Free · 3 minutes · Based on the official EU AI Act flowchart

Free EU AI Act
Compliance Checker

Answer 8 questions. Get your risk classification, your specific legal obligations, and a clear next step — instantly. No credit card, no account.

2 Aug
High-risk deadline 2026
3 tiers
Penalty levels (up to 7%)
Art. 5
Prohibited practices live

Based on the official FLI/EU compliance flowchart · Last updated January 2026

EU AI Act Compliance Check Step 1 of 8
Section E · Entity Type
What is your organisation's primary role in relation to the AI system?
Choose the role that best describes how your organisation relates to this AI system. Note: if you are a deployer who has significantly modified the system's purpose or functionality, you may be reclassified as a Provider under Article 25.
Provider
We develop or build the AI system and place it on the market or put it into service
Deployer
We use an AI system built by someone else within our own operations or for our customers
Distributor or Importer
We make a third-party AI system available on the EU market without modifying it
Product Manufacturer
We embed AI into a physical product (e.g. medical device, vehicle, machinery)
Section S · Geographic Scope
Does your AI system reach users or produce effects within the European Union?
The EU AI Act applies regardless of where your company is based. It covers any system whose output is used in the EU or affects EU residents — including SaaS products, APIs, and decision tools used by EU clients.
Yes — we operate in or serve users in the EU
→ EU AI Act applies in full
Partially — some EU exposure or planned EU expansion
→ Obligations apply to the EU-facing portion
No — exclusively outside the EU with no EU user impact
→ Currently out of scope — monitor if you expand
Section GPAI · General Purpose AI
Is your system a general-purpose AI model — a model trained on large amounts of data capable of performing a wide range of tasks?
This covers large language models (LLMs), foundation models, multimodal models, and image/code/audio generation models. Examples: building your own LLM, fine-tuning an open-source foundation model for release, or offering a model API to other developers. GPAI obligations under Articles 51–55 have applied since 2 August 2025.
Yes — we develop or release a general-purpose AI model
→ GPAI obligations under Art. 51–55 apply now
No — we use AI models built by others, or build task-specific AI
→ Continue to use-case classification
Section S · Scope Exclusions
Does your AI system fall into any of the following excluded categories?
The AI Act excludes certain uses from its main obligations. Select all that apply, or choose "None of the above" to continue to the full classification.
✦ Select all that apply
Scientific research & development only
System is exclusively used for R&D purposes and not placed on the market
Open-source model (weights freely available)
Weights are publicly released under an open licence — note: prohibited practices and GPAI systemic-risk rules still apply
Personal or purely private non-professional use
Used solely by an individual for their own personal, non-commercial purposes
Military, national defence, or national security
Exclusively for military or national security purposes by a Member State
None of the above
Our system doesn't fall into these exclusions
Section R · Article 5 · Prohibited Practices
Do any of the following describe your AI system's functions?
Most AI systems don't fall into these categories. Article 5 prohibited practices have been enforceable since 2 February 2025. Select any that apply — or choose "None of the above" to continue.
✦ Select all that apply
Subliminal manipulation causing psychological harm
Techniques that operate below conscious awareness to distort a person's behaviour in a harmful way
⚠ Article 5(1)(a) — Prohibited
Exploiting vulnerabilities of specific groups
Targeting children, elderly, or people with disabilities to distort their behaviour harmfully
⚠ Article 5(1)(b) — Prohibited
Social scoring of individuals by public or private entities
Evaluating persons over time across unrelated contexts leading to detrimental treatment
⚠ Article 5(1)(c) — Prohibited
Predicting criminal risk based solely on profiling or personality
AI-based individual risk assessment for criminal behaviour without objective, verifiable facts
⚠ Article 5(1)(d) — Prohibited
Untargeted scraping of facial images to build recognition databases
Mass collection from internet or CCTV to expand facial recognition datasets
⚠ Article 5(1)(e) — Prohibited
Emotion recognition in workplaces or educational institutions
Inferring employees' or students' emotional states in professional or academic settings
⚠ Article 5(1)(f) — Prohibited
Biometric categorisation to infer protected characteristics
Deducing race, political opinions, religion, sexual orientation, or trade union membership from biometric data
⚠ Article 5(1)(g) — Prohibited
Real-time remote biometric identification in public spaces
Live identification of people in publicly accessible areas (narrow law-enforcement exceptions apply — legal review required)
⚠ Article 5(1)(h) — Prohibited except narrow exceptions
None of the above
Our system does not perform any of these functions
→ Continue to use-case classification
Section HR · Annex III High-Risk Use Cases
Does your AI system perform any of the following functions?
These use cases are explicitly listed in Annex III of the EU AI Act as high-risk. Selecting any triggers the full Article 9–15 obligations. Narrow exceptions apply for AI performing preparatory or administrative tasks. Select all that apply.
✦ Select all that apply
Biometric identification or categorisation of persons
Remote identity verification, face matching, or biometric categorisation systems
→ Annex III 1 — High-risk
Critical infrastructure management
AI used in digital infrastructure, energy grids, water supply, transport, or financial markets
→ Annex III 2 — High-risk
Education and vocational training
Determining access to educational institutions, evaluating students, monitoring behaviour
→ Annex III 3 — High-risk
Employment, HR, and workforce management
Recruitment, CV screening, interview evaluation, performance monitoring, task allocation, contract termination
→ Annex III 4 — High-risk
Access to essential private services
Credit scoring, loan or insurance decisions, welfare benefit eligibility, emergency service routing
→ Annex III 5 — High-risk
Law enforcement
Risk assessment for criminal behaviour, polygraphs, forensic evidence evaluation, crime analytics
→ Annex III 6 — High-risk
Migration, asylum, and border control
Risk assessment for irregular migration, document verification, visa or asylum application processing
→ Annex III 7 — High-risk
Administration of justice and democratic processes
AI assisting courts, applying the law, or influencing elections or democratic decision-making
→ Annex III 8 — High-risk
None of the above
Our system does not perform any Annex III functions
Section HR · Annex I — Regulated Products
Is your AI system a safety component of, or itself placed on the market as, a regulated product under EU law?
Regulated products include: medical devices, in vitro diagnostics, civil aviation equipment, motor vehicles, marine vessels, railway systems, lifts, machinery, toys, and personal protective equipment governed by EU sectoral safety legislation.
Yes — our AI is part of a regulated product (Annex I)
High-risk AI rules apply from 2 August 2027 for these systems
→ Annex I — High-risk (later timeline: Aug 2027)
No — standalone AI application, not embedded in a regulated product
Unsure — we may have some overlap with regulated products
Section R · Article 11 — Technical Documentation
How would you describe your current technical documentation and compliance records?
Article 11 requires a technical file covering system design, training data, risk management, and performance metrics. Article 10 requires documented data governance. This question helps calibrate your readiness score.
Full documentation — technical file and data governance records exist
We have structured, up-to-date records meeting Article 11 requirements
→ Strong compliance posture
Partial documentation — some records exist but gaps remain
We have internal docs but they're incomplete or not structured for regulatory review
→ Article 11 documentation gap
No formal documentation — nothing regulator-ready
We track things informally or not at all
→ Critical Art. 11 gap — high exposure
Not applicable — we are a pure deployer; the provider holds the documentation
We rely on the provider's technical file and have not modified the system
Preliminary Assessment
Calculating...
Unlock full report ↓
Almost there

