EU AI Act readiness,made practical.
Find your AI systems, classify them, see exactly where you’re not ready, and produce the documentation — in plain language, without a consulting retainer.
An AI system inventory, a 30-item gap assessment with a dashboard, a cross-framework control register (EU AI Act / ISO 42001 / NIST AI RMF), and the templates you’ll need. Editable Excel and Word — honest about its limits: a working aid, not legal advice.
The Act is here in phases — and most teams aren’t ready.
Prohibited practices and general-purpose AI rules are already in force. High-risk deadlines were deferred to 2027–2028, but that’s a reprieve, not a reason to stand down — the hard part isn’t the paperwork, it’s finding and classifying every AI system you actually use.
The honest version of readiness: a gap assessment that tells you where you fall short — not a green dashboard you didn’t earn.
AI has crept into tools across the business. You can't classify what you can't see, and the inventory is slow if you start late.
Most AI risk enters through models and features you didn't build — and the duties still flow to you.
A readiness engagement runs into the thousands. This kit gives you the structure to do the groundwork yourself.
Classify a system in 60 seconds.
Answer a few questions about one AI system and see its likely risk tier and which obligations apply — a small taste of the classification method inside the kit. (A guided heuristic for orientation only, not a legal classification.)
EU AI Act Risk Classifier
Answer for one AI system. Yes / No each.
1. Does it do any banned practice?
e.g. manipulate behavior to cause harm, social scoring, scrape faces to build a database, infer emotions at work or school, untargeted biometric surveillance.
2. Is it used in a sensitive (Annex III) area?
Hiring/HR, credit or insurance, education/exams, essential public or private services, law enforcement, biometrics, critical infrastructure, migration, or justice.
3. Is it a safety component of a regulated product?
e.g. medical device, machinery, vehicle, or other product under EU safety law (Annex I).
4. Does it talk to people or generate/edit content?
Chatbots, or AI-generated or manipulated text, images, audio, or video.
5. Do you provide a general-purpose AI model to others?
You develop or place a general-purpose AI model on the market (the GPAI track).
Built around the four risk tiers, plus GPAI.
Banned practices (Art. 5) — in force since Feb 2025.
Annex III uses / product safety components — the full obligation set.
Chatbots & generated content — transparency duties (Art. 50).
Everything else — no specific obligations.
General-purpose AI model providers (Arts. 51–56) — since Aug 2025.
Everything to inventory, assess, and document.
Log every system and feature, classify it, and see counts by risk tier. The backbone.
A 30-item obligation checklist by tier with a dashboard that surfaces your gaps.
Maps EU AI Act ↔ ISO/IEC 42001 ↔ NIST AI RMF so one control set serves all three.
Plain-language method, decision steps, Annex III areas, and a worked example.
Structured to support a Fundamental Rights Impact Assessment (Article 27).
A maintained technical summary per system (Articles 11–15).
A questionnaire to assess third-party AI — the common blind spot.
A sensible order to work in.
List every AI system and notable feature — including the vendor tools buried in software you already use.
Set each system's tier and your role (provider / deployer / both) using the guide, and record the reasoning.
Work the readiness assessment; the dashboard shows your score and, more usefully, your gaps.
Complete system cards and impact assessments for high-risk systems; run the vendor questionnaire on third-party AI.
What this is — and isn’t.
This kit is a practical working aid — not legal advice, a conformity assessment, or a certification. Using it does not by itself make you compliant, and a classification you reach with it is a working judgment, not a legal determination.
- The readiness assessment is a self-assessment aid that shows your gaps — it isn't an audit.
- The timeline is shifting (the May 2026 Digital Omnibus deferred high-risk dates, pending adoption) — re-verify current dates for your situation.
- Cross-framework mappings are indicative aids to reduce duplication, not official crosswalks.
- For borderline or high-risk classifications, and anywhere a conformity assessment or registration may be required, bring in qualified counsel and any required notified body.
Anyone who needs a grip on their AI systems.
SMBs using or selling AI
Get a grip on your AI systems without hiring a compliance team.
Compliance & operations leads
Stand up an inventory, a gap view, and a documentation set you can point to.
Exporters & EU-facing vendors
Answer the AI Act questions your customers and contracts are starting to ask.
Consultants & agencies
A brandable, repeatable readiness toolkit to run for clients.
Completes a governance starter — the policy, the people, and the systems:
AI Acceptable Use Policy Builder
$69The policy. A tailored AI Acceptable Use Policy plus a tool register and data matrix — the internal rules that govern how your team uses AI.
AI Literacy & Workforce Training Kit
$199The people. A turnkey, role-based training program built to evidence EU AI Act Article 4 — train the habits that keep AI use safe and accurate.
The questions teams ask before starting.
A set of editable working tools that walk a non-specialist team through EU AI Act readiness: inventory your AI systems, classify each into the right risk tier, run a gap assessment, and produce the documentation (impact assessment/FRIA, system cards, vendor reviews) that regulators and customers ask for.
No tool can do that. This kit is a practical working aid — not legal advice, a conformity assessment, or a certification. It helps you organize the work, find gaps, and prepare documentation in good faith. Confirm your obligations and any borderline classification with qualified counsel.
Some high-risk deadlines were deferred by the May 2026 Digital Omnibus — standalone Annex III obligations move to 2 December 2027 and product-embedded Annex I obligations to 2 August 2028 — but as of writing that change is pending formal adoption, so the original dates technically stand until it's published. Prohibited practices (since Feb 2025) and GPAI rules (since Aug 2025) are already in force, and the four-tier structure is unchanged. The slow part — finding and classifying every system — is worth starting now.
Small and mid-sized businesses, compliance and operations leads, consultants serving clients, and any organization that builds, deploys, sells into, or exports to the EU and needs to get a grip on its AI systems.
Three spreadsheets (AI system inventory, a 30-item readiness/gap assessment with dashboard, and a cross-framework control register mapping EU AI Act ↔ ISO/IEC 42001 ↔ NIST AI RMF) and four Word templates (risk-classification guide, AI impact assessment/FRIA, AI system card, and a vendor/third-party AI risk assessment).
No. It's written in plain language with a step-by-step order: inventory, classify, assess gaps, document the high-risk systems, check vendors. You'll know where you stand and what to prioritize — and where to bring in counsel.
The cross-framework control register maps shared controls so one effort can serve all three. The mappings are indicative working aids to reduce duplication, not official crosswalks.
They form a governance starter, each doing a different job. The AI Acceptable Use Policy Builder ($69) writes the internal rules. The AI Literacy & Workforce Training Kit ($199) trains staff (EU AI Act Article 4). This Readiness Kit ($249) inventories and classifies your AI systems and produces the readiness documentation. Run all three and you've covered the policy, the people, and the systems — bring in counsel for the legal determinations.
Get a grip on the EU AI Act this quarter.
Inventory, classify, find your gaps, and document — without the consulting bill. One-time $249, editable and yours to reuse.
A working aid, not legal advice or a conformity assessment · Sold by RedHub AI LLC · Secured by Stripe · redhub.ai