Readiness questions
Answer all 30 questions as honestly as possible. There are no right or wrong answers β this helps generate the most useful recommendations.
Have you identified all AI systems used in your organisation?
Weight: 3 β Critical requirement
Have you assessed whether any AI systems fall under prohibited uses (EU AI Act Annex I)?
Weight: 3 β Critical requirement
Have you classified your AI systems by risk level (high-risk, limited, minimal, unacceptable)?
Weight: 3 β Critical requirement
Have you checked if your AI systems are listed in Annex III (high-risk categories)?
Weight: 3 β Critical requirement
Is there a documented risk management system for AI throughout the full lifecycle?
Weight: 3 β Critical requirement
Are technical robustness and safety measures implemented for high-risk AI systems?
Weight: 3 β Critical requirement
Is adversarial testing or red-teaming conducted for high-risk AI systems?
Weight: 3 β Critical requirement
Are training, validation, and testing datasets documented and managed?
Weight: 3 β Critical requirement
Are data quality criteria defined (relevance, representativeness, completeness)?
Weight: 3 β Critical requirement
Are measures in place to detect and address bias in training data?
Weight: 3 β Critical requirement
Is technical documentation maintained for all high-risk AI systems?
Weight: 2 β Important requirement
Are logs automatically generated to enable traceability of AI outputs?
Weight: 2 β Important requirement
Are users informed when they are interacting with an AI system?
Weight: 2 β Important requirement
Is there a clear description of AI capabilities and limitations available to users?
Weight: 2 β Important requirement
Are human oversight measures designed into high-risk AI systems?
Weight: 3 β Critical requirement
Can operators effectively monitor AI system operation in real-time?
Weight: 3 β Critical requirement
Is there a clear process for human intervention or override of AI decisions?
Weight: 3 β Critical requirement
Are staff trained to understand AI system limitations and oversight responsibilities?
Weight: 3 β Critical requirement
Has a conformity assessment been conducted for high-risk AI systems?
Weight: 2 β Important requirement
Is there a EU Declaration of Conformity prepared for applicable systems?
Weight: 2 β Important requirement
Are CE marking requirements considered for applicable high-risk AI systems?
Weight: 2 β Important requirement
Are accuracy metrics defined and regularly monitored for AI systems?
Weight: 2 β Important requirement
Is the AI system tested against cybersecurity threats and adversarial attacks?
Weight: 2 β Important requirement
Are fallback mechanisms in place when AI system performance degrades?
Weight: 2 β Important requirement
Is there a post-market monitoring plan for all deployed AI systems?
Weight: 2 β Important requirement
Are serious incidents and near-misses reported to relevant authorities?
Weight: 2 β Important requirement
Is there a process for AI system updates, version control, and re-assessment?
Weight: 2 β Important requirement
Is there a designated AI compliance officer or responsible person for AI governance?
Weight: 2 β Important requirement
Are roles and responsibilities for AI governance clearly defined and documented?
Weight: 2 β Important requirement
Is there an internal AI ethics policy or code of conduct in place?
Weight: 2 β Important requirement
Results are generated instantly. Self-assessment only β not an audit.