Your AI Act compliance, structured and guided.

The AI Act, officially Regulation (EU) 2024/1689, is the world's first comprehensive legal framework dedicated to artificial intelligence. Adopted on June 13, 2024 by the European Union, it establishes harmonized rules for the development, placing on the market, and use of AI systems. It classifies systems into four risk levels — minimal, limited, high, and unacceptable — and imposes proportionate obligations for each category.

If your company develops, deploys, imports, or distributes artificial intelligence systems within the European Union, you are affected by the AI Act. This includes companies established outside the EU whose AI systems are used on European territory. Our free diagnostic identifies your exact regulatory role and specific obligations in under 3 minutes.

Not necessarily. Classification depends on usage, not technology. A standard customer service chatbot is generally limited risk (transparency obligation Art. 50). However, a chatbot used for recruitment, credit assessment, or access to essential public services will be classified as high-risk (Annex III). Our diagnostic analyzes your specific use case to determine your exact classification.

The penalties under the AI Act are significant: up to 35 million euros or 7% of annual global turnover for the most serious infringements (use of prohibited systems), 15 million or 3% for violation of provider and deployer obligations, and 7.5 million or 1.5% for providing incorrect information. Proportionally reduced caps are provided for SMEs and startups.

The application timeline is progressive: since February 2, 2025 for prohibited practices and AI literacy obligation, August 2, 2025 for general-purpose AI models (GPAI), August 2, 2026 for high-risk systems and transparency obligations, and August 2, 2027 for systems integrated into regulated products. We recommend starting your compliance journey now to calmly anticipate the deadlines.

Yes, as a deployer of a GPAI model-based system. You must comply with transparency obligations (inform users they are interacting with AI) and, depending on your use case, potentially high-risk obligations if your application falls under Annex III. The model provider (Mistral AI, OpenAI, Anthropic, etc.) has their own GPAI obligations, but this does not exempt you from yours.

Providers of high-risk AI systems must produce comprehensive technical documentation compliant with Annex IV of the Regulation, covering the general system description, development process, training data governance, risk management system, performance metrics, and instructions for use. Deployers must additionally maintain a registry of AI systems used and conduct a fundamental rights impact assessment (FRIA). AiActo automatically generates all of these documents.

The provider develops or has developed the AI system and places it on the market under their own name. The deployer uses an AI system as part of their professional activity. The same company can be both: provider of their own AI tool and deployer of third-party tools. Obligations differ significantly: the provider is responsible for the system's technical compliance, the deployer for its compliant use.

No, and this is an important nuance. AiActo is a technology platform that automates the most time-consuming part of compliance: producing technical documentation. Where a law firm provides strategic advice, we provide immediate operational efficiency. We enable your teams (or your lawyers) to focus on what matters by eliminating weeks of manual drafting. For very specific cases, legal expertise remains complementary to our tool.