AI governance · compliance readiness

EU AI Act readiness,made practical.

Find your AI systems, classify them, see exactly where you’re not ready, and produce the documentation — in plain language, without a consulting retainer.

An AI system inventory, a 30-item gap assessment with a dashboard, a cross-framework control register (EU AI Act / ISO 42001 / NIST AI RMF), and the templates you’ll need. Editable Excel and Word — honest about its limits: a working aid, not legal advice.

Get the Kit — $249one-time · instant download · editable XLSX / DOCX · not legal advice
What’s in the kit
AI System Inventory
Readiness Assessment
Cross-Framework Register
Risk-Classification Guide
Impact Assessment / FRIA
AI System Card
Vendor AI Risk Assessment
Inventory · classify · assess · document
EU AI Act ↔ ISO 42001 ↔ NIST AI RMF
01.Where Teams Stand

The Act is here in phases — and most teams aren’t ready.

Prohibited practices and general-purpose AI rules are already in force. High-risk deadlines were deferred to 2027–2028, but that’s a reprieve, not a reason to stand down — the hard part isn’t the paperwork, it’s finding and classifying every AI system you actually use.

The honest version of readiness: a gap assessment that tells you where you fall short — not a green dashboard you didn’t earn.

Can't see it

AI has crept into tools across the business. You can't classify what you can't see, and the inventory is slow if you start late.

Vendor blind spot

Most AI risk enters through models and features you didn't build — and the duties still flow to you.

Consulting is costly

A readiness engagement runs into the thousands. This kit gives you the structure to do the groundwork yourself.

02.Classify A System

Classify a system in 60 seconds.

Answer a few questions about one AI system and see its likely risk tier and which obligations apply — a small taste of the classification method inside the kit. (A guided heuristic for orientation only, not a legal classification.)

EU AI Act Risk Classifier

Answer for one AI system. Yes / No each.

1. Does it do any banned practice?

e.g. manipulate behavior to cause harm, social scoring, scrape faces to build a database, infer emotions at work or school, untargeted biometric surveillance.

2. Is it used in a sensitive (Annex III) area?

Hiring/HR, credit or insurance, education/exams, essential public or private services, law enforcement, biometrics, critical infrastructure, migration, or justice.

3. Is it a safety component of a regulated product?

e.g. medical device, machinery, vehicle, or other product under EU safety law (Annex I).

4. Does it talk to people or generate/edit content?

Chatbots, or AI-generated or manipulated text, images, audio, or video.

5. Do you provide a general-purpose AI model to others?

You develop or place a general-purpose AI model on the market (the GPAI track).

03.The Structure

Built around the four risk tiers, plus GPAI.

Prohibited

Banned practices (Art. 5) — in force since Feb 2025.

High risk

Annex III uses / product safety components — the full obligation set.

Limited risk

Chatbots & generated content — transparency duties (Art. 50).

Minimal risk

Everything else — no specific obligations.

GPAI track

General-purpose AI model providers (Arts. 51–56) — since Aug 2025.

04.What's Inside

Everything to inventory, assess, and document.

AI System Inventory

Log every system and feature, classify it, and see counts by risk tier. The backbone.

Readiness Assessment

A 30-item obligation checklist by tier with a dashboard that surfaces your gaps.

Cross-Framework Register

Maps EU AI Act ↔ ISO/IEC 42001 ↔ NIST AI RMF so one control set serves all three.

Risk-Classification Guide

Plain-language method, decision steps, Annex III areas, and a worked example.

Impact Assessment / FRIA

Structured to support a Fundamental Rights Impact Assessment (Article 27).

AI System Card

A maintained technical summary per system (Articles 11–15).

Vendor AI Risk Assessment

A questionnaire to assess third-party AI — the common blind spot.

05.How It Works

A sensible order to work in.

1
Inventory

List every AI system and notable feature — including the vendor tools buried in software you already use.

2
Classify

Set each system's tier and your role (provider / deployer / both) using the guide, and record the reasoning.

3
Assess gaps

Work the readiness assessment; the dashboard shows your score and, more usefully, your gaps.

4
Document & check vendors

Complete system cards and impact assessments for high-risk systems; run the vendor questionnaire on third-party AI.

06.Straight Talk

What this is — and isn’t.

This kit is a practical working aid — not legal advice, a conformity assessment, or a certification. Using it does not by itself make you compliant, and a classification you reach with it is a working judgment, not a legal determination.

  • The readiness assessment is a self-assessment aid that shows your gaps — it isn't an audit.
  • The timeline is shifting (the May 2026 Digital Omnibus deferred high-risk dates, pending adoption) — re-verify current dates for your situation.
  • Cross-framework mappings are indicative aids to reduce duplication, not official crosswalks.
  • For borderline or high-risk classifications, and anywhere a conformity assessment or registration may be required, bring in qualified counsel and any required notified body.
07.Who It's For

Anyone who needs a grip on their AI systems.

SMBs using or selling AI

Get a grip on your AI systems without hiring a compliance team.

Compliance & operations leads

Stand up an inventory, a gap view, and a documentation set you can point to.

Exporters & EU-facing vendors

Answer the AI Act questions your customers and contracts are starting to ask.

Consultants & agencies

A brandable, repeatable readiness toolkit to run for clients.

Completes a governance starter — the policy, the people, and the systems:

08.Common Questions

The questions teams ask before starting.

A set of editable working tools that walk a non-specialist team through EU AI Act readiness: inventory your AI systems, classify each into the right risk tier, run a gap assessment, and produce the documentation (impact assessment/FRIA, system cards, vendor reviews) that regulators and customers ask for.

Inventory · classify · assess · document · $249

Get a grip on the EU AI Act this quarter.

Inventory, classify, find your gaps, and document — without the consulting bill. One-time $249, editable and yours to reuse.

A working aid, not legal advice or a conformity assessment · Sold by RedHub AI LLC · Secured by Stripe · redhub.ai