Compliance Deadlines Approaching

EU AI Act
Compliance Hub

Everything you need to understand and comply with the EU AI Act. Guides, timelines, and practical resources.

Key Deadlines

Feb 2025

Prohibited Practices Banned

AI systems deemed unacceptable risk are banned across the EU

Aug 2026

High-Risk AI Compliance

Organizations must comply with requirements for high-risk AI systems

Aug 2027

Full Enforcement

All EU AI Act requirements in full effect, including obligations for all AI systems

View complete timeline

Risk Categories Explained

The EU AI Act classifies AI systems into four risk categories. Each category has different compliance requirements.

Unacceptable Risk

Prohibited entirely. AI systems that manipulate behavior, exploit vulnerabilities, or enable social scoring by governments.

Examples: Subliminal manipulation, biometric categorization for discrimination, real-time remote biometric identification (with limited exceptions)

High Risk

Strict requirements. AI in critical infrastructure, employment, essential services, law enforcement, or biometrics. Requires conformity assessment, human oversight, transparency.

Examples: CV screening tools, credit scoring, medical diagnosis systems, critical infrastructure management

Limited Risk

Transparency obligations. AI systems must disclose that users are interacting with AI. Chatbots, deepfakes, and emotion recognition systems.

Examples: Customer service chatbots, AI content generators, emotion detection tools

Minimal Risk

No specific obligations. The vast majority of AI systems fall here. Voluntary codes of conduct encouraged but not required.

Examples: Spam filters, inventory management, AI-enabled video games, recommendation engines

What This Means for Your Company

The first step to compliance is knowing what AI systems you're using and how they're classified.

1 You need a complete AI inventory

Before you can classify risk levels or ensure compliance, you need to know every AI tool in use across your organization — from ChatGPT subscriptions to embedded AI features in your software stack.

2 Risk classification is mandatory

Each AI system must be assessed against the EU AI Act's risk categories. High-risk systems have extensive compliance requirements including technical documentation, quality management, and human oversight.

3 Documentation requirements are extensive

You'll need to maintain records of AI system purposes, data sources, risk assessments, human oversight procedures, and incident responses. Authorities can audit these records at any time.

4 Penalties for non-compliance are significant

Fines can reach up to €35 million or 7% of global annual turnover (whichever is higher) for prohibited AI use. High-risk AI violations can cost up to €15 million or 3% of turnover.

How Armadillo Helps

Armadillo maps directly to EU AI Act requirements, giving you the foundation for compliance.

Complete AI Inventory

Requirement: Article 71 mandates that providers and deployers maintain documentation of AI systems.

→ Audit feature discovers all AI tools across your organization, from SaaS subscriptions to embedded AI features.

Risk Classification

Requirement: Articles 6-7 define risk categories and classification obligations.

→ Map feature automatically classifies AI systems by risk level based on EU AI Act definitions.

Human Oversight Logging

Requirement: Article 14 requires human oversight for high-risk AI systems.

→ Review feature logs when humans review AI decisions and outputs, creating an audit trail.

Change Monitoring

Requirement: Article 72 requires post-market monitoring of AI systems.

→ Watch feature alerts you to policy changes in AI tools, ensuring continuous compliance.

Shadow AI Detection

Requirement: You can't comply with what you don't know exists.

→ Detect feature identifies unapproved AI tool usage before it becomes a compliance gap.

Shareable Reports

Requirement: Documentation must be accessible to authorities and stakeholders.

→ Share feature generates compliance reports you can share with auditors, legal, or management.

Not a replacement for legal counsel. Armadillo provides the technical foundation for compliance — the inventory, classification, and monitoring infrastructure. You'll still need legal guidance for interpretation and full compliance strategy.

Start Your Free Audit