

Consulting, the 2-in-1 training plus implementation, migration leadership, legal-AI programs, in-house workshops and guest lectures. Tell us what you're building.

Email us
Book a working session → Request the syllabus