Sample report
AI Act Readiness Report
⚡ Demo — generated for previewRISK: HIGH
AI feature: "AI recruiting tool that analyzes candidate CVs and resumes, then ranks them by fit-score. Recruiters upload job descriptions and our AI model scores applicants automatically."
▸ 1. Risk Category Assessment
Annex III.4 — Employment / HREmployment / HR signal detected (Annex III.4)Sensitive personal data processing — GDPR Art. 9 intersectionFully automated decision-making — human oversight requiredB2C deployment — enhanced transparency obligations (Art. 50)
▸ 2. Missing Documentation Checklist
- ✕AI disclosure notice for users
- ✕Model / vendor inventory
- ✕Human oversight process
- ✓Data processing description
- ✕Audit logging for AI decisions
- ✓Privacy policy AI section
- ✕Opt-out mechanism for users
- ✕Bias / fairness evaluation
- ✕EU representative designation
- ✕Conformity assessment documentation
7 out of 10 documents are missing — typical for early-stage AI SaaS.
▸ 3. Questions for Your Lawyer
Does our AI system for candidate evaluation qualify as high-risk under Annex III.4 (Employment)?Are we required to register our AI system in the EU database before deployment?Is human review of AI recommendations sufficient, or do we need full human-in-the-loop?What additional data governance obligations apply given we process sensitive personal data?Does fully automated decision-making trigger additional user rights under Article 22 GDPR?What documentation should we request from our model provider to satisfy deployer obligations under Article 13?
▸ 4. Recommended Next Steps
- → Run a detailed legal compliance review within 30 days
- → Prepare conformity assessment documentation (Annex IV technical file)
- → Register your AI system in the EU database before market placement
- → Add AI disclosure notice to your website and product UI (Article 50)
- → Document data flow: what data feeds the AI, where output goes, who reviews it
- → Implement human review step before AI decisions are finalized
- → Set up audit logging for all AI-generated decisions (Article 12)
- → Review GDPR compliance for AI decision-making with personal data
- → Review your Data Processing Agreement (DPA) with your model provider
- → Establish a risk management process (Article 9)
- → Set up post-market monitoring (Article 72)
- → Book a 1-hour consultation with a qualified legal advisor
- → Re-scan every 6 months or when you add major AI features
Ready to scan your product?
Get your personalized report in 2 minutes. No credit card required.
→ Scan my product for free