Skip to content

EU AI Act Compliance Checklist

A comprehensive checklist to guide your organization through EU AI Act compliance. Filter by risk level and download as PDF.

0 of 20 items completed0%

Classify all AI systems by risk level

High

Document every AI system in your organization and map it to the EU AI Act risk categories (Unacceptable, High, Limited, Minimal).

Deadline: ImmediatelyApplies to: High, Limited, Minimal risk

Verify no prohibited AI practices are in use

High

Check that none of your AI systems involve social scoring, subliminal manipulation, exploitation of vulnerabilities, or prohibited biometric identification.

Deadline: February 2, 2025Applies to: High, Limited, Minimal risk

Implement a risk management system

High

Establish and maintain an ongoing risk management process for high-risk AI systems, including risk identification, analysis, estimation, and mitigation.

Deadline: August 2, 2026Applies to: High risk

Establish data governance and quality measures

High

Ensure training, validation, and testing datasets are relevant, representative, free of errors, and complete. Implement data quality criteria.

Deadline: August 2, 2026Applies to: High risk

Create technical documentation

High

Prepare comprehensive documentation covering system design, development process, capabilities, limitations, and performance metrics.

Deadline: August 2, 2026Applies to: High risk

Enable automatic event logging

High

Implement logging capabilities to record events throughout the AI system lifecycle for traceability and audit purposes.

Deadline: August 2, 2026Applies to: High risk

Provide transparency information to users

High

Create clear instructions for use, including system capabilities, limitations, intended purpose, and human oversight requirements.

Deadline: August 2, 2025Applies to: High, Limited risk

Implement human oversight mechanisms

High

Ensure human operators can understand, monitor, and intervene in the AI system operation. Define clear override procedures.

Deadline: August 2, 2026Applies to: High risk

Meet accuracy, robustness, and cybersecurity standards

High

Ensure the AI system achieves appropriate levels of accuracy, is resilient to errors, and is protected against security threats.

Deadline: August 2, 2026Applies to: High risk

Complete conformity assessment

High

Conduct the appropriate conformity assessment procedure before placing the high-risk AI system on the market or putting it into service.

Deadline: August 2, 2026Applies to: High risk

Register in the EU AI database

Medium

Register your high-risk AI system in the EU database as required by Article 71 of the EU AI Act.

Deadline: August 2, 2026Applies to: High risk

Implement AI interaction disclosure

Medium

Ensure users are clearly informed when they are interacting with an AI system, including chatbots and automated decision tools.

Deadline: August 2, 2025Applies to: High, Limited risk

Label AI-generated content

Medium

Mark all AI-generated or manipulated content (text, images, audio, video) in a machine-readable format so users and platforms can identify it.

Deadline: August 2, 2025Applies to: Limited risk

Align AI processing with GDPR requirements

Medium

Ensure all personal data processed by AI systems complies with GDPR, including lawful basis, purpose limitation, and data minimization.

Deadline: OngoingApplies to: High, Limited, Minimal risk

Establish incident reporting procedures

Medium

Create procedures for reporting serious incidents to relevant national authorities within the required timeframes.

Deadline: August 2, 2026Applies to: High risk

Train staff on AI compliance obligations

Medium

Ensure all employees involved in AI system development, deployment, or oversight understand their compliance obligations under the EU AI Act.

Deadline: Before August 2, 2025Applies to: High, Limited, Minimal risk

Adopt voluntary codes of conduct

Low

Consider adopting voluntary codes of conduct for minimal-risk AI systems covering environmental sustainability, accessibility, and stakeholder participation.

Deadline: RecommendedApplies to: Minimal risk

Assess third-party AI vendors

Medium

Evaluate compliance of third-party AI providers and ensure contractual obligations include EU AI Act requirements.

Deadline: Before August 2, 2026Applies to: High, Limited risk

Create post-market monitoring plan

Medium

Establish a post-market monitoring system to actively collect and review experience with the AI system after deployment.

Deadline: August 2, 2026Applies to: High risk

Conduct Data Protection Impact Assessment (DPIA)

High

Perform a DPIA for high-risk AI systems processing personal data, as required by both GDPR Article 35 and the EU AI Act.

Deadline: Before deploymentApplies to: High risk

Need a detailed compliance assessment?

Run a free scan of your website to identify specific compliance gaps.

Free Compliance ScanRisk Assessment