EU AI Act Compliance Checker — Interactive Checklist & Score

Interactive EU AI Act compliance checklist. Select your role (provider, deployer, GPAI developer) and AI system type, check off completed obligations, and get a personalised compliance score with a gap analysis. Free, no registration required.

Check your EU AI Act compliance obligations in 3 steps

This tool gives compliance teams, legal counsel, and product managers a fast, personalised read on their EU AI Act obligations. Work through the wizard in under 5 minutes to get your compliance score and a prioritised list of actions.

How it works:

Select your role — provider, deployer, both, or GPAI developer
Select your AI system's risk tier
Work through the relevant checklist items and see your compliance score

Results are indicative guidance only and do not constitute legal advice. Complex or edge-case situations require professional legal assessment.

Checklist coverage:

Annex III high-risk providers — 30+ obligations from Art. 9 (risk management) through Art. 71 (EU AI database registration)
Annex I high-risk providers — integration with host product regulation (MDR, Machinery, etc.) + Annex III obligations
Annex III deployers — oversight, FRIA, staff training, incident reporting obligations
GPAI developers — technical documentation, copyright, downstream support, systemic risk assessment
Transparency-only AI — Art. 50 disclosure obligations (chatbots, deepfakes, emotion recognition)

AI Act meets DORA and NIS2

Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.

Explore regulation-dora.eu ↗

Frequently Asked Questions

Who needs to complete an EU AI Act compliance checklist?

Any organisation that develops, deploys, imports, or distributes AI systems in the EU. Providers (who develop AI) face the heaviest obligations including conformity assessment and CE marking. Deployers (who use third-party AI) must ensure oversight, staff training, and transparency to affected persons. GPAI developers (foundation model and LLM providers) face Chapter 5 obligations since 2 August 2025.

What is the difference between provider and deployer obligations under the EU AI Act?

A provider develops an AI system and places it on the EU market — it bears the primary compliance burden: risk management system, technical documentation, conformity assessment, EU AI database registration, CE marking, and post-market monitoring. A deployer uses a third-party AI system under its authority — it must verify the provider's conformity, designate oversight personnel, train staff, inform affected persons, and report serious incidents. Both roles have distinct checklists under this tool.

How long does it take to complete EU AI Act compliance for a high-risk AI system?

For an Annex III standalone high-risk AI system, a realistic compliance programme takes 12–24 months: 3–6 months for gap assessment and QMS design, 6–12 months for technical documentation, data governance, and conformity assessment, and 3–6 months for EU database registration and CE marking. The deadline is 2 December 2027 — but notified body capacity is already constrained, so starting in 2026 is strongly recommended.

Is this compliance checklist tool free?

Yes, completely free. The interactive wizard, checklist, and compliance score are available without registration. An optional email capture lets you receive your personalised compliance action plan — still free.

Stay ahead of AI Act changes

Get compliance alerts when deadlines or obligations change.

No spam. One-click unsubscribe.