AI Act classification and documentation, automated.
Free, no signup required for assessment.
Are you in scope?
Not sure? The 5-minute assessment gives you a definitive answer.
Take the assessment- 01Providers placing an AI system on the EU market, wherever the provider itself is established.
- 02Deployers using AI systems within the EU, including general-purpose AI tools like ChatGPT, Claude, or Gemini at meaningful operational scale.
- 03Importers and distributors of AI systems intended for the EU market.
- 04Non-EU companies whose AI output affects people in the EU. Extraterritorial reach mirrors the GDPR pattern.
- 05Companies embedding AI in safety components of regulated products (medical devices, machinery, toys, vehicles, lifts).
What's required
Plain language, not legal jargon. Citations link to the source regulation.
Risk classification
Categorise every AI system as prohibited, high-risk, limited-risk, or minimal-risk. Different obligations attach to each tier; prohibited practices are absolute.
Articles 5–6, AI Act (EU) 2024/1689 →Technical documentation
High-risk systems require Annex IV documentation covering training data, design choices, performance metrics, risk management measures, and post-market monitoring plans. Maintained continuously.
Article 11 + Annex IV, AI Act →Human oversight
High-risk systems must be designed so natural persons can effectively oversee them: interpret output, intervene, override, or shut down. Document the oversight measures and the competencies required.
Article 14, AI Act →Transparency obligations
Disclose AI-generated content (deepfakes, synthetic media), inform users when interacting with an AI system, and label outputs that could deceive natural persons.
Article 50, AI Act →Conformity assessment and CE marking
High-risk AI systems require a conformity assessment procedure (internal or third-party depending on the type) and CE marking before being placed on the market or put into service.
Article 43, AI Act →Post-market monitoring and serious-incident reporting
Operate active surveillance of high-risk systems in real-world use and notify national authorities of serious incidents within strict timelines (15 days; 2 days for widespread infringements).
Articles 72–73, AI Act →Deadlines
- 1 August 2024AI Act entered into force
- 2 February 2025Prohibited practices applicable EU-wide
- 2 August 2025Governance rules, GPAI obligations, and penalty regime applicable
- 2 August 2026Full application. High-risk systems (Annex III) in scope.
- 2 August 2027Existing high-risk products listed in Annex I brought in scope
Consequences
Up to €35M or 7% of global turnover for prohibited practices
Beyond fines, non-compliance can block enterprise sales contracts, expose directors personally, and trigger reportable incidents under adjacent regulations.
How Skarpix helps
AI inventory
Catalogue every AI system you build, license, or embed, with risk classification per system and the obligations that attach.
Risk-tier mapping
Automated classification against the AI Act risk taxonomy with reasoning trails you can defend.
Annex IV documentation
Templates for the technical documentation high-risk systems require, kept up-to-date as the system evolves.
Transparency tracker
Verify disclosure obligations are met across customer-facing AI features (chatbots, synthetic media, generated content).
Incident reporting
Workflow and templates for the serious-incident notification cascade under Article 73.
Ready to see where you stand on EU AI Act?
Frequently asked
We just use ChatGPT for productivity. Does the AI Act apply?+
General-purpose AI use carries lighter transparency obligations and your provider (OpenAI, Anthropic, Google) bears most of the structural compliance burden. You still need to inform employees and customers when AI is making material decisions, and you cannot use general-purpose AI for prohibited practices regardless of who built the model.
What's a high-risk AI system?+
Annex III lists categories including biometric identification, critical infrastructure, education assessment, HR/recruitment, credit scoring, law enforcement, migration, and administration of justice. Plus AI used as a safety component of products under existing EU regulations (medical devices, machinery, toys, vehicles).
When do penalties start?+
Prohibited practices: February 2025. GPAI and governance: August 2025. High-risk system penalties: August 2026. The €35M / 7% maximum applies to prohibited practice violations; high-risk non-compliance maxes at €15M / 3%; supplying incorrect information caps at €7.5M / 1%.
How does the AI Act interact with GDPR?+
GDPR continues to apply to any personal data processed by AI systems. The AI Act adds structural obligations (documentation, oversight, conformity, transparency) on top of GDPR data-protection requirements. Skarpix maps overlapping evidence across both frameworks so you don't duplicate work.
What about general-purpose AI models like GPT-4 and Claude?+
GPAI providers face specific obligations under Articles 53–55: technical documentation, copyright compliance, training-data summaries, and (for models with systemic risk) additional model evaluations, adversarial testing, and incident reporting. As a deployer, you inherit downstream obligations depending on how you use the model.
We're a non-EU company. Does the AI Act still apply?+
Yes, if you place an AI system on the EU market, put it into service in the EU, or your AI's output is used in the EU, regardless of where you're established. The extraterritorial reach mirrors GDPR. Non-EU providers must designate an EU authorised representative.
Which authority is responsible for the AI Act in Sweden?+
The AI Act (AI-förordningen) applies across the EU and is phasing in; prohibited practices and AI-literacy duties already apply. In Sweden the supervisory and market-surveillance authority has not yet been decided. The adaptations are being worked out in the public inquiry SOU 2025:101 (Anpassningar till AI-förordningen), and IMY (Integritetsskyddsmyndigheten), already the data protection authority, is the proposed and likely candidate, though no formal decision has been made.