EU AI Act Compliance Checklist

Interactive checklist for EU AI Act obligations by risk tier

Select your AI system type and use case to get an interactive checklist of EU AI Act obligations mapped to your risk classification — unacceptable, high, limited or minimal — with article references and plain-English explanations. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

Is this checklist legal advice?

No. It is an educational tool summarising obligations from the EU AI Act (Regulation 2024/1689) in plain English. For binding decisions consult a qualified EU lawyer, as classification often turns on specific facts.

Map your AI system to its EU AI Act obligations

The EU AI Act (Regulation 2024/1689) is the world’s first comprehensive law for artificial intelligence. It does not regulate the technology in the abstract — it regulates uses, sorting every system into one of four risk tiers: unacceptable (banned outright), high (heavily regulated), limited (transparency duties) and minimal (largely unregulated). The obligations you face depend almost entirely on which tier your use case falls into and whether you are the provider or the deployer.

This checklist turns the relevant articles into a concrete, tickable list so you can see exactly what applies to your situation and track your progress.

How the tiers and roles work

Risk classification is driven by purpose, not capability. The same model can be minimal-risk in one product and high-risk in another. Annex III lists the high-risk use cases — recruitment, worker management, credit and insurance scoring, biometric identification, essential public services, education, critical infrastructure and law enforcement among them. Article 5 lists the prohibited practices such as social scoring and untargeted facial-recognition scraping.

Your role matters just as much. Providers (those who develop a system or have it developed and place it on the market) carry the bulk of the duties: risk-management systems, technical documentation, data governance, conformity assessment and CE marking. Deployers (those who use a system in their own operations) have lighter but real duties: human oversight, input-data relevance, monitoring and, for some systems, transparency to affected people.

Notes and tips

  • If you are unsure of your tier, run the AI Risk Classifier first — a wrong tier choice makes the whole checklist misleading.
  • General-purpose AI (GPAI) models such as large language models have their own layer of obligations under Chapter V, including a transparency baseline and extra duties for models posing systemic risk.
  • Keep the copied checklist with dates in your compliance file; demonstrable process is itself a defence if a regulator asks how you assessed conformity.
  • The Act is enforced by national market-surveillance authorities with fines up to €35M or 7% of global turnover for prohibited practices, so do not treat the “unacceptable” tier as theoretical.