Reg (EU) 2024/1689Generate dossier — €249
LIVE — Fines tracker · Obligations calendar · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL and 12 official sourcesView regulatory intelligence →

What is the AI Act? Regulation (EU) 2024/1689 in plain English: scope, risk tiers, obligations and the application dates from 2025 to 2027.

The AI Act is the world's first horizontal regulation of artificial intelligence. It was adopted on 13 June 2024 as Regulation (EU) 2024/1689 and entered into force on 1 August 2024. It applies extraterritorially — under Art. 2(1)(c) it covers any provider or deployer outside the EU whose AI output is used in the Union. The text contains 113 articles and 13 annexes, organised by risk tier: prohibited practices (Art. 5), high-risk (Art. 6 + Annex III), transparency (Art. 50) and general-purpose AI (Chapter V, Arts. 51–56). AICheck structures the technical documentation that Art. 11 + Annex IV require for high-risk systems.

Generate AI Act dossier — €249Free: check your AI system risk

€249 one-time payment · 12 PDF documents in ZIP · 45 minutes · 100% in your browser

Regulation (EU) 2024/1689 · Article 11 + Annex IV · 12 documents · 100% browser-side — your data never leaves your machine

The numbers

113 articles
Regulation (EU) 2024/1689 contains 113 articles and 13 annexes covering the full lifecycle of AI systems.
4 risk tiers
Prohibited (Art. 5) · High-risk (Art. 6 + Annex III) · Transparency (Art. 50) · Minimal risk (no specific obligations).
2 Aug 2026
General application date under Art. 113. Annex III high-risk obligations apply from this date.

What the AI Act actually regulates

The AI Act builds a four-tier risk pyramid. Every AI system placed on the EU market falls into one (or more) tiers, and obligations stack accordingly.

1
Tier 1 — Prohibited (Art. 5)
Eight practices banned outright: subliminal manipulation, exploitation of vulnerabilities, social scoring, predictive policing based solely on profiling, untargeted facial-image scraping, workplace/education emotion recognition, biometric categorisation by sensitive attributes, and real-time remote biometric identification by law enforcement (with narrow exceptions). Applies from 2 February 2025.
2
Tier 2 — High-risk (Art. 6 + Annex III)
Two routes: (i) AI as safety component of products covered by Annex I harmonisation legislation (Art. 6(1)); (ii) AI used in any of the 8 Annex III domains (Art. 6(2)) — biometrics, critical infrastructure, education, employment, essential services (credit scoring, insurance, public benefits), law enforcement, migration, justice. Triggers full documentation under Art. 11 + Annex IV, QMS (Art. 17), conformity assessment (Art. 43), post-market monitoring (Art. 72) and incident reporting (Art. 73).
3
Tier 3 — Transparency (Art. 50)
Chatbots interacting with natural persons must disclose they are AI. Synthetic audio/image/video/text must be machine-readable as AI-generated. Deep fakes must be disclosed. Emotion recognition and biometric categorisation systems must inform the exposed persons.
4
Tier 4 — Minimal risk + AI literacy
No specific obligations beyond general law. But every provider and deployer is subject to Art. 4 AI literacy — staff and operators must have sufficient understanding of the AI systems they use. In force since 2 February 2025.
5
Cross-cutting — GPAI (Chapter V, Arts. 51–56)
Providers of general-purpose AI models have separate obligations: technical documentation (Annex XI), information for downstream providers (Annex XII), a copyright policy, and a public summary of training data. GPAI with systemic risk (10²⁵ FLOPs presumption) has additional duties under Art. 55. Applies from 2 August 2025.

Three common mistakes

COMMON MISTAKE

"Our AI is in the US — the AI Act does not reach us"

Art. 2(1)(c) applies to providers and deployers in third countries when the output of the AI system is used in the Union. A US SaaS whose model serves EU users falls inside scope, regardless of where the servers sit.

COMMON MISTAKE

"Using ChatGPT means we are a GPAI provider"

No. Integrating someone else's model makes you a deployer (Art. 3(4)) of an AI system, with deployer obligations under Art. 26 if the use case is high-risk, and Art. 50 transparency if your application interacts with persons. GPAI provider obligations (Arts. 53–55) apply to whoever puts the model on the market — typically the model developer.

COMMON MISTAKE

"If we are not in Annex III, there are no obligations"

Even outside Annex III, Art. 5 prohibitions, Art. 50 transparency (for chatbots and synthetic content), and Art. 4 AI literacy still apply. Art. 4 has been enforceable since 2 February 2025 against both providers and deployers.

Does the AI Act apply to your system?

Answer these four questions to determine your obligations.

Does your system use machine learning, logic-based, or statistical approaches?
Art. 3(1) — definition of "AI system"
Is the system placed on the EU market or does its output affect persons in the EU?
Art. 2(1) — territorial scope (extraterritorial via 2(1)(c))
Is your system used in any Annex III domain? (employment, credit, education, law enforcement, migration, justice, critical infrastructure, biometrics)
Art. 6(2) + Annex III — high-risk classification
Are you the provider (developer) or the deployer (user) of the system?
Art. 3(3) provider · Art. 3(4) deployer — different obligations

Take the full AI Act risk classification test →

What the ZIP contains

12 PDF documents generated from your inputs. Each cites the article of Regulation (EU) 2024/1689 it fulfils.

1

Risk Classification Report

Identifies whether your system is prohibited (Art. 5), high-risk (Art. 6 + Annex III) or subject to transparency obligations (Art. 50).

2

Technical Documentation

The 9 blocks of Annex IV in full: system description, training data, validation, performance metrics, risk management, human oversight. Art. 11 + Annex IV.

3

EU Declaration of Conformity

Signable document conforming to Art. 47 and Annex V.

4

Compliance Calendar

Key application dates: 2 Feb 2025, 2 Aug 2025, 2 Aug 2026, 2 Aug 2027. Art. 113.

5

Conformity Sheet

Executive summary of compliance status for authorities or commercial buyers. Art. 43 procedure.

6

Quality Management System (QMS)

QMS structure covering the 13 aspects required by Art. 17.

7

Deployer Instructions

Document for the entity deploying your system, conforming to Art. 13.

8

Evidence Checklist

Verifiable evidence list, cross-referenced to every Annex IV block.

9

Incident Report Template

Notification protocol conforming to Art. 73 (15 days general / 10 days death / 2 days widespread).

10

AI Literacy Programme

Training plan conforming to Art. 4, in force since 2 February 2025.

11

Post-Market Monitoring Plan

Plan structure required by Art. 72 and integrated into the technical documentation under Annex IV(9).

12

Fundamental Rights Impact Assessment (FRIA)

Template under Art. 27 for public bodies, private entities providing public services, and Annex III 5(b)(c) deployers.

See before you buy — Download a sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your inputs, in your browser. No data leaves your machine.

What you pay

🧾 AI ACT COMPLIANCE CONSULTANCY
€5,000–€15,000
3–6 months. They explain the obligations to you.
✓ AICHECK
€249
12 documents. 45 minutes. Solves the documentation.

Technical documentation and conformity assessment: two layers

● LAYER 1

Technical documentation — Annex IV

12 documents. 45 minutes. €249. The documentation your system needs before being placed on the market.

∅ LAYER 2

Conformity assessment by notified body

If your system falls under Art. 43(1) (Annex III point 1 biometrics with notified-body route, or Annex I products), you will need third-party conformity assessment. That is a separate process. AICheck does not replace it.

We do not sell audits. We do not sell consultancy. We sell the tool that structures your documentation under Annex IV.

Penalty regime

Article 99 of Regulation (EU) 2024/1689. Chapter XII (Penalties) applies from 2 August 2025.

🇪🇺
Non-compliance with prohibited practices (Art. 5)
€35M / 7%

Art. 99(3). Up to €35 million or 7% of total worldwide annual turnover, whichever is higher. For SMEs and start-ups: whichever is lower (Art. 99(6)).

🇪🇺
Non-compliance with operator obligations (high-risk, transparency, deployer)
€15M / 3%

Art. 99(4). Includes failure to draw up technical documentation under Art. 11 + Annex IV. Covers obligations of providers (Art. 16), deployers (Art. 26), authorised representatives (Art. 22), importers (Art. 23), distributors (Art. 24), notified bodies (Art. 31, 33, 34) and transparency under Art. 50.

🇪🇺
Supply of incorrect, incomplete or misleading information
€7.5M / 1%

Art. 99(5). Applies when information provided to notified bodies or national competent authorities is wrong or misleading.

Documenting 5 or more AI systems?

If you operate multiple AI systems and need to document them all under Annex IV, contact us for volume pricing at hello@solidwaretools.com.

Request volume pricing
Reply within one business day

What AICheck guarantees, and what it does not

AICheck produces a document structured under Article 11 and Annex IV of Regulation (EU) 2024/1689 from the information you provide. The accuracy, truthfulness and completeness of that information is your responsibility as provider of the AI system.

We guarantee that the document structure follows Article 11 and Annex IV of Regulation (EU) 2024/1689 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a given case, nor by a commercial buyer in a procurement process.

AICheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

How is the AI Act different from the GDPR?
Both apply in parallel and are independent. The GDPR (Regulation 2016/679) regulates the processing of personal data; the AI Act regulates the AI system itself, regardless of whether personal data is processed. A high-risk AI system that uses no personal data still triggers Art. 11, Art. 17, Art. 43. Conversely, processing personal data still triggers GDPR even if your system is low-risk under the AI Act. Article 26(9) clarifies that the Art. 13 information may be reused to comply with the DPIA under Art. 35 GDPR.
When does the AI Act start applying to my company?
Article 113 staggers application. Chapters I and II (general provisions + prohibited practices Art. 5 + AI literacy Art. 4) apply from 2 February 2025. Chapter V (GPAI, Arts. 51–56), Chapter VII (governance) and Chapter XII (penalties — Art. 99) apply from 2 August 2025. The general application date — including Annex III high-risk obligations and Art. 50 transparency — is 2 August 2026. Article 6(1) (AI as safety component of Annex I products) applies from 2 August 2027.
Does the AI Act apply if my AI does not process personal data?
Yes. The AI Act applies based on the AI system's intended purpose and risk category — not on whether personal data is involved. A high-risk AI under Annex III triggers Art. 11 + Annex IV technical documentation, Art. 17 quality management, Art. 43 conformity assessment and Art. 72 post-market monitoring, whether or not personal data is processed.
Is this a subscription?
No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The PDF you download is yours to keep.
Can I request a refund?
Pursuant to Article 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the licence you give express consent to the immediate generation of digital content, waiving the 14-day withdrawal right. Refunds are only accepted in the case of a reproducible technical failure.
What if the regulation changes?
If the regulation changes while your licence is active, you can regenerate the document with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: AICheck is a documentary self-assessment tool, not legal advice nor a third-party audit. The document under Article 11 and Annex IV of Regulation (EU) 2024/1689 is generated from the data you input. The accuracy of that data is your responsibility. AICheck does not replace a qualified professional assessment.

Don't wait for the consultancy. Generate the Annex IV documentation for your AI system in your browser in 45 minutes.

Twelve documents. Annex IV fully structured. Regulation (EU) 2024/1689. Your data does not leave your machine. The ZIP you download is yours to keep.

€249 one-time payment
12 professional documents · 45 minutes · No subscription · 100% in your browser
Generate dossier — €249

Related landings

📋 Compliance

Compliance officer AI Act checklist — systems inventory
🏢 Multi-system

AI Act compliance with multiple AI systems
🇺🇸 US SaaS

US SaaS company — AI Act technical documentation
✓ Last regulatory verification: 11 May 2026 · No substantive changes detected · View history