EU AI Act Compliance-Check: Is Your Company Ready?

EU AI Act Compliance Check by Webutissimo

Check in just a few minutes which obligations the AI Act (EU AI Regulation) imposes on your company – with risk classification, compliance checklist and actionable recommendations.

Legal status: 01/06/2026
Business customers only (B2B)

Who is affected?

All companies that develop, offer or use AI systems – regardless of size.

Which risk class?

The EU AI Act distinguishes four levels: prohibited, high, limited and minimal – depending on the area of use.

Which obligations apply?

Documentation, risk analysis, transparency obligations and if applicable conformity assessment – depending on risk class.

What is the next step?

Start the free EU AI Act Compliance Check and receive your individual action recommendation.

Changelog – As of 2026

  • Obligations by risk class clarified
  • Checklist supplemented with documentation requirements
  • Deadlines and transitional periods updated

EU AI Act: What Companies Need to Know

The EU AI Act requires companies to ensure transparency, documentation and risk management depending on their role (provider, deployer, importer, distributor). Whether and which obligations apply depends on the AI risk class and the use case.

Our Compliance Check assesses:

  • What role does your company play?
  • What AI risk class applies?
  • Which obligations already apply in 2026?

The 3 key results

  • Which AI risk class your application falls into (prohibited, high, limited, minimal)
  • Which provider and deployer obligations apply to you
  • Which EU AI Act implementation measures to prioritise
2026

Fully effective from August

0

Risk Categories

0+

Articles in the EU AI Act

0M €

Max. Fine

Is Your System a High-Risk AI System?

Annex III of the EU AI Act defines specific use cases. Check if your AI deployment falls under them.

Use CaseAnnex III CategoryImmediate Action
AI-based applicant screening4. Employment & personnel managementSet up conformity assessment + risk management
Automated creditworthiness assessment5b. Access to financial servicesEnsure transparency obligations + human oversight
Biometric access control at workplace1. Biometrics (identification)Conduct DPIA + verify consent
AI-based exam grading (school/university)3. General & vocational educationSet up documentation + quality management
AI in medical diagnostics(EU product law: MDR/IVDR)Verify CE conformity under EU harmonisation law
AI-controlled traffic management systems2. Critical infrastructureEnsure robustness testing + cybersecurity

What is the EU AI Act (AI Regulation)?

The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive AI regulation. It defines provider and deployer obligations for AI systems, establishes AI risk categories and sets transparency requirements. It entered into force on 1 August 2024 and will be fully applied in stages by 2027.

Prohibited AI Systems

Social scoring, real-time biometric identification in public spaces, manipulative AI – fully banned

High-Risk AI Systems

AI in HR, credit scoring, education, critical infrastructure – conformity assessment and fundamental rights impact assessment required

Limited Risk (Transparency)

Chatbots, deepfakes, generative AI – labelling obligation for AI content under Art. 50 EU AI Act

Minimal Risk

Spam filters, AI-powered games, general productivity tools

EU AI Act Timeline 2024–2027

Key milestones of the AI Regulation at a glance – from adoption to full application.

1 August 2024Already in effect

AI Regulation enters into force

EU Regulation 2024/1689 officially enters into force. Staggered transition periods begin.

2 February 2025Already in effect

Prohibited AI practices (Art. 5)

Ban on social scoring, manipulative AI and real-time biometric identification in public spaces.

2 August 2025

GPAI obligations & governance

Obligations for General-Purpose AI models (Art. 51–56) take effect. National supervisory authorities must be designated.

2 August 2026

High-risk AI fully applicable

All obligations for high-risk AI systems (Art. 6–49) fully apply – including conformity assessment and CE marking.

Fines & Sanctions for Violations

The EU AI Act provides graduated sanctions depending on the severity of the violation (Art. 99).

Sanction LevelMaximum FineTypical ViolationPractical Impact
Level 1 – Prohibited AIUp to €35M or 7% annual turnoverUse of prohibited AI practices (e.g. social scoring, manipulative systems)Existentially threatening for SMEs
Level 2 – High-Risk ViolationsUp to €15M or 3% annual turnoverMissing conformity assessment, insufficient documentation for high-risk AISignificant financial burden
Level 3 – Information ObligationsUp to €7.5M or 1% annual turnoverFalse/incomplete information to authorities, missing labellingNoticeable penalty
SME ProvisionThe lower amount appliesFor SMEs and start-ups, the lower of the two amounts always applies (absolute vs. turnover)Proportionality preserved

Note: Enforcement is carried out by national market surveillance authorities. In Germany, BNetzA is responsible (Art. 70).

ChatGPT, Copilot & Co. – Keep Using Them?

