EU AI Act Readiness Assessment

📋

Ready to assess your compliance posture?

This assessment covers the key provisions of the EU AI Act applicable to regulated-industry deployments: Articles 9, 13, 14, 15, 16–17, and Annex III.

① Answer 12 questions about your AI deployment

② Get instant article-by-article gap analysis

③ Receive your PDF report by email immediately

Question 1 of 12

What is your primary industry vertical?

Select the category that best describes your organization's regulated activities.

Legal Services

Law firms, legal tech, e-discovery, contract review

Financial Services

Banking, investment, trading, financial compliance

Healthcare

Clinical decision support, diagnostics, medical records

Insurance

Underwriting, claims adjudication, fraud detection

Other Regulated Industry

Energy, telecoms, public sector, or other regulated sector

Question 2 of 12

What is your primary AI use case?

The use case determines which Annex III categories apply to your deployment.

Legal Research

Case law analysis, statute interpretation

Contract Review

Clause extraction, risk flagging, redlining

Claims Adjudication

Insurance claim processing and decisioning

Discovery / eDiscovery

Document review, relevance classification

Compliance Monitoring

Regulatory surveillance, AML, KYC

Other AI Use Case

Something not listed above

Question 3 of 12

Does your organization operate within the EU?

The EU AI Act applies to any AI system deployed in the EU, regardless of where the provider is incorporated.

Yes — we have EU operations

Customers, employees, or data subjects in EU member states

No — no current EU presence

All operations outside the EU at this time

Pending — EU expansion planned

EU operations are on the roadmap within 12–24 months

Question 4 of 12

How is your AI model deployed?

Deployment architecture affects conformity assessment obligations and traceability requirements.

Third-party API only

Using OpenAI, Anthropic, or similar via API — no fine-tuning

Fine-tuned proprietary model

We fine-tune or train models on our own data

Multi-agent pipeline

Multiple AI models or agents in a workflow, possibly with tool use

Unsure / in evaluation

Architecture not yet finalized

Question 5 of 12

Have you self-assessed your system as high-risk under Annex III?

Annex III lists specific high-risk categories including: employment decisions, access to essential services, law enforcement, and administration of justice.

Yes — we believe we are high-risk

Our system falls within one or more Annex III categories

No — we do not believe we are high-risk

Our use case does not appear in Annex III

Unsure — we haven't assessed this formally

We have not conducted a formal Annex III classification exercise

Question 6 of 12

How do you currently verify AI outputs before they reach end users?

Output verification is central to Articles 9 and 14 of the EU AI Act for high-risk systems.

None — outputs go directly to users

No systematic review before AI outputs are acted upon

Human review only

A human reviews AI outputs before they are used in decisions

Single-model self-check

The same AI model verifies its own outputs (LLM-as-judge)

Multi-agent verification

An independent secondary model reviews outputs before delivery

Question 7 of 12

How do you log AI-generated outputs and errors?

Articles 16 and 17 require high-risk AI providers to keep detailed technical documentation and event logs.

No logs — we don't capture AI output history

AI responses are not systematically stored

Application-level logs

Outputs are logged but logs are mutable and not purpose-built for audit

Immutable audit trail

WORM-compliant logging with tamper-evident records of every AI output and decision

Question 8 of 12

How do you ground AI outputs in source material?

Source grounding is critical for Article 15 accuracy and robustness requirements, and for professional liability in legal and financial contexts.

None — no source grounding

AI outputs are not linked to source documents

Inline citations

AI outputs reference sources but without cryptographic verification

Cryptographic grounding evidence

Each citation is cryptographically hashed and verifiable at time of retrieval

Question 9 of 12

How frequently do you conduct adversarial testing of your AI system?

Article 9 requires a systematic risk management process including testing for foreseeable misuse and adversarial conditions.

Never

No formal adversarial or red-team testing

Ad-hoc

Informal testing without a defined cadence

Scheduled

Regular testing on a defined quarterly/annual cycle

Continuous

Automated regression and adversarial tests on every deployment

Question 10 of 12

What is your Article 14 human oversight model?

Article 14 requires that high-risk AI systems allow humans to effectively oversee the system and intervene in its operation during its use period.

None — AI decisions are fully automated

No human review is required before AI outputs are acted upon

Sample-based — spot checks on a subset

A percentage of AI outputs are reviewed by humans

Per-decision — every output reviewed

A qualified human reviews every AI output before it affects a decision

Question 11 of 12

What Article 13 transparency disclosures do you currently provide?

Article 13 requires high-risk AI systems to be transparent so deployers understand capabilities, limitations, and appropriate use.

None — no AI disclosures in place

Users are not informed they are interacting with AI outputs

Partial — basic disclosure only

General AI disclosure exists but lacks specificity on limitations, data, or intended use

Full — comprehensive disclosures

Full disclosure: AI nature, training data, accuracy limitations, intended use, human oversight model

Question 12 of 12 — Final step

Where should we send your compliance report?

Your personalized PDF report will be emailed immediately. We will not share your contact details with third parties.

Work email *

Your role *

Organization name *

Something went wrong. Please try again or contact us at compliance@octomind-9fce.polsia.app

✉️

Your report is on its way

We've generated your personalized EU AI Act compliance gap report and sent it to your email. Check your inbox — it should arrive within 60 seconds.

Download PDF Report

Ready to close these gaps with a Sturna pilot?

Book a 30-minute discovery call →

Is your AI deployment EU AI Act ready?