Your compliance report is ready.

Enter your details to unlock your full obligation checklist, article-by-article mapping, penalty exposure, and remediation roadmap.

Full obligation checklist
Article-by-article mapping
Penalty exposure by tier
Prioritised remediation steps

🔒 Your data is never shared with third parties.

Frequently Asked Questions

Is this EU AI Act checker really free? +
Yes — fully free, instant, and based on the official EU AI Act compliance flowchart. No credit card or account required. We ask for your contact details at the end so we can send your full report and follow up with tailored guidance.
When does the EU AI Act start applying to my company? +
It depends on your use case. Prohibited practices (Article 5) and AI literacy obligations have applied since 2 February 2025. GPAI model obligations apply from 2 August 2025. High-risk AI system obligations (Annex III — covering employment, credit, education, etc.) apply from 2 August 2026. AI embedded in regulated products (Annex I) applies from 2 August 2027. Note: the EU's Digital Omnibus proposal (November 2025) may adjust some of these timelines — always check current legal guidance.
What makes an AI system high-risk under the EU AI Act? +
There are two routes to "high-risk" classification. First, Annex I: AI that is a safety component of a regulated product (medical devices, vehicles, machinery). Second, Annex III: AI used for specific functions including employment and HR decisions, education access, credit scoring, biometric identification, law enforcement, migration, and administration of justice. High-risk systems must comply with Articles 9–15 — risk management, data governance, technical documentation, transparency, human oversight, and robustness.
What are the EU AI Act fines? +
The EU AI Act uses a three-tier penalty structure. Violations of prohibited practices (Article 5) can attract fines up to €40 million or 7% of global annual turnover, whichever is higher. Violations of data governance and transparency obligations (Articles 10, 13) attract up to €20 million or 4%. Other requirement violations attract up to €10 million or 2%. For SMEs and start-ups, the lower of the two figures applies.
Does the EU AI Act apply to companies outside the EU? +
Yes. The EU AI Act has explicit extraterritorial reach. It applies to any provider or deployer whose AI system's output is used within the EU or produces effects on EU residents — regardless of where the company is headquartered. This means US, UK, or Asian companies serving EU clients are in scope.
What are the eight prohibited AI practices under Article 5? +
Article 5 prohibits: (1) subliminal or manipulative techniques causing psychological harm; (2) exploiting vulnerabilities of specific groups; (3) social scoring systems by public or private entities; (4) predicting criminal risk based purely on profiling or personality; (5) untargeted scraping of facial images to build recognition databases; (6) emotion recognition in workplaces or schools; (7) biometric categorisation to infer race, political opinions, religion, or sexual orientation; and (8) real-time remote biometric identification in public spaces (with narrow law-enforcement exceptions). These have been enforceable since 2 February 2025.