EU AI ACT AI PRODUCT ASSESSMENT
Find out how the EU AI Act applies to your AI product
Most compliance tools tell you about your organisation. The EU AI Act regulates your product. We assess the specific AI system you’re shipping — its risk classification, its prohibited-practice exposure, and the precise Articles that bind it — and hand you an audit-ready record you can put in front of a regulator, a notified body, or an acquirer.
A definitive, human-built article-by-article assessment of your AI system’s obligations under the EU AI Act.
WHAT YOU GET
Clarity, not a 200-page guide you’ll never read
A precise picture of where your AI product stands — and what it takes to stand up to scrutiny.
Definitive Risk Classification
Prohibited, high-risk, limited, or minimal — with the legal reasoning behind it, and a clear answer first to the question that ends businesses: does any Article 5 prohibited practice touch your system?
The Exact Obligations That Bind Your Product
Every applicable EU AI Act Article, mapped to what your system actually does rather than a generic template, with your role settled — provider, deployer, or both.
Defensible Compliance Record
A gap analysis ranked by enforcement risk and tied to the Act’s phased deadlines, so you know what’s urgent now, what isn’t yet, and what to show a regulator, notified body, investor, or acquirer.
You walk away knowing precisely how the EU AI Act applies to the product you’re shipping — not your organisation in the abstract, but the system itself — and holding a record that holds up when it’s tested. No guesswork, no false comfort from a checklist, and no surprises when someone with authority starts asking questions.
WHAT’S INCLUDED
Everything you need to prove your position — in one engagement.
AI system classification report
Your product’s risk tier with full legal justification.
Article 5 prohibited-practice screen
Explicit sign-off that your system is clear, or a precise account of where it isn’t.
Obligation map
Every applicable EU AI Act Article, broken down into concrete requirements for your specific system.
Living Compliance File™
An audit-ready, structured record mapped article-by-article to the Act, organised by your product’s development stage.
Role determination
Provider / deployer / importer / distributor analysis, including GPAI and downstream considerations.
Gap remediation roadmap
Prioritised actions with effort estimates, sequenced against statutory deadlines.
About the consultant:(yes, that’s real me)
I’m Yuliia Habriiel — a regulatory lawyer who spent years inside EU digital regulation: not just the AI Act, but GDPR, NIS2, DORA, the Cyber Resilience Act, and ISO 42001.
I build compliance infrastructure for a living, so I know the difference between a requirement that’s theatrical and one that will actually get enforced. The EU AI Act is written at the level of the product — yet almost everyone is still trying to comply at the level of the organisation. That mismatch is where companies get caught.
When you work with me, you’re not getting a generic audit or AI’s best guess. You’re getting the same legal reasoning the regulators apply, turned on the one thing that matters: the AI system you’re shipping.
Who this assessment is for:
- Founders and product teams shipping an AI system into the EU market and unsure which obligations actually bite
- Companies that suspect they might be “high-risk” and need a definitive answer before they raise, sell, or scale
- Deployers integrating third-party or general-purpose AI who don’t know where the provider’s duties end and theirs begin
- Teams preparing for investor or acquirer due diligence who need a clean, defensible compliance position
- Businesses that have outgrown checklist tools and need actual legal judgement applied to their product
- Non-EU companies (UK, US, Canada) who didn’t realise the Act reaches them the moment their output is used in the Union
No prior legal training required.
What our customers say:
353 students enrolled in our Teachable course – studying at their own pace.
Thank you for sending the strategy doc. I did not even expect it to be customised so it provides a good strategy tool to help me think about developing my application.
Meredith Godat, PhD
Founder, CogniQuest (Switzerland)
We’ve been trying to figure out how the EU AI Act affects our drone platform, especially around AI-based navigation. The report helped make sense of what actually applies to us and what we need to pay attention to. It gave us a much better picture of where we stand and what we need to do next before expanding into the EU market.
Denis Isakovs,
CTO, ProDrone
(Latvia)
Before this report, every AI Act discussion ended in confusion. Now I can confidently present classification decisions to our legal team and explain timelines to stakeholders. Worth every euro.
Robert Müller
Head of Product, MedicaTech Solutions (Germany)
Backed by Our Guarantee
If the assessment doesn’t give you a clear, defensible answer on your product’s risk classification and the Articles that apply to it, we’ll keep working until it does — or refund the engagement in full. The deliverable is certainty about your position. If you don’t have it when we’re done, we haven’t finished.
Audit-Proof Documentation
Lifetime AI Act Updates Included
No Legal Background Required
36-Hour Flexible Time Investment
Stop guessing how the AI Act applies to you
Get a definitive, product-level assessment and a record that holds up
when it’s tested.
One-time fee: €4,950
✔︎ Includes lifetime access and legal updates.
Limited assessment slots each month · Typical turnaround in 2 working days
Frequently Asked Questions
What is an EU AI Act product assessment?
It’s a legal assessment of a specific AI system — not your company as a whole — that determines its risk classification under the EU AI Act, screens it against prohibited practices, and maps every Article that applies to it. You come away knowing exactly what the Act requires of that product.
How do I know if my AI system is “high-risk” under the EU AI Act?
High-risk status depends on what the system does and where it’s used — for example, systems used in employment, credit, education, biometrics, or as safety components in regulated products. The classification turns on the system’s actual function against Annex III and the Act’s other criteria, which is precisely what the assessment determines for your product.
Does the EU AI Act apply to my company if we’re based outside the EU?
Often, yes. The AI Act applies to providers and deployers outside the EU when the system’s output is used within the Union. UK, US, and Canadian companies are frequently in scope without realising it. The assessment confirms whether and how it reaches your product.
What’s the difference between a “provider” and a “deployer”?
A provider develops an AI system (or has it developed) and places it on the market under its own name; a deployer uses an AI system under its authority. The two roles carry very different obligations, and many companies are both at once for different systems. Determining your role is a core part of the assessment.
When do EU AI Act obligations actually take effect?
EU AI Act applies in phases. Prohibited-practice rules came into force first, with high-risk and general-purpose AI obligations following on later dates. The assessment tells you which deadlines apply to your system and what’s genuinely urgent versus what isn’t due yet.
Can’t a compliance software tool do this for me?
A tool can generate a checklist, but it can’t exercise legal judgement on whether your specific system crosses a prohibited-practice line or how an Annex III category applies to an edge case. The assessment is legal analysis of your actual product, not a template projected onto it. It’s also designed to hold up under regulator or notified-body scrutiny in a way a self-serve checklist won’t.
What do I receive at the end of the assessment?
A written assessment memo, a risk-classification report, a prohibited-practice screen, a full obligation map of applicable Articles, a role determination, a prioritised remediation roadmap, and an audit-ready Living Compliance Binder™ mapped article-by-article to the Act.
How is this different from a GDPR or general compliance audit?
GDPR governs personal data; the EU AI Act governs the AI system itself — its risk, its transparency, its human oversight, its technical documentation. They overlap but are not the same regime. This assessment is built specifically around the AI Act’s product-level obligations, not retrofitted from a privacy audit.
How much does the assessment cost?
A single-system assessment is €4,950, covering everything listed above — classification, prohibited-practice screen, obligation map, role determination, remediation roadmap, and your Living Compliance File™ with regulatory updates. Additional systems are €2,000 each. No hourly billing, no open-ended scope.