EU AI Act Compliance-Check: Is Your Company Ready?
EU AI Act Compliance Check by Webutissimo
Check in just a few minutes which obligations the AI Act (EU AI Regulation) imposes on your company – with risk classification, compliance checklist and actionable recommendations.
Who is affected?
All companies that develop, offer or use AI systems – regardless of size.
Which risk class?
The EU AI Act distinguishes four levels: prohibited, high, limited and minimal – depending on the area of use.
Which obligations apply?
Documentation, risk analysis, transparency obligations and if applicable conformity assessment – depending on risk class.
What is the next step?
Start the free EU AI Act Compliance Check and receive your individual action recommendation.
As of: June 2026 · Last updated: 1 June 2026
Changelog – As of 2026
- Obligations by risk class clarified
- Checklist supplemented with documentation requirements
- Deadlines and transitional periods updated
EU AI Act: What Companies Need to Know
The EU AI Act requires companies to ensure transparency, documentation and risk management depending on their role (provider, deployer, importer, distributor). Whether and which obligations apply depends on the AI risk class and the use case.
Our Compliance Check assesses:
- What role does your company play?
- What AI risk class applies?
- Which obligations already apply in 2026?
The 3 key results
- Which AI risk class your application falls into (prohibited, high, limited, minimal)
- Which provider and deployer obligations apply to you
- Which EU AI Act implementation measures to prioritise
Fully effective from August
Risk Categories
Articles in the EU AI Act
Max. Fine
Is Your System a High-Risk AI System?
Annex III of the EU AI Act defines specific use cases. Check if your AI deployment falls under them.
| Use Case | Annex III Category | Immediate Action |
|---|---|---|
| AI-based applicant screening | 4. Employment & personnel management | Set up conformity assessment + risk management |
| Automated creditworthiness assessment | 5b. Access to financial services | Ensure transparency obligations + human oversight |
| Biometric access control at workplace | 1. Biometrics (identification) | Conduct DPIA + verify consent |
| AI-based exam grading (school/university) | 3. General & vocational education | Set up documentation + quality management |
| AI in medical diagnostics | (EU product law: MDR/IVDR) | Verify CE conformity under EU harmonisation law |
| AI-controlled traffic management systems | 2. Critical infrastructure | Ensure robustness testing + cybersecurity |
What is the EU AI Act (AI Regulation)?
The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive AI regulation. It defines provider and deployer obligations for AI systems, establishes AI risk categories and sets transparency requirements. It entered into force on 1 August 2024 and will be fully applied in stages by 2027.
Social scoring, real-time biometric identification in public spaces, manipulative AI – fully banned
AI in HR, credit scoring, education, critical infrastructure – conformity assessment and fundamental rights impact assessment required
Chatbots, deepfakes, generative AI – labelling obligation for AI content under Art. 50 EU AI Act
Spam filters, AI-powered games, general productivity tools
EU AI Act Timeline 2024–2027
Key milestones of the AI Regulation at a glance – from adoption to full application.
AI Regulation enters into force
EU Regulation 2024/1689 officially enters into force. Staggered transition periods begin.
Prohibited AI practices (Art. 5)
Ban on social scoring, manipulative AI and real-time biometric identification in public spaces.
GPAI obligations & governance
Obligations for General-Purpose AI models (Art. 51–56) take effect. National supervisory authorities must be designated.
High-risk AI fully applicable
All obligations for high-risk AI systems (Art. 6–49) fully apply – including conformity assessment and CE marking.
Fines & Sanctions for Violations
The EU AI Act provides graduated sanctions depending on the severity of the violation (Art. 99).
| Sanction Level | Maximum Fine | Typical Violation | Practical Impact |
|---|---|---|---|
| Level 1 – Prohibited AI | Up to €35M or 7% annual turnover | Use of prohibited AI practices (e.g. social scoring, manipulative systems) | Existentially threatening for SMEs |
| Level 2 – High-Risk Violations | Up to €15M or 3% annual turnover | Missing conformity assessment, insufficient documentation for high-risk AI | Significant financial burden |
| Level 3 – Information Obligations | Up to €7.5M or 1% annual turnover | False/incomplete information to authorities, missing labelling | Noticeable penalty |
| SME Provision | The lower amount applies | For SMEs and start-ups, the lower of the two amounts always applies (absolute vs. turnover) | Proportionality preserved |
Note: Enforcement is carried out by national market surveillance authorities. In Germany, BNetzA is responsible (Art. 70).