Generative AI falls under special transparency rules. Here's how to classify its use in your company.

Area of UseAllowedProhibited / RestrictedEU AI Act Obligation
Marketing & ContentText creation, image generation, translationSubliminal manipulation, deceptive deepfakesLabel as AI-generated (Art. 50)
HR & RecruitingDrafting job postingsAutomated applicant selection without oversightObserve high-risk obligations (Annex III No. 4)
IT & SupportCode assistance, FAQ chatbotUnchecked AI decisions in critical systemsEnsure human oversight (Art. 14)
Internal ProductivitySummaries, minutes, researchEmployee surveillance, emotion recognition at workAI competence training (Art. 4)

4-Point Check for Your AI Use

1. Is AI-generated output clearly labelled as such?

2. Is there human control before automated decisions?

3. Have employees been trained in safe AI use (Art. 4)?

4. Is it documented which AI systems are used for what?

How It Works

Three simple steps to your EU AI Act compliance assessment – with AI risk categories, obligations checklist and implementation plan.

1

Complete the questionnaire

Record your current AI applications in just a few minutes.

2

Receive your assessment

Automatic risk classification according to EU AI Act categories.

3

Report via email

Detailed PDF report with actionable recommendations.

Infografik: 3 Schritte zum EU AI Act Compliance-Check – 1. Fragebogen ausfüllen, 2. KI-Risikoklasse erhalten, 3. Handlungsempfehlung umsetzen
Infographic: The 3-step process for the EU AI Act Compliance Check – from analysis to implementation.

EU AI Act vs. GDPR – What's the Difference?

Both regulations can apply simultaneously. Here's how they differ:

CriterionEU AI ActGDPR
Subject matterAI systems and their applicationPersonal data
Affected systemsAlgorithms, machine learning, automated decisionsAny processing of personal data
Risk classification4 risk classes (prohibited to minimal)Data Protection Impact Assessment (DPIA)
Typical obligationsTechnical documentation, transparency, conformity assessmentConsent, right of access, right to erasure
When do both apply?AI processes personal dataAI processes personal data

Obligations Matrix by Role

Who must do what by when? Overview of obligations by role in the AI value chain.

RoleMain ObligationDeadlineFine Risk
ProviderConformity assessment, CE marking, technical documentation (Art. 16)Aug 2026Up to €35M / 7% turnover
DeployerFundamental rights impact assessment, human oversight, logging (Art. 26)Aug 2026Up to €15M / 3% turnover
ImporterVerify conformity, ensure CE marking (Art. 23)Aug 2026Up to €15M / 3% turnover
DistributorVerify conformity, secure storage & transport (Art. 24)Aug 2026Up to €15M / 3% turnover
GPAI ProviderTechnical documentation, copyright policy, assess systemic risk (Art. 51–56)Aug 2025Up to €15M / 3% turnover

EU AI Act Compliance – Which Obligations Apply to You?

Find your company situation and next step in the table:

Company situationRisk classObligationNext step
Internal use of AI tools (e.g. ChatGPT)MinimalAI competence requirement (Art. 4)Start Compliance Check
Provider of AI solutionsLimitedTransparency + labeling (Art. 50)Check labeling requirements
AI in HR, credit, educationHighTech. doc. + risk analysis + conformityPerform full assessment
AI for social scoring, mass surveillanceProhibitedUse prohibited (Art. 5)Shut down system immediately
Premium Compliance Toolkit

AI Compliance Software: From Check to Full Documentation

The free check shows you where you stand. The Premium Toolkit supports your EU AI Act implementation: document AI systems, perform conformity assessments, build AI governance and maintain a complete audit trail.

USP

AI Compliance Chatbot

Ask questions about the EU AI Act anytime – our AI assistant provides instant answers with article references and actionable recommendations. Like having an EU AI Act expert always available.

USP

Complete Audit Trail

Every change is automatically logged – who changed what, when, and why? The perfect documentation for audits and regulatory inspections under the EU AI Act.

Industry-Specific Templates

Don't start from scratch: Templates for healthcare, finance, HR, and marketing automatically pre-fill typical risks.

Progress Comparison (Snapshots)

Create snapshots of your compliance status and compare progress over time – ideal for quarterly reviews and management reports.

USP

AI System Inventory

Register and manage all AI systems centrally – with risk category, status, responsible parties and departments. BigID-inspired asset register.

Multi-Framework References

Each conformity check automatically shows the corresponding ISO 42001 clauses and NIST AI RMF functions – perfect guidance for international standards.

USP

AI Labeling Checklist (Art. 50)

Interactive checklist for AI content labeling obligations – images, videos, audio, texts, chatbots & social media. Incl. provider/deployer distinction and exception checks. Mandatory from 02.08.2026, fines up to €15M.

