Help centre

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive legal framework for artificial intelligence. It classifies AI systems into four risk tiers (Unacceptable, High, Limited, and Minimal) and imposes requirements based on risk level. It entered into force on 1 August 2024, with full enforcement from 2026. If your organisation develops or deploys AI systems that affect people in the EU, you need to comply.

Go to "AI systems" in the sidebar and click "Add system". Give it a recognisable name (e.g. "HR screening algorithm" or "customer chatbot") and briefly describe what it does. An AI system is any software that uses machine learning, logic-based, or statistical approaches to generate outputs like predictions, recommendations, or decisions.

Once you've registered a system, click "Classify" to start the 5-step wizard. It takes about 10 minutes and covers: (1) basic system information, (2) prohibited practices check under Article 5, (3) high-risk categories from Annex III, (4) transparency obligations under Article 50, and (5) a review of your answers. The wizard determines your system's risk tier automatically.

After the wizard, you'll see your system's risk tier: Unacceptable (prohibited; must discontinue), High risk (strict obligations including Annex IV documentation), Limited risk (transparency obligations; must disclose AI nature to users), or Minimal risk (no specific requirements, but AI literacy obligations under Article 4 apply).

For high-risk and limited-risk systems, aiactly automatically generates a checklist of compliance obligations based on the relevant articles. Go to the Compliance section to see these. Update the status of each obligation as you work through them: Not started → In progress → Done. You can also mark obligations as N/A if they don't apply to your specific situation.

On the Professional plan, you can generate PDF and DOCX compliance documents for each classified system. These include: a Compliance Report (summary of classification and obligation status), Annex IV Technical Documentation (required for high-risk systems), and a Declaration of Conformity (required under Article 47).

Under the EU AI Act, an AI system is software that uses machine learning, logic-based approaches (including knowledge representation, search, optimisation), or statistical approaches to generate outputs such as predictions, recommendations, decisions, or content. This is broader than just "machine learning" and includes rule-based systems, optimisation algorithms, and statistical models. If your software makes or supports decisions that affect people, it likely qualifies.

A provider is the organisation that develops, trains, or places an AI system on the market. A deployer is an organisation that uses an AI system built by someone else in its operations. Providers have more obligations than deployers. If you built and sell the AI system, you're a provider. If you purchased, licensed, or integrated someone else's AI into your workflows, you're a deployer.

Unacceptable risk: AI practices that are prohibited outright (e.g. social scoring, real-time biometric surveillance).

High risk: AI systems in sensitive areas like employment, education, critical infrastructure, or law enforcement. These require extensive documentation and oversight.

Limited risk: AI systems that interact with humans or generate synthetic content. These must be transparent about being AI.

Minimal risk: Everything else. No specific obligations, but voluntary codes of conduct are encouraged.

Obligations are specific compliance requirements imposed by the EU AI Act for your risk tier. For high-risk systems, these include requirements like establishing a risk management system (Art. 9), implementing data governance (Art. 10), maintaining technical documentation (Art. 11), record-keeping (Art. 12), transparency to users (Art. 13), human oversight provisions (Art. 14), and accuracy/robustness requirements (Art. 15).

Annex III of the EU AI Act lists the specific categories of AI systems classified as high-risk. These include: biometric identification, critical infrastructure management, education and vocational training, employment and worker management, access to essential services (credit scoring, insurance), law enforcement, migration and border control, and administration of justice. If your system falls into any of these categories, it's high-risk.

Annex IV specifies the technical documentation that providers of high-risk AI systems must prepare and maintain. This includes: a general description of the system, detailed information about development methodology, data used for training and testing, design specifications, risk management measures, and post-market monitoring plans. aiactly generates a draft of this documentation based on your classification data.

No. aiactly provides guidance based on the official EU AI Act text (Regulation 2024/1689). Our classification wizard follows the decision tree defined in Articles 5, 6, 50, and Annex III. However, this is not legal advice. For binding compliance decisions, consult a qualified legal professional. aiactly helps you understand your likely obligations and prepare documentation.

Yes. You can re-run the classification wizard for any system at any time. Go to the system's detail page and click "Re-classify". Your previous answers will be available for reference, and any changes to your risk tier will automatically update your compliance obligations.

If your AI system triggers multiple risk categories, the highest applicable tier takes precedence. For example, if your system has both high-risk and limited-risk characteristics, it will be classified as high-risk. The compliance obligations will reflect the more stringent requirements.

You should re-classify your AI system whenever there are significant changes to its purpose, functionality, or deployment context. You should also re-classify if the EU AI Act is amended or if new guidance is published by EU authorities. As a general rule, review your classifications annually.

aiactly is designed for CTOs, Data Protection Officers (DPOs), Heads of AI, and compliance managers. The person running the classification wizard should have a clear understanding of what the AI system does, who uses it, and what decisions it makes or supports. Compliance obligations can then be delegated to the relevant team members.

Regulators will want to see evidence that you've identified your AI systems, assessed their risk levels, and taken steps to comply with the applicable requirements. Key evidence includes: a register of AI systems and their risk classifications, technical documentation (Annex IV for high-risk systems), records of compliance activities, and evidence of human oversight measures. aiactly helps you maintain all of this.

Go to Pricing and click the subscribe button for the plan you want. You'll be taken to Stripe's secure checkout to enter your payment details. Once payment is confirmed, your plan is upgraded immediately and reflected in your account.

Go to Settings and click "Manage subscription". This opens the Stripe Customer Portal where you can view your billing history, update your payment method, change your plan, or cancel your subscription. Cancellations take effect at the end of your current billing period — you retain full access until then.

Your data (AI systems, classifications, obligations, and documents) is retained for 30 days after your subscription ends. During this time your account reverts to the Free plan limits. After 30 days, data beyond Free plan limits may be removed. If you resubscribe within 30 days, all your data will be restored.

Go to Settings and click "Manage subscription". In the Stripe Customer Portal, select "Payment methods" to add or update a card. Changes take effect immediately for your next billing cycle.

Go to Settings to update your profile details including your name and organisation name. Changes are saved immediately.

If you signed up with email and password, go to Settings to change your password. If you signed in with Google, your password is managed by Google — you can set a separate aiactly password from the Settings page if needed.

Check your spam or junk folder for emails from [email protected]. If you find them there, mark them as "not spam" to ensure future emails are delivered. If you're still not receiving emails, contact us via the contact form.

To permanently delete your account and all associated data, please contact us via the contact form. We'll process your request within 5 business days. If you have an active subscription, please cancel it via Settings before requesting deletion.