Skip to content
Free tool

EU AI Act Risk Check

Answer ten plain questions about what your business does and see which of the Act's four risk levels you hit, with the real deadlines for each. About five minutes. Informational only, not legal advice.

Check where your business falls under the EU AI Act.

Ten plain-language questions about what your business does. No regulatory vocabulary, no technical detail needed. About five minutes. You see which of the four risk levels you hit for free, and you can trade an email for the full tailored report.

This tool is informational only and is not legal advice. It gives a directional read, not a compliance determination.

Reference

The four EU AI Act risk levels and their deadlines.

The Act sorts AI uses into four levels. Obligations and deadlines differ sharply by level, and most businesses hit more of them than they expect.

Prohibited Practices

In force since February 2, 2025

AI uses the EU has banned outright, like social scoring or real-time public face recognition. Already enforceable, with the largest penalty in the Act.

Up to 35M euros or 7% of global turnover.

High-Risk

December 2, 2027

AI that helps make consequential decisions about people: hiring, credit, essential services, education. Carries the heaviest ongoing obligations: risk management, documentation, human oversight, and a conformity assessment before go-live.

Up to 15M euros or 3% of global turnover.

Transparency

August 2, 2026

If AI talks to your customers or generates content you publish, people must be told. Near-term: this deadline did not move when high-risk did. Content watermarking for systems already on the market gets until December 2, 2026.

Up to 15M euros or 3% of global turnover.

Limited / General Use

Baseline expectations, ongoing

Using AI at all carries baseline transparency and good-governance expectations, and the rest of the Act reaches further into your operations than most teams assume.

Governance expectations rather than a dedicated fine tier.

What good looks like

Four steps from exposure to readiness.

Compliance is an operational discipline, not a legal filing. The path is sequential, and most companies have not started.

  1. Step 1 · ATOM: Assess

    Inventory

    Find every AI system: built in-house, bought from a vendor, or buried inside a tool you already pay for. You cannot govern what you have not mapped.

  2. Step 2 · ATOM: Tailor

    Classify

    Sort each system into its risk tier and confirm whether you are the provider or the deployer for it. This step decides every obligation that follows.

  3. Step 3 · ATOM: Orchestrate

    Operationalize

    Stand up the governance the classification demands: documentation, human oversight, and monitoring. The controls that make compliance real instead of a slide.

  4. Step 4 · ATOM: Modernize

    Monitor

    Keep it current. New systems ship, vendors change, and the rules keep moving. Compliance is a running state, not a one-time filing.

EU AI Act questions, answered plainly.

Does the EU AI Act apply to companies outside the EU?

Very likely, yes. The Act reaches any company whose AI touches people in the EU, wherever that company is headquartered. A US, UK, or Asia-based firm with EU customers, EU users, or EU-facing AI is in scope. Where you are incorporated is not the test. Where your AI lands is the test.

What are the EU AI Act deadlines in 2026 and 2027?

Prohibited practices have been banned and enforceable since February 2, 2025. Transparency obligations apply from August 2, 2026, and that date did not move when the high-risk deadline was delayed. Machine-readable marking of AI-generated content applies from August 2, 2026 for new systems, with systems already on the market getting until December 2, 2026. High-risk obligations were delayed to December 2, 2027.

What counts as high-risk AI under the Act?

Broadly, AI that helps make consequential decisions about people: hiring and employee management, credit and insurance decisions, access to essential services, education decisions, and biometric identification. High-risk systems require risk management, documentation, human oversight, and a conformity assessment before going live.

How large are EU AI Act fines?

Up to 35 million euros or 7% of global annual turnover for prohibited practices, up to 15 million euros or 3% for high-risk and transparency failures, and up to 7.5 million euros or 1% for giving regulators incorrect information. Smaller companies pay the lower of the two figures rather than the higher. For comparison, GDPR caps at 20 million euros or 4%.

What is the difference between a provider and a deployer?

A provider builds an AI system or substantially modifies one and puts it into use; providers carry the heavy obligations like technical documentation, conformity assessment, and registration. A deployer uses AI that others built; deployers must use the system as intended, keep a human in the loop, and monitor it. Heavy customization or fine-tuning can quietly move a business from deployer to provider.

Is this tool legal advice?

No. The Risk Check gives a directional, informational read based on your answers. It is not a compliance determination and not legal advice. For the legal call, talk to qualified counsel. AtomDigit is the engineering and operational partner that makes compliance real in the systems.