Is your business ready
for the EU AI Act?

€35M or 7%

Maximum fines for prohibited AI practices under the EU AI Act.

Aug 2, 2026

Full enforcement deadline for high-risk AI systems.

27 states

National authorities with sanctioning power.

Complete the assessment

9 targeted questions about your AI systems, sector, and practices. Under 5 minutes.

Receive risk classification

Systems mapped against Articles 5, 6, 52 and Annex III to determine your regulatory tier.

Get compliance roadmap

Prioritised action plan with deadlines, documentation requirements, and milestones.

Social scoring, subliminal manipulation, real-time biometric surveillance, workplace emotion recognition

Prohibited — cease deployment immediately

Credit scoring, recruitment AI, medical devices, critical infrastructure, law enforcement

Full compliance required — Art. 9-15 obligations

Chatbots, AI generators, emotion recognition, deepfakes, general-purpose AI models

Transparency obligations — Art. 50 disclosures

Spam filters, game AI, inventory optimisation, recommendation algorithms

No specific obligations — voluntary codes

Full compliance toolkit — limited time

Regulation (EU) 2024/1689 is the world's first comprehensive AI law. Prohibited practices are enforceable since Feb 2025. GPAI obligations since Aug 2025. Full high-risk requirements from Aug 2, 2026.

Yes. It has extraterritorial scope like GDPR. Any organisation placing AI on the EU market or affecting EU persons is in scope.

Depends on use. Internal tasks = minimal risk. Decisions affecting individuals (credit, hiring, insurance) = potentially high-risk under Annex III. Customer-facing chatbots trigger Art. 50 transparency.

Prohibited AI: up to €35M or 7%. High-risk violations: €15M or 3%. Wrong info to authorities: €7.5M or 1%. SMEs may get reduced proportionate penalties.

Risk management (Art. 9), data governance (Art. 10), technical docs per Annex IV (Art. 11), logging (Art. 12), transparency info (Art. 13), human oversight (Art. 14), accuracy specs (Art. 15), plus conformity assessment and EU database registration.

Art. 62 provides reduced fees, sandboxes, and simplified documentation. But core obligations still apply — no blanket exemption by size.

Both providers and deployers must ensure staff have sufficient AI literacy — understanding how systems work, their capabilities, limitations, risks, and legal obligations.

Art. 50 requires: disclosure of AI interaction, labelling AI-generated content, disclosing deepfakes, and consent for emotion recognition.

They complement each other. High-risk AI must comply with both. Art. 10 data governance explicitly references GDPR principles.

Now. Conformity assessments take 3-6 months. With the Aug 2026 deadline ~5 months away, start with AI inventory, risk classification, and documentation immediately.

Yes. Internal use reduces your risk tier (likely Minimal or Limited), but Article 4 AI literacy still applies universally. If any internal tool influences decisions about employees (performance reviews, scheduling, monitoring), it may qualify as high-risk under Annex III Category 4.

General-Purpose AI (Art. 51-55) obligations are enforceable since Aug 2025. If you use ChatGPT, Claude, or Gemini APIs, the provider carries most obligations. But if you fine-tune, adapt, or deploy GPAI for high-risk purposes, you become a deployer with your own compliance duties.