The EU AI Act is here — a practical checklist for enterprises
The EU AI Act is no longer a future problem. If you operate AI in the EU, the question is not whether it applies, but which tier your systems fall into — and what that obliges you to do.
Start with classification
Most enterprise AI is limited or high risk. The obligations differ sharply:
| Risk tier | Typical examples | What's required |
|---|---|---|
| High | Hiring, credit scoring | Risk management, documentation, human oversight, logging |
| Limited | Customer chatbots | Transparency / disclosure to users |
| Minimal | Spam filters | None |
Classify every system early. A use case that looks harmless can land in high risk the moment it touches employment or creditworthiness.
Build the controls in, not on
The Act rewards teams that designed for it: technical documentation, audit logs, and human-oversight controls are far cheaper to build during development than to retrofit under a deadline.
This is exactly what our Data & Compliance practice does — map each system to a tier and a concrete checklist before it becomes a launch blocker.
Not legal advice — we deliver the technical controls; pair us with your counsel for binding interpretation.