Every organization using AI for hiring, credit scoring, biometrics, or critical infrastructure management must comply with the EU AI Act. Fines reach €35M or 7% of global turnover.
High-risk AI providers and deployers (Annex III) must complete: AI system inventory, risk classification, conformity assessment, technical documentation (Annex IV), EU Declaration of Conformity, CE marking, human oversight mechanisms, and post-market monitoring. Non-EU companies selling into the EU are fully covered.
The EU AI Act (Regulation 2024/1689) applies to any organization that develops or deploys AI in the EU — including users of ChatGPT, Microsoft Copilot, HR automation software, and fraud detection systems, if those systems make consequential decisions about individuals.
Annex III categories include: biometric identification, employment decisions (hiring, firing, performance), credit scoring, access to essential services, critical infrastructure, law enforcement, education, and judicial decisions. If your AI touches any of these, you have mandatory obligations.
Answer 4 questions — we'll classify your AI systems under the EU AI Act in 60 seconds.
Based on EU AI Act Regulation 2024/1689 — indicative, not legal advice
Six mandatory requirements under EU AI Act Chapter III — all due by August 2, 2026.
Establish and maintain a documented risk management system throughout the AI lifecycle. Identify and analyze known and foreseeable risks for each high-risk system.
Training, validation, and testing datasets must meet quality criteria: relevance, representativeness, freedom from errors, completeness. Document data provenance and lineage.
Prepare and keep up-to-date technical documentation (Annex IV) before market placement. Covers system purpose, design, capabilities, limitations, and validation results.
High-risk AI systems must be sufficiently transparent. Deployers must receive instructions for use including intended purpose, accuracy metrics, and known limitations.
Design systems to allow natural persons to effectively oversee AI outputs. Define and document oversight roles, intervention tools, and escalation procedures.
Complete conformity assessment before deployment. Issue EU Declaration of Conformity. Affix CE marking. Register in the EU database of high-risk AI systems.
Any organization deploying AI that affects people's rights, safety, or access to opportunities
Using AI for CV screening, interview scoring, performance evaluation, or workforce management. All qualify as Annex III high-risk — full compliance required.
Credit scoring models, fraud detection, insurance risk classification. Significant influence on access to financial services triggers Annex III obligations.
Building AI features into HR, legal, healthcare, or educational products sold in the EU? As the provider, the heaviest obligations fall directly on you.
End-to-end toolkit — from first inventory to CE marking documentation
Register all AI systems in use across your organization. Track purpose, vendor, data inputs, output type, and affected populations. One place for all systems.
Guided wizard classifies each system: Prohibited / High-risk (Annex III) / Limited / Minimal. Produces classification report with regulatory references.
Templates aligned with Annex IV requirements. Auto-fill system purpose, training data description, accuracy metrics, and known limitations. Export to PDF.
Step-by-step self-assessment checklist for Annex III systems. Gap analysis report. EU Declaration of Conformity template ready to sign.
Define oversight roles, alert thresholds, override procedures, and logging requirements. Document compliance for regulators and internal governance.
Track AI system events, performance deviations, and incidents. Satisfy Art. 72 post-market monitoring obligations with a regulator-ready audit trail.
EU AI Act Article 99 — fines apply regardless of where your company is incorporated
Highest tier. Social scoring, subliminal manipulation, real-time biometric surveillance in public. Already in force since February 2025.
Non-compliance with Annex III: missing technical documentation, no conformity assessment, no CE marking, no human oversight plan.
Providing incorrect, incomplete, or misleading information to notified bodies or national authorities during conformity assessment or market surveillance.
14-day free trial — no credit card required.
Yes. The EU AI Act has extraterritorial scope, similar to GDPR. If your AI system's output is used in the EU — or if you provide AI systems to EU-based deployers — you are fully covered. Non-EU providers must designate an EU authorized representative (Article 22).
It depends on how you use it. If you use general-purpose AI for internal productivity, you are likely a deployer with lighter obligations. However, if you integrate it into a workflow that makes consequential decisions about individuals (hiring, credit, healthcare), you may be treated as a provider of a high-risk system. Our classifier above will help you determine your position.
A provider develops or significantly modifies an AI system and places it on the market (even for own use). Heaviest obligations: conformity assessment, CE marking, technical documentation, registration. A deployer uses an AI system built by someone else in their operations. Lighter but real obligations: fundamental rights impact assessment (for certain uses), human oversight, transparency to affected persons.
Annex III lists 8 categories: (1) biometric identification; (2) critical infrastructure; (3) education and vocational training; (4) employment and workers management; (5) access to essential private and public services; (6) law enforcement; (7) migration, asylum, border control; (8) administration of justice and democratic processes. Any AI falling into these categories has mandatory high-risk obligations.
The initial inventory and risk classification can be completed in 1–2 days using our guided wizard. Full compliance — technical documentation, conformity assessment, human oversight plan — typically takes 4–12 weeks depending on the number of AI systems and organizational complexity. Starting now gives you sufficient runway before the August 2, 2026 deadline.
Yes. The AI Act Compliance Kit is fully available in English. All documentation templates, reports, and the EU Declaration of Conformity are generated in English. Contact us at kontakt@saaslab.one for a demo in English.
Free gap analysis in 15 minutes. No consultant, no presentation, no credit card. Just clear answers on where you stand under the EU AI Act.
Start free AI Act audit →14-day free trial · No credit card · kontakt@saaslab.one
Application interface: 🇬🇧 English · 🇩🇪 German · 🇵🇱 Polish