The EU AI Act is a risk-based regulation that classifies AI systems into four tiers — unacceptable, high-risk, limited risk, and minimal risk — and imposes obligations proportional to each tier. It applies to any organisation providing or deploying AI systems within the EU market, regardless of where the organisation is based.

Both AI providers (entities that develop AI systems) and deployers (entities that use AI systems under their authority) have obligations. This includes companies using AI-powered features embedded in third-party software like CRM platforms, HR tools, and financial services applications. If you use AI in your business operations within the EU, the Act likely applies to you.

The EU AI Act introduces a three-tier penalty structure — the steepest in EU digital regulation. Violations of prohibited AI practices carry fines up to €35 million or 7% of global annual turnover. High-risk system obligations carry fines up to €15 million or 3%. Supplying incorrect information carries fines up to €7.5 million or 1%. These penalties exceed GDPR's maximum of 4% / €20 million.

The Act entered into force on 1 August 2024 with a phased timeline. Prohibited practices and AI literacy obligations have been enforceable since 2 February 2025. General-purpose AI model obligations apply since 2 August 2025. The main body of obligations — including high-risk system requirements, transparency rules, and deployer obligations — takes effect on 2 August 2026.

Annex III of the EU AI Act defines eight categories of high-risk AI: biometrics, critical infrastructure, education, employment and worker management, essential services (including credit scoring and insurance), law enforcement, migration and border control, and justice and democratic processes. AI systems used in HR recruitment, CV screening, credit assessment, or insurance pricing are explicitly high-risk.

Article 5 prohibits eight AI practices outright: subliminal manipulation, exploitation of vulnerabilities, social scoring, criminal risk profiling based solely on traits, untargeted facial image scraping, workplace emotion recognition (except for medical/safety purposes), biometric categorisation by sensitive attributes, and real-time remote biometric identification in public spaces. These prohibitions have been enforceable since February 2025.

This free assessment evaluates your organisation's readiness across the five key compliance areas of the EU AI Act: AI inventory, risk classification, governance, documentation, and training. You'll receive an instant compliance score, a priority gap analysis mapping each gap to specific articles and penalty tiers, and — after providing your email — detailed remediation steps and a downloadable PDF compliance brief you can share with stakeholders.

The assessment takes approximately 5 minutes. Your answers are scored using a weighted system that reflects regulatory severity — prohibited practices screening and human oversight carry more weight than general training questions. Start the assessment above to find out where you stand.