AI supplier compliance declaration
The EU AI Act puts obligations on providers of AI systems that scale with risk. For many limited-risk systems — chatbots, content generators, recommendation features — the core duties are transparency and a supplier self-declaration rather than a full third-party conformity assessment. This generator walks you through a structured questionnaire about your system and assembles a declaration-of-conformity template aligned with the Act’s transparency and documentation expectations, while flagging the obligations you have not yet confirmed.
Who needs this
Any organisation that develops, deploys, or places on the EU market an AI system with limited-risk characteristics — internal chatbots, customer-facing virtual assistants, AI-generated content tools, recommendation engines, and similar — and wants to articulate its compliance posture to enterprise customers, regulators, or procurement teams. It is also useful as a gap-analysis prompt before you commission a formal compliance review: working through the questionnaire surfaces what you still need to build before you can credibly claim conformity.
How it works
You enter the basics — system name, provider, intended purpose — then pick your risk classification and tick the conformity measures you have actually implemented: a transparency notice that users are interacting with AI, labelling of synthetic content, technical documentation, human-oversight provisions, a record-keeping/logging capability, and a data-governance process. The tool checks your answers, warns clearly if you select a high-risk classification (where self-declaration is not sufficient), and assembles the rest into a clean, copyable declaration template with the unmet obligations called out so you can close them first.
What a limited-risk declaration typically covers
The transparency and documentation layer for limited-risk AI systems generally requires five things to be demonstrably in place:
- User notification — people interacting with the system must know they are engaging with AI, unless it is obvious from context.
- Synthetic-content labelling — AI-generated images, audio, or video must be marked as machine-generated in a machine-readable format.
- Technical documentation — a record of what the system does, its capabilities and limitations, and who is responsible for it.
- Human oversight — a mechanism to refer outputs to a human where the stakes are high, or to disable the system if it behaves unexpectedly.
- Data governance — documented processes for handling training and operational data, especially personal data, in line with GDPR.
These five are the checklist the generator steps through; each unticked item becomes a named gap in the output rather than a silent omission.
Worked example
For illustration: a company ships an internal policy-drafting assistant. It is a limited-risk generative system. They enter the system name, select “Limited Risk / Transparency Obligations”, and tick transparency notice, technical documentation, and data governance, but leave synthetic-content labelling and human-oversight provisions unticked because they have not yet built those. The generator produces a draft declaration with the two open obligations flagged in bold so the legal team knows exactly what to close before signing. That draft then goes to external counsel, not to a regulator directly — which is exactly the right order of operations.
Tips and notes
- Confirm your risk tier before anything else. A high-risk system needs a formal conformity assessment and database registration, not a self-declaration.
- The measures must be real. A declaration that asserts controls you have not built is worse than no declaration — it is a misrepresentation.
- Transparency is the limited-risk core. Tell users they are dealing with AI and label AI-generated media; these are the load-bearing obligations.
- Get it reviewed. Treat the output as a drafting aid for your compliance or legal function, not as legal advice.
- Re-run it when the system changes. A declaration is tied to a version; a material change to the model, purpose, or guardrails makes an old declaration stale and potentially misleading.