EU AI Act Readiness

EU AI Act Readiness:
A 12-Point Checklist for High-Risk AI Systems

A step-by-step compliance guide for Annex III high-risk AI systems under Regulation (EU) 2024/1689. Covers Articles 9-17 with governance mapping and remediation guidance.

Annex III enforcement: December 2, 2027 — about 18 months to prepare.
12 Checklist Items Articles 9-17 Annex III Free Guide
Take the Interactive Assessment → Jump to Checklist

The 12-Point EU AI Act Readiness Checklist

1

Risk Management System

Establish a continuous, iterative risk management process for your AI system. Identify, evaluate, and mitigate risks to health, safety, and fundamental rights throughout the system lifecycle. Document the process and maintain it as the system evolves.

Article 9
2

Data Governance & Training Data Quality

Implement data governance practices for training, validation, and testing datasets. Ensure data relevance, representativeness, and freedom from errors. Address gaps with suitable data collection or processing techniques. Document data provenance and quality measures.

Article 10
3

Technical Documentation

Prepare comprehensive technical documentation before placing the system on the market. Include system architecture, design choices, development processes, performance characteristics, and known limitations. Documentation must be sufficient for authorities to assess compliance.

Article 11
4

Record-Keeping & Log Retention

Maintain automatic logs of the AI system's operation throughout its lifecycle. Records must be kept for a period appropriate to the system's purpose (typically the lifetime of the system plus a reasonable period). Logs must be retrievable upon request by market surveillance authorities.

Article 12
5

Transparency & User Information

Provide clear, concise, and accessible information to deployers. Include system capabilities, limitations, expected performance, known risks, and conditions of use. Make users aware they are interacting with an AI system. Provide instructions for interpreting and using outputs correctly.

Article 13
6

Human Oversight Design

Design the system to enable effective human oversight by natural persons. Include measures to facilitate proper interpretation of outputs, decide not to use the system in specific situations, and intervene on operation. Ensure oversight persons have appropriate competence, authority, and resources.

Article 14
7

Accuracy, Robustness & Cybersecurity

Achieve appropriate levels of accuracy for the system's intended purpose. Ensure robustness against errors, faults, and inconsistencies. Implement resilience against attempts by unauthorized third parties to alter system behavior. Test and validate accuracy metrics under expected conditions.

Article 15
8

Conformity Assessment

Undergo a conformity assessment before placing the system on the market or putting it into service. Options include internal assessment, third-party assessment by a notified body, or adherence to common specifications. Maintain EU declaration of conformity and CE marking.

Article 43
9

Quality Management System

Establish a quality management system covering strategy, risk management, technical documentation, data governance, post-market monitoring, and incident reporting. Document procedures and ensure they are understood and applied consistently across the organization.

Article 17
10

Post-Market Monitoring System

Implement a system to actively and systematically collect, document, and analyze data on the performance of the AI system after placement on the market. Use this data to evaluate continuous compliance, identify emerging risks, and trigger corrective actions when necessary.

Article 61
11

Incident Reporting & Corrective Actions

Establish procedures for reporting serious incidents and malfunctioning to market surveillance authorities. Report within required timeframes. Take immediate corrective actions to bring the system into compliance or withdraw it from the market if necessary.

Article 62
12

Fundamental Rights Impact Assessment

Conduct a fundamental rights impact assessment before deploying the system. Identify potential adverse impacts on fundamental rights, including privacy, non-discrimination, and freedom of expression. Implement measures to mitigate identified risks and document the assessment process.

Article 27

Map These 12 Points to Your System

HUMMBL provides open-source governance primitives designed for EU AI Act compliance. Kill switches for emergency halt, circuit breakers for failure isolation, delegation tokens for runtime attribution, and append-only audit logs for evidence preservation. All Python stdlib-only.

Take the Interactive Assessment → Explore Primitives

Frequently Asked Questions

What is EU AI Act readiness?

EU AI Act readiness means your AI system meets the requirements of Regulation (EU) 2024/1689 before enforcement deadlines. For Annex III high-risk systems, this includes risk management, data governance, technical documentation, human oversight, accuracy testing, and post-market monitoring.

When does the EU AI Act take effect?

The EU AI Act entered into force on August 1, 2024. Annex III obligations for high-risk AI systems become enforceable on December 2, 2027. Prohibited practices are already banned from February 2, 2025.

Does my AI system qualify as high-risk under Annex III?

Annex III covers AI systems used in critical infrastructure, education, employment, essential services, law enforcement, migration, and administration of justice. If your AI system makes or substantially influences decisions in these areas, it likely qualifies as high-risk.

What are the penalties for non-compliance?

Penalties vary by violation category: prohibited practices can reach €35M or 7% of global annual turnover, while high-risk non-compliance can reach €15M or 3% of global annual turnover.

How does HUMMBL help with EU AI Act compliance?

HUMMBL provides open-source governance primitives: kill switches for emergency halt, circuit breakers for failure isolation, delegation tokens for runtime attribution, and append-only audit logs for evidence preservation. All are Python stdlib-only, designed for EU AI Act Articles 9-17.

What is the difference between this checklist and the interactive assessment?

This checklist is a static reference guide covering all 12 compliance points. The interactive assessment asks questions, scores your readiness, and generates a personalized gap analysis with remediation recommendations.