USP

URL Check for AI Labeling

Check any URL for Art. 50 compliance – our AI analyzes the page and detects whether AI-generated content is present and properly labeled. Including concrete recommendations.

Content Archive with Search & Filter

All captured AI content at a glance – with full-text search and filters by status, content type, platform and labeling requirement. Stay organized even with many content items.

Team Approval Workflow

Multi-step approval process: Create → Review → Approve → Publish. See who created, reviewed and approved each content item – for seamless team documentation.

Important to understand

What counts as an AI system?

The EU AI Act regulates AI systems based on their purpose and risk level – not by brand name or number of tools. Each AI system with an independent purpose requires separate compliance documentation.

One Tool = One Project

Your company uses ChatGPT for customer service? That's one AI system – one compliance project.

Example: ChatGPT for support → 1 project

Multiple Tools = Multiple Projects

Using ChatGPT, Midjourney, and a custom ML model? Each system with a different purpose needs its own project.

Example: ChatGPT + Midjourney + ML → 3 projects

Platform = It depends

A platform like Magica with multiple AI models can be one project – or several, if the use cases have different risk levels.

Example: Magica for marketing → 1 project, Magica for HR → separate project

What is a project in the Premium Toolkit?

A project refers to an AI system or AI application that requires its own compliance documentation – not every individual tool within a platform. For example, if you use a platform with multiple AI models for the same purpose, that is one project. But if you use the same platform for HR and marketing, those are two projects with different risk levels.

The key question

It's not the tool name that determines the obligations, but the purpose of use. An AI tool for marketing copy (limited risk) requires different measures than the same tool for applicant screening (high risk). Use our free questionnaire to find out how many projects you need.

EU AI Act Glossary

Key terms of the AI Regulation explained clearly.

Audit Trail

Complete, automatic logging of all AI decisions and data access for traceability.

Conformity Assessment

Procedure to demonstrate that a high-risk AI system meets the requirements of the AI Regulation.

Fundamental Rights Impact Assessment

Mandatory assessment by deployers whether a high-risk AI system may affect fundamental rights of affected persons (Art. 27).

AI Governance

Internal framework of processes, policies and responsibilities for compliant AI deployment.

High-Risk AI System

AI system used in areas such as employment, education, law enforcement or critical infrastructure (Annex III).

GPAI (General Purpose AI)

AI model with broad capability, e.g. large language models (LLMs). Subject to specific transparency and documentation obligations (Art. 51–56).

AI Regulatory Sandbox

Controlled testing environment supervised by an authority where AI systems can be tested under real conditions (Art. 57–62).

Transparency Obligation

Duty to inform users that they are interacting with an AI system – applies especially to chatbots and deepfakes (Art. 50).

Risk Class

Classification of an AI system as minimal, limited, high or unacceptable risk – determines the scope of regulatory obligations.

Deployer / Provider

Providers develop and market AI systems; deployers use them. Both carry different obligations under the AI Regulation.

Frequently Asked Questions about the AI Regulation

What is the AI Regulation (EU AI Act)?
The AI Regulation is the EU's legal framework for AI systems. It establishes obligations based on risk classes and governs transparency, documentation and accountability.
Who qualifies as a provider and who as a deployer?
Providers develop or place an AI system on the market. Deployers use an AI system within their own organisation and must fulfil their own obligations depending on the case.
What obligations apply to high-risk AI systems?
High-risk AI requires enhanced risk management, technical documentation, logging, human oversight and conformity assessment.
What does Art. 50 EU AI Act mean?
Art. 50 regulates transparency obligations, such as when users interact with AI systems or when AI-generated content must be labelled. The specific obligation depends on the use case.
When do the different deadlines apply?
Prohibitions on certain AI practices have applied since 2 February 2025. Transparency obligations and rules for high-risk AI apply from 2 August 2026. Further deadlines extend to 2027.
What penalties apply for violations?
Depending on the severity, fines of up to €35 million or 7% of worldwide annual turnover may apply. Proportionate caps apply for SMEs.
What must be considered for generative AI?
Generative AI systems (e.g. chatbots, image generators) are subject to labelling obligations under Art. 50. AI-generated content must be identifiable as such by users.

Conclusion

Anyone deploying, developing, or distributing AI in the EU must act – regardless of company size. The AI Regulation defines clear obligations for providers and deployers of AI systems. The EU AI Act Compliance Check gives you a clear overview of your AI risk class, obligations and next implementation steps in just a few minutes.

Start your EU AI Act Compliance Check now

Act now – before it's too late

Start Free Assessment