Ensure EU AI Act compliance operationally

Classify AI systems and plan EU AI Act conformity assessments

Compliance teams executing Article-level EU AI Act conformity work when risk classification and assessment routing must be locked down.

• · AI system description (inputs, outputs, use case, risk class)
• · Org role (provider/deployer/importer/distributor)
• · Existing compliance documentation (if available)

• · Risk classification (Article 5 prohibited / Article 6+Annex III high-risk / Article 50 limited-risk / minimal-risk)
• · Conformity assessment plan (Module A vs Module H + notified-body routing)
• · Annex IV technical documentation checklist
• · Provider/deployer/importer/distributor obligation matrix

• · stdlib-only (3 deterministic Python tools, no external APIs)

• · EU AI Act Regulation (EU) 2024/1689 binding (must be applied)
• · AI system description must be clear (inputs/outputs/use case)
• · Org role must be identified (provider/deployer/importer/distributor)

• · Gray-area systems (e.g., custom ML models) may be classified conservatively (high-risk when borderline)
• · High-risk classification may require notified-body assessment (skill provides checklist, not assessment itself)
• · GPAI systems (Articles 51-55) require systemic-risk determination (outside this skill's scope for edge cases)

• · Direct reference to Regulation (EU) 2024/1689 binding text
• · Article-by-Article walkthrough in references
• · Annex III 8 high-risk categories with Article 6(2) carve-outs documented
• · 4 in-depth references + cross-framework mapping (ISO 42001, NIST AI RMF, GDPR)