Free tool

EU AI Act readiness self-assessment.

Fifteen questions across four areas of AI Act readiness. It takes about five minutes and gives you an indicative readiness score, with a sense of where to focus next. No sign-up to begin.

This is an indicative readiness check to start a conversation, not a formal classification or legal advice. Whether a system is in scope, and your obligations, depend on case-by-case analysis. Your answers are sent to me so I can give you a more useful response if you get in touch.

0 of 15 answered

01 Scope and Inventory

1. Do you know which AI systems your organisation builds, buys, or uses?

1We have no inventory of AI systems. 2We have a rough idea, but nothing documented. 3A partial inventory exists, mostly for the obvious systems. 4A reasonably complete inventory, updated occasionally. 5A complete, maintained inventory of AI systems, including third-party and embedded AI.

2. Have you determined your role for each AI system (provider, deployer, or both)?

1We have not considered the provider/deployer distinction. 2We are aware of it but have not applied it to our systems. 3We have assessed role for some systems, not all. 4Role is identified for most systems, with some review. 5Role is documented for every system and revisited when use changes, including where modifying a third-party system could make us a provider.

3. Have you classified your AI systems against the Act's risk categories?

1No classification has been attempted. 2We understand the risk tiers but have not classified our systems. 3Some systems have been provisionally classified. 4Most systems are classified, with rationale recorded for the key ones. 5All systems classified against the risk tiers, with documented reasoning and review triggers.

4. Do you know whether any of your systems may fall under the high-risk category (for example Annex III uses)?

1We do not know. 2We suspect some might, but have not checked against the criteria. 3We have looked at the high-risk criteria for a few systems. 4We have assessed most systems against the high-risk criteria. 5We have a documented, reasoned position on high-risk status for every relevant system, classified conservatively where status is borderline.

02 Governance and Accountability

5. Who is accountable for AI Act compliance in your organisation?

1No one is accountable in particular. 2It is assumed to sit somewhere, but not assigned. 3Informally owned by an individual or team. 4Formally assigned, with some defined responsibilities. 5Clearly assigned with defined responsibilities, escalation paths, and board-level visibility.

6. Do you have internal policies or principles governing how AI is developed or used?

1No AI-specific policies exist. 2General policies touch on it, but nothing AI-specific. 3Draft or partial AI principles exist. 4Documented AI policies exist, applied to most activity. 5Documented, version-controlled AI policies, embedded in how systems are built and procured.

7. Are the people building or deploying AI aware of their obligations under the Act?

1There is no awareness of AI Act obligations. 2A few individuals are aware, informally. 3Key people have a general understanding. 4Relevant teams have had some briefing or training. 5Targeted training and awareness for everyone involved in AI, kept current as the Act phases in.

8. Do you assess AI systems for risk before they go live?

1No risk assessment takes place. 2Risk is considered informally, case by case. 3Some systems get a risk review, inconsistently. 4A risk assessment step exists for most new systems. 5A consistent, documented risk assessment is required before any AI system goes live.

03 Documentation and Technical Readiness

9. For systems where it may apply, do you maintain technical documentation (for example along the lines of Annex IV)?

1No technical documentation is kept. 2Some documentation exists, but not structured for the Act. 3Partial documentation for key systems. 4Structured documentation for most relevant systems. 5Complete, maintained technical documentation aligned to the Act's expectations.

10. Do you keep records of the data used to train, validate, or operate your AI systems?

1No records of data sources or characteristics. 2Informal knowledge, not documented. 3Some data documentation for key systems. 4Reasonable data records for most relevant systems. 5Documented data governance covering sources, characteristics, and known limitations.

11. Is there human oversight designed into your AI systems where it matters?

1No human oversight is built in. 2Oversight happens informally, if at all. 3Some systems have oversight, but it is not designed deliberately. 4Human oversight is designed into most higher-impact systems. 5Human oversight is deliberately designed, documented, and tested where the system's impact requires it.

12. Can you explain, in plain terms, what your significant AI systems do and how they reach outputs?

1We could not readily explain this. 2Only the technical team could, informally. 3We can explain the main systems at a high level. 4We have documented explanations for most significant systems. 5Clear, maintained explanations exist, suitable for users, customers, or regulators.

04 Transparency, Monitoring, and Change

13. Where required, are people told when they are interacting with AI or AI-generated content?

1No transparency measures are in place. 2We have considered it but not implemented anything. 3Some systems disclose AI involvement, inconsistently. 4Disclosure is in place for most relevant systems. 5Transparency is consistently applied wherever the Act or good practice requires it.

14. Do you monitor AI systems after deployment for problems or drift?

1No post-deployment monitoring. 2We react to issues only when they surface. 3Some monitoring for key systems. 4Monitoring is in place for most higher-impact systems. 5Structured post-market monitoring with defined metrics, log-keeping, and a route to act on findings.

15. How do you keep up as the AI Act phases in and guidance develops?

1We do not track developments in the Act. 2We hear about major changes informally. 3Someone keeps a loose eye on developments. 4We track developments and adjust on a defined cycle. 5We actively monitor the Act, standards, and guidance, including the August 2026 high-risk obligations, and update our approach as they evolve.

05 Your details

So I can send your result and follow up if you would like.

Name

Work email

Organisation (optional)

Anything you would like to add? (optional)

Your result

0/ 75

band

Want to turn this into a concrete plan? A short call is the fastest way.

Book a 15-minute call →

Back to home