Free · No signup · 5 minutes

EU AI Act readiness checklist

20 controls mapped to the EU AI Act Articles enterprises trip on most. Live scoring, traffic-light verdict, written gap report. Built by SLAtech LTD (Israel · since 2004).

0 / 20 answered
Score: 0 / 40

1. High-risk classification

EU AI Act · Article 6 + Annex III
We have classified whether each AI system in use falls under the Article 6 high-risk category.Classification is documented and reviewed when the system changes.
We know which Annex III use cases (employment, credit scoring, education, law enforcement, biometric, critical infrastructure, etc.) apply to our systems.If unsure, the system must be treated as high-risk by default.
No AI system in scope falls under an Article 5 prohibited practice (manipulative, social scoring, real-time biometric ID in public, untargeted face-scraping).
Where we use general-purpose AI (e.g. third-party LLMs), we have identified the provider's GPAI obligations and our deployer obligations under Article 50.

2. Risk management

EU AI Act · Article 9
A written risk management process is established, documented, and maintained across the AI system lifecycle (not a one-off at launch).
Foreseeable risks to health, safety, and fundamental rights have been identified and analyzed under foreseeable misuse + reasonably foreseeable misuse.
Testing is conducted against pre-defined metrics + probabilistic thresholds for each known risk, before deployment AND throughout the lifecycle.
Post-market monitoring is set up: a process to detect incidents, drift, or new risks in production and feed them back into the risk register.

3. Data & data governance

EU AI Act · Article 10
Training, validation, and test datasets are documented: source, collection method, intended population, labelling process.
Datasets have been examined for biases that could affect health, safety, fundamental rights, or produce discriminatory output.
Datasets are relevant, sufficiently representative, and free of errors / complete to the extent possible for the intended purpose.
If special category personal data is processed, lawful basis + safeguards (encryption, pseudonymisation, technical and organisational measures) are documented.

4. Transparency & human oversight

EU AI Act · Articles 13 + 14
User-facing documentation (instructions, model card, capabilities + limitations + accuracy + foreseeable misuse) is available to deployers.
End users are informed they are interacting with an AI system (chatbots, generated content, deepfakes are labelled per Article 50).
Effective human oversight is designed in: humans can intervene, override, or shut down outputs, with the tools and authority to do so.
Oversight personnel are trained on the system's capabilities + limits AND aware of automation bias risk (over-reliance on AI output).

5. Accuracy, robustness, cybersecurity

EU AI Act · Article 15
Pre-defined performance metrics + thresholds are declared in the instructions for use, and the system is tested against them.
The system is resilient to errors, faults, inconsistencies, and feedback loops — with technical redundancy, fail-safe, or fallback solutions where impact warrants.
Specific protections against data poisoning, adversarial examples, model evasion, model inversion, and confidentiality attacks are documented.
Automatic logging of system events is in place to enable post-incident traceability for the lifetime of the system (Article 12).