ChatGPT, Copilot & Co. – Keep Using Them?
Generative AI falls under special transparency rules. Here's how to classify its use in your company.
| Area of Use | Allowed | Prohibited / Restricted | EU AI Act Obligation |
|---|---|---|---|
| Marketing & Content | Text creation, image generation, translation | Subliminal manipulation, deceptive deepfakes | Label as AI-generated (Art. 50) |
| HR & Recruiting | Drafting job postings | Automated applicant selection without oversight | Observe high-risk obligations (Annex III No. 4) |
| IT & Support | Code assistance, FAQ chatbot | Unchecked AI decisions in critical systems | Ensure human oversight (Art. 14) |
| Internal Productivity | Summaries, minutes, research | Employee surveillance, emotion recognition at work | AI competence training (Art. 4) |
4-Point Check for Your AI Use
1. Is AI-generated output clearly labelled as such?
2. Is there human control before automated decisions?
3. Have employees been trained in safe AI use (Art. 4)?
4. Is it documented which AI systems are used for what?
How It Works
Three simple steps to your EU AI Act compliance assessment – with AI risk categories, obligations checklist and implementation plan.
Complete the questionnaire
Record your current AI applications in just a few minutes.
Receive your assessment
Automatic risk classification according to EU AI Act categories.
Report via email
Detailed PDF report with actionable recommendations.

EU AI Act vs. GDPR – What's the Difference?
Both regulations can apply simultaneously. Here's how they differ:
| Criterion | EU AI Act | GDPR |
|---|---|---|
| Subject matter | AI systems and their application | Personal data |
| Affected systems | Algorithms, machine learning, automated decisions | Any processing of personal data |
| Risk classification | 4 risk classes (prohibited to minimal) | Data Protection Impact Assessment (DPIA) |
| Typical obligations | Technical documentation, transparency, conformity assessment | Consent, right of access, right to erasure |
| When do both apply? | AI processes personal data | AI processes personal data |
Obligations Matrix by Role
Who must do what by when? Overview of obligations by role in the AI value chain.
| Role | Main Obligation | Deadline | Fine Risk |
|---|---|---|---|
| Provider | Conformity assessment, CE marking, technical documentation (Art. 16) | Aug 2026 | Up to €35M / 7% turnover |
| Deployer | Fundamental rights impact assessment, human oversight, logging (Art. 26) | Aug 2026 | Up to €15M / 3% turnover |
| Importer | Verify conformity, ensure CE marking (Art. 23) | Aug 2026 | Up to €15M / 3% turnover |
| Distributor | Verify conformity, secure storage & transport (Art. 24) | Aug 2026 | Up to €15M / 3% turnover |
| GPAI Provider | Technical documentation, copyright policy, assess systemic risk (Art. 51–56) | Aug 2025 | Up to €15M / 3% turnover |
EU AI Act Compliance – Which Obligations Apply to You?
Find your company situation and next step in the table:
| Company situation | Risk class | Obligation | Next step |
|---|---|---|---|
| Internal use of AI tools (e.g. ChatGPT) | Minimal | AI competence requirement (Art. 4) | Start Compliance Check |
| Provider of AI solutions | Limited | Transparency + labeling (Art. 50) | Check labeling requirements |
| AI in HR, credit, education | High | Tech. doc. + risk analysis + conformity | Perform full assessment |
| AI for social scoring, mass surveillance | Prohibited | Use prohibited (Art. 5) | Shut down system immediately |
AI Compliance Software: From Check to Full Documentation
The free check shows you where you stand. The Premium Toolkit supports your EU AI Act implementation: document AI systems, perform conformity assessments, build AI governance and maintain a complete audit trail.
AI Compliance Chatbot
Ask questions about the EU AI Act anytime – our AI assistant provides instant answers with article references and actionable recommendations. Like having an EU AI Act expert always available.
Complete Audit Trail
Every change is automatically logged – who changed what, when, and why? The perfect documentation for audits and regulatory inspections under the EU AI Act.
Industry-Specific Templates
Don't start from scratch: Templates for healthcare, finance, HR, and marketing automatically pre-fill typical risks.
Progress Comparison (Snapshots)
Create snapshots of your compliance status and compare progress over time – ideal for quarterly reviews and management reports.
AI System Inventory
Register and manage all AI systems centrally – with risk category, status, responsible parties and departments. BigID-inspired asset register.
Multi-Framework References
Each conformity check automatically shows the corresponding ISO 42001 clauses and NIST AI RMF functions – perfect guidance for international standards.
AI Labeling Checklist (Art. 50)
Interactive checklist for AI content labeling obligations – images, videos, audio, texts, chatbots & social media. Incl. provider/deployer distinction and exception checks. Mandatory from 02.08.2026, fines up to €15M.
URL Check for AI Labeling
Check any URL for Art. 50 compliance – our AI analyzes the page and detects whether AI-generated content is present and properly labeled. Including concrete recommendations.
Content Archive with Search & Filter
All captured AI content at a glance – with full-text search and filters by status, content type, platform and labeling requirement. Stay organized even with many content items.
Team Approval Workflow
Multi-step approval process: Create → Review → Approve → Publish. See who created, reviewed and approved each content item – for seamless team documentation.
What counts as an AI system?
The EU AI Act regulates AI systems based on their purpose and risk level – not by brand name or number of tools. Each AI system with an independent purpose requires separate compliance documentation.
One Tool = One Project
Your company uses ChatGPT for customer service? That's one AI system – one compliance project.
Example: ChatGPT for support → 1 project
Multiple Tools = Multiple Projects
Using ChatGPT, Midjourney, and a custom ML model? Each system with a different purpose needs its own project.
Example: ChatGPT + Midjourney + ML → 3 projects
Platform = It depends
A platform like Magica with multiple AI models can be one project – or several, if the use cases have different risk levels.
Example: Magica for marketing → 1 project, Magica for HR → separate project
What is a project in the Premium Toolkit?
A project refers to an AI system or AI application that requires its own compliance documentation – not every individual tool within a platform. For example, if you use a platform with multiple AI models for the same purpose, that is one project. But if you use the same platform for HR and marketing, those are two projects with different risk levels.
The key question
It's not the tool name that determines the obligations, but the purpose of use. An AI tool for marketing copy (limited risk) requires different measures than the same tool for applicant screening (high risk). Use our free questionnaire to find out how many projects you need.
EU AI Act Glossary
Key terms of the AI Regulation explained clearly.
Audit Trail
Complete, automatic logging of all AI decisions and data access for traceability.
Conformity Assessment
Procedure to demonstrate that a high-risk AI system meets the requirements of the AI Regulation.
Fundamental Rights Impact Assessment
Mandatory assessment by deployers whether a high-risk AI system may affect fundamental rights of affected persons (Art. 27).
AI Governance
Internal framework of processes, policies and responsibilities for compliant AI deployment.
High-Risk AI System
AI system used in areas such as employment, education, law enforcement or critical infrastructure (Annex III).
GPAI (General Purpose AI)
AI model with broad capability, e.g. large language models (LLMs). Subject to specific transparency and documentation obligations (Art. 51–56).
AI Regulatory Sandbox
Controlled testing environment supervised by an authority where AI systems can be tested under real conditions (Art. 57–62).
Transparency Obligation
Duty to inform users that they are interacting with an AI system – applies especially to chatbots and deepfakes (Art. 50).
Risk Class
Classification of an AI system as minimal, limited, high or unacceptable risk – determines the scope of regulatory obligations.
Deployer / Provider
Providers develop and market AI systems; deployers use them. Both carry different obligations under the AI Regulation.
Frequently Asked Questions about the AI Regulation
What is the AI Regulation (EU AI Act)?
Who qualifies as a provider and who as a deployer?
What obligations apply to high-risk AI systems?
What does Art. 50 EU AI Act mean?
When do the different deadlines apply?
What penalties apply for violations?
What must be considered for generative AI?
Official Sources
All information on this page is based on official legal texts and publications of the European Union.
Full text of the AI Regulation (EUR-Lex)
Regulation (EU) 2024/1689 – the complete legal text in the Official Journal of the EU.
EU Commission: AI Regulation
Official overview page of the EU Commission on the regulatory framework for Artificial Intelligence.
EU AI Act FAQ (EU Commission)
Frequently asked questions about the AI Regulation – directly from the European Commission.
Conclusion
Anyone deploying, developing, or distributing AI in the EU must act – regardless of company size. The AI Regulation defines clear obligations for providers and deployers of AI systems. The EU AI Act Compliance Check gives you a clear overview of your AI risk class, obligations and next implementation steps in just a few minutes.
Start your EU AI Act Compliance Check now