Hael
Sign inRequest a demo
EU AI Act · Requirements

EU AI Act compliance checklist

Updated 30 June 2026 · 6 min read
Key takeaway
An EU AI Act compliance checklist comes down to six moves: inventory your AI, fix your role for each system, classify each by risk, apply the required controls, produce the documentation, and keep it current. The detail varies by system, but this sequence works for any organisation and turns a dense regulation into an actionable plan.
  • Six steps: inventory, role, classification, controls, documentation, and ongoing review.
  • The AI inventory is the backbone; you cannot govern what you have not listed.
  • High-risk systems need the full control set plus conformity assessment and registration.
  • Compliance is continuous, so build a process that keeps classifications and evidence current.
  • Current as of June 2026. This is general information, not legal advice.

1. Build an AI inventory

You cannot govern what you have not listed. Catalogue every AI system you develop, provide, deploy, or embed, including third-party tools and internal automation. For each, record what it does, who owns it, what data it uses, and where it is used. This inventory is the backbone of everything that follows.

2. Determine your role for each system

For every system, decide whether you are the provider, deployer, importer, or distributor. Your obligations flow from this. You may hold different roles for different systems, and a deployer who substantially modifies a high-risk system can become a provider.

3. Classify each system by risk

Map each system to the four tiers: prohibited, high, limited, or minimal. Pay closest attention to the Annex III high-risk categories (such as hiring, credit, and biometrics) and to any prohibited uses, which must stop. Document the reasoning behind each classification.

4. Apply the required controls

For high-risk systems, put in place the core controls: a risk management system, data governance, human oversight, logging, and measures for accuracy, robustness, and cybersecurity. For limited-risk systems, implement the transparency duties, such as disclosing AI interaction and labelling AI-generated content.

5. Produce the documentation and assessment

Prepare the technical documentation, instructions for deployers, and, for high-risk systems, complete the conformity assessment, draw up the EU declaration of conformity, affix CE marking where applicable, and register in the EU database. Deployers may also need a fundamental rights impact assessment.

6. Keep it current

Compliance is not a one-time event. AI systems change, and so do their risk profiles. Establish a process to review classifications, refresh documentation, monitor systems in operation, and capture incidents. When a regulation or a system changes, the affected records should be flagged and reviewed.

Turning the checklist into a system

The checklist is straightforward to state and harder to maintain across a growing estate of AI systems, especially when documentation and evidence are scattered across spreadsheets and folders. The organisations that stay ready treat the checklist as a continuous operating model with a single record per system, so that the inventory, classification, controls, and evidence stay connected and current rather than drifting apart.

Key terms

AI inventory
The catalogue of every AI system an organisation develops, deploys, or embeds, with ownership and context.
Classification
Assigning each AI system to one of the Act's four risk tiers based on its purpose and use.
Controls
The technical and organisational measures that satisfy the Act's requirements for a given system.
Documentation
The records that evidence compliance, including the technical file and instructions for use.
Conformity assessment
The formal check that a high-risk system meets the Act before it is placed on the EU market.

References

Related guides

Keep reading on EU AI Act.

Free check

See where you stand on EU AI Act, free.

Answer a few questions and get an indicative view of what EU AI Act expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
EU AI Act · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to EU AI Act~ 5 MIN