Compliance matrix
Document qualification methodology, legal references and scope disclaimers.
Disclaimers
- Pre-classification support only. Final qualification and conformity decisions require legal/compliance validation.
- Assessment scope is limited to declared use-case context and selected risk triggers.
- This output does not replace legal advice, notified-body review or competent authority guidance.
Methodology
Baseline: Regulation (EU) 2024/1689 + Commission high-risk guidance checked 2026-07-01 · v2026.06 · 2026-07-01T16:17:10.175Z
- Identify prohibited-practice triggers (Article 5 watchouts): No trigger detected
- Assess Article 6(1) product-safety component applicability: Not applicable
- Map Annex III domains from declared operational use: Annex III domains matched
- Check Article 6(3) significant-risk exception: Article 6(3) exception documented
- Generate evidence obligations and remediation priorities: Compliance outputs generated
Assumptions and limits
- Classification relies on intake declarations and selected risk triggers.
- Annex III systems are treated as high-risk unless an Article 6(3) exception is explicitly documented.
- Profiling of natural persons or material influence on decisions blocks the Article 6(3) exception.
- Commission high-risk enforcement timeline used: 2 December 2027 for Annex III areas and 2 August 2028 for product-integrated systems.
- Edge cases and product-specific harmonisation laws require manual legal review.
| Criterion | Legal basis | Status | Rationale |
|---|---|---|---|
| Prohibited practices | Article 5 | Not triggered | No prohibited-practice trