AI Regulation Discovery Wizard

Step 1 — Scope & Context

Start with where you operate and which sector you serve. This narrows which regulations may apply before we ask about your specific system.

Which verticals does your organisation operate in?

Where will it be deployed?

EU AI Act does not apply — we are outside EU scope

If you are certain the EU AI Act doesn't apply to your organisation or this system, tick above to skip EU AI Act questions. You will still answer whether EU residents' data is processed for GDPR screening.

#S1 Scope — The EU AI Act applies if you place AI on the EU market, put it into service in the EU, are established in the EU, or if your AI's output is used in the EU.

Organisation established or located in the EU (scope #S1)

#R2 Exclusions — Some systems are excluded (military, R&D-only, certain open-source components, personal non-professional use). If one applies the Act generally does not apply.

Does your system fall under any exclusions?

Step 2 — System Description

Describe the AI system itself: what it is, what it does, and how it operates.

What type of AI system?

What does it do? (max 200 chars)

0/200

Which business function?

#E1 Entity type — The EU AI Act assigns different obligations depending on your role. You can be more than one (e.g. both Provider and Deployer). Pick the one that best fits, or "Not applicable" if the Act doesn't apply.

EU AI Act entity type (flowchart #E1)

Operating model?

Autonomy level?

Step 3 — Impact & Risk

Describe how the system affects people, what data it uses, and your initial risk assessment.

Will it make or influence decisions affecting people? Will it interact directly with end users?

What data will it process?

Does it process data about EU residents?

#R4 Art. 50 Transparency — Limited-risk AI must inform users when they interact with AI. Art. 50 covers: deep-fakes, synthetic content, emotion / biometric categorisation, and AI interacting with natural persons.

Transparency triggers (#R4 — Art. 50)

Expected risk level?

Will vulnerable populations be affected?

Step 4 — Results

Your inputs

Go back to any previous step to change answers, then re-run discovery.

Step 1 — Scope & Context

Step 2 — System Description

Step 3 — Impact & Risk

Step 4 — Results

Your inputs

Applicable regulations

Top controls by SRF layer