ActCheck

EU AI Act Checklist

Last reviewed: 2026-06-23

Short answer: A useful EU AI Act checklist helps teams answer four questions: what system is being assessed, what role they play, what risk signals exist, and what evidence is missing.

1. Define The AI System

Checklist itemEvidence
System nameProduct or internal system name.
OwnerProduct, engineering, legal, or business owner.
PurposeWhat the system is intended to do.
UsersEmployees, customers, consumers, candidates, admins.
InputsPrompts, files, customer data, logs, vendor data.
OutputsRecommendation, generated text, score, ranking, decision support.
Deployment statusPlanned, beta, live, internal-only, customer-facing.

2. Identify Your Role

Start with the provider vs deployer checklist to separate development, branding, third-party use, and operational control signals.

3. Screen Risk Signals

Use the risk classification checklist to organize purpose, affected users, output use, transparency, oversight, and sensitive-context evidence.

4. Organize Technical Documentation

Use the technical documentation template to assemble system purpose, data, controls, vendor evidence, logging, and change-management notes.

5. Check Privacy And Chatbot Evidence

If the system includes a chatbot or AI support flow, review the GDPR chatbot checklist for privacy notice, retention, vendor, cookie, and user-rights evidence.

6. Prepare A Review Packet

Packet itemOwner
AI system inventoryProduct or engineering.
Role notesProduct/legal.
Risk screening answersProduct/legal/compliance.
Vendor documentsOperations/security.
Privacy evidenceLegal/privacy.
UI disclosure screenshotsProduct/design.
Human oversight processOperations.
Gap listProject owner.

What This Checklist Does Not Cover

FAQ

What is the first thing to do for EU AI Act readiness?

Define the AI system being assessed: name, owner, purpose, users, inputs, outputs, and deployment status.

Is this checklist enough for high-risk AI?

No. It is a starting checklist for evidence readiness and review preparation, not a full high-risk assessment.

How often should we re-check?

Re-check after material changes to the model, vendor, purpose, user group, data flow, oversight process, or UI disclosure.

Choose your role and start a readiness check

Use the existing ActCheck assessment flow from the homepage.

ActCheck provides informational self-assessment and evidence-readiness support. It does not provide legal advice, legal review, compliance certification, lawyer services, or a guarantee of compliance.

Related Pages

Official Sources