Risk classification
Mapping of the organization's AI systems into the regulation's risk categories: unacceptable, high, limited, minimal. Verification of applicable exclusions.
Compliance · AI Act
Obligations for artificial intelligence systems and GPAI models.
Regulation (EU) 2024/1689. Harmonized European framework for artificial intelligence, based on a risk-tiered approach. Differentiated obligations for providers, deployers and other operators.
Context
Who it applies to
Providers of AI systems placed on the market or put into service in the Union, deployers of AI systems, importers, distributors and product manufacturers, regardless of their location. Staggered application: prohibitions from 2 February 2025, GPAI model obligations from 2 August 2025, full regime from 2 August 2026 for most obligations, from 2 August 2027 for high-risk systems embedded in regulated products.
What the assessment covers
What the assessment covers
High-risk system obligations
Risk management system, data governance, technical documentation, automatic logging, transparency, human oversight, accuracy and robustness, cybersecurity.
GPAI model obligations
Model technical documentation, information for deployers, copyright compliance, training data summary. Additional obligations for systemic-risk models.
Transparency obligations
Informing users of interaction with an AI system, labelling of generated or manipulated content.
Governance and accountability
Internal roles, training, human oversight, serious incident management, relationship with national authorities.
Coherence with other regulations
Intersection with GDPR (automated decisions), NIS2 (security), sectoral regulations (medical, financial).
Same method
Same methodology, applied to the specific regulation.
The methodology common to all certifications — the open-source platform, the documents delivered, the 0–5 maturity model, the work phases — is described once on the main Compliance page.
Have a deadline to face on this regulation?
We start with a scoping: classification of the organization, perimeter, responsible people, availability of existing evidence. From there the rest is sized.