Use this checklist to turn the EU AI Act from a legal framework into an execution plan. It is built for SaaS teams, compliance leads, and founders that need to identify gaps before August 2, 2026.
The fastest first step is to inventory every AI system, classify risk, then map high-risk systems against Articles 8-15.
List every model, workflow, chatbot, scoring system, recommender, classifier, and AI-assisted decision point in the product. Include internal tools when their output affects customers, employees, applicants, or EU users.
Check for prohibited practices first, then Annex III high-risk categories, then Article 50 transparency duties. Do not assume a vendor classification covers your deployer obligations.
For high-risk systems, prepare evidence for risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy, robustness, and cybersecurity.
Assign each missing control to a product, engineering, legal, or security owner. Track severity, required evidence, and the date when the control is expected to be complete.
The first step is creating an AI system inventory. Without an inventory, risk classification and Article 8-15 gap analysis will be incomplete.
Yes, if the AI system is placed on the EU market or its output is used in the EU. The Act can apply outside the EU.
A startup can do first-pass inventory, classification, and evidence collection internally. Legal review is still recommended for high-risk or prohibited practice findings.
No sign-up required. Results in 60 seconds.