EU AI Act Compliance Checklist
for AI SaaS Teams

A practical 10-step checklist to prepare for EU AI Act compliance. Not everything applies to every product — scan yours to find your specific gaps.

1

1. Risk Classification

Determine if your AI system falls under high-risk categories (Annex III)

HR tools, education assessment, health/bio-metric, credit scoring, and critical infrastructure are automatically high-risk. Other systems may be classified based on impact.

2

2. AI Disclosure

Add AI disclosure notice for users interacting with AI

Article 50 requires transparent disclosure when users interact with AI systems. This applies to chatbots, AI-generated content, and AI recommendations.

3

3. Model Inventory

Document all AI models and third-party providers

Maintain an inventory of every AI model you use, including provider, version, training data sources, and intended purpose.

4

4. Human Oversight

Implement human review for automated decisions

High-risk and fully automated systems require human oversight. Document who reviews, how often, and what criteria they use.

5

5. Data Governance

Document data flows and processing descriptions

Map what data feeds your AI model, where outputs go, and who has access. Include training data sources and processing purposes.

6

6. Audit Logging

Set up logging for AI decisions

Article 12 requires automatic logging of events during high-risk AI system operation. Log inputs, outputs, and decision rationale.

7

7. Transparency & Opt-Out

Provide opt-out mechanism for users

Users have the right to opt out of AI-driven decisions. This applies to profiling, recommendations, and automated decisions affecting individuals.

8

8. EU Representation

Designate EU representative if based outside EU

If your company is outside the EU but serves EU users, you must designate an authorized representative in an EU member state.

9

9. Conformity Assessment

Prepare technical documentation for high-risk systems

Annex IV requires a detailed technical file including system description, development methodology, training data, accuracy metrics, and risk management.

10

10. Post-Market Monitoring

Establish monitoring and incident reporting

Article 72 requires continuous monitoring of AI system performance, incident tracking, and reporting to authorities for serious incidents.

Not sure which items apply to your product?

Run a free AI Act readiness scan. We'll tell you exactly which documents you're missing and what to prioritize.

→ Scan my product — it's free2 minutes · No credit card