The EU AI Act
Self-Assessment Toolkit
Full legal text, plain-English guides, and compliance tools for the EU AI Act and Cyber Resilience Act — produce a complete evidence package for self-assessment under Art. 43(2) and CRA Annex VIII.
Built for SMEs under 250 staff. Proportionate, plain-English, and no notified body required for most systems.
Or start a guided compliance flow if you already know your risk level.
Time until Annex III high-risk enforcement (provisionally 2 Dec 2027 — Omnibus deal)
00
days
00
hrs
00
min
00
sec
Still on track for 2 August 2026, NOT delayed by the Omnibus: Art. 50 transparency duties — chatbot disclosure, deepfake disclosure by deployers, emotion recognition and biometric categorisation notification. Already live: Art. 4 AI literacy (Feb 2025), Art. 5 prohibitions (Feb 2025), Chapter V GPAI obligations (Aug 2025).
Provisional Digital Omnibus deal — high-risk deadlines shifted
On 7 May 2026, the Council of the EU and the European Parliament reached provisional political agreement on the Digital Omnibus on AI. Key shifts:
- Annex III high-risk obligations: 2 August 2026 → 2 December 2027
- Annex I product-embedded high-risk: 2 August 2027 → 2 August 2028
- New Art. 5 prohibition on AI generating child sexual abuse material or non-consensual intimate imagery: 2 December 2026
- Art. 50(2) machine-readable watermarking ONLY: 2 August 2026 → 2 December 2026
- Member State AI sandboxes: 2 August 2026 → 2 August 2027
What is NOT delayed by the Omnibus — still live on the original dates:
- Art. 4 AI literacy — in force since 2 February 2025 (all organisations)
- Art. 5 existing prohibitions — in force since 2 February 2025
- Chapter V GPAI obligations — in force since 2 August 2025
- Art. 50 transparency duties (chatbot disclosure 50(1), emotion recognition / biometric categorisation 50(3), deepfake disclosure 50(4), public-interest disclosure 50(5)) — still 2 August 2026. Only the machine-readable watermarking limb (50(2)) was shifted.
If you deploy a chatbot, a deepfake-generation tool, an emotion-recognition system or a biometric categoriser — your 2 August 2026 deadline is unchanged, even if your underlying AI is "minimal risk".
The Omnibus agreement is provisional. Formal adoption by Council and Parliament is expected before 2 August 2026. If formal adoption fails, the original Regulation (EU) 2024/1689 dates apply across the board.
See regulatory updates for full source citations.
Complete legislation coverage
Full statutory text of every regulation — with plain-English explanations and obligation checklists on every page.
EU AI Act
PRIMARYReg. EU 2024/1689
Full text of all articles and annexes. Risk classification, high-risk obligations, GPAI rules, penalties, and the complete enforcement timeline.
Read guide
Cyber Resilience Act
Jun 2026Reg. EU 2024/2847
Free CRA Checker, SBOM Audit, CVD Policy Builder, and a 6-stage readiness flow for manufacturers of products with digital elements. Class I/II notifications from Jun 2026.
Read guide
Product Liability Directive
Dec 2026Dir. EU 2024/2853
Software and AI now explicitly covered. Reversed burden of proof. Who is liable when an AI system causes damage? Transposition: Dec 2026.
Read guide
GDPR Intersections
In forceReg. EU 2016/679
Articles 5, 13, 14, 22, 35, 36 — automated decision-making, data subject rights, DPIAs, and the interplay with AI Act requirements.
Read guide
Free tools
Start using these immediately — no account required (except Deadline Tracker).
Risk Classifier
FreeStep-by-step decision flowchart to determine your AI system's risk level. Each question references the relevant article.
< 3 min
Timeline Calculator
FreeAll EU AI Act enforcement deadlines in one visual timeline. Filter by your AI system type to see which dates apply.
Instant
Checklist Builder
FreeGenerate a personalised compliance checklist mapped to the articles that apply to your AI system type.
2 min
Deadline Tracker
Free accountTrack all your AI systems and their personalised compliance deadlines. Requires a free account.
Ongoing
Penalty Calculator
FreeCalculate the maximum fine for any EU AI Act, CRA, or GDPR violation based on violation type and company revenue.
< 1 min
Deployer Checker
FreeCheck your Art. 26 deployer obligations for any high-risk AI system — human oversight, DPIA, employee notification.
3 min
CRA Checker
FreeDetermine your Cyber Resilience Act product classification and obligations. Critical products vs standard requirements.
3 min
SMEs and corporate teams — using a third-party AI does not exempt you
Using Claude, ChatGPT, Gemini, Copilot, Mistral, Llama, or any third-party AI tool inside your product or business workflow? You are likely a deployer under Art. 26.
The AI vendor (Anthropic, OpenAI, Google, Microsoft, Meta, Mistral, etc.) takes the Art. 16 provider obligations for the underlying model. The duty to operate the system safely in your business context is yours as a deployer under Art. 26 — including:
- Designating and training a human overseer (Art. 26(2))
- Ensuring input data is relevant and representative for your context (Art. 26(4))
- Monitoring system operation and reporting serious incidents to the provider (Art. 26(5)–(6))
- Informing affected workers, customers or citizens about the AI's role in decisions (Art. 26(7), Art. 26(11))
- Conducting a Fundamental Rights Impact Assessment if you are a public body or in Annex III 5(b)/(c) (Art. 27)
- Registering as a deployer in the EU database where you are a public body (Art. 49(2))
- Maintaining automatically generated logs for at least six months (Art. 26(6))
Compliance templates
Professional documents that satisfy EU AI Act requirements. Buy once, use forever.
Annex IV Technical File
Complete template for your mandatory technical documentation. All 8 Annex IV sections with guidance notes.
€149
one-time · all updates included
Risk Assessment Workbook
Structured Excel workbook for risk identification, scoring, mitigation tracking, and sign-off.
€99
one-time · all updates included
Best valueComplete Bundle
All three compliance templates at a significant discount — everything for your compliance programme.
€299
one-time · all updates included
Real-world compliance examples
Worked case studies showing how different AI systems are classified and what compliance looks like in practice.
Why AIAuditRef
Built specifically for the EU AI Act — not a generic compliance tool.
Full statutory text
Every article, every annex — the actual legal text alongside plain-English explanations on the same page.
Article-linked tools
Every tool shows which article it addresses. Every product template maps to specific compliance obligations.
Enforcement-focused
Built around the real enforcement timeline — including the Digital Omnibus shift of Annex III high-risk to 2 December 2027, while keeping AI literacy, prohibitions, transparency and GPAI obligations on their live dates.
Provider & deployer split
Obligations differ for AI system providers vs deployers. AIAuditRef keeps them clearly separated.
Multi-regulation view
EU AI Act alone isn't enough. CRA, GDPR, Product Liability, and AI Liability all intersect — we cover them all.
Not legal advice
We're a reference and tooling platform. We always remind you to engage qualified legal counsel for your specific situation.
Start your compliance journey today
Free risk classification. Free enforcement timeline. Free compliance checklist. No credit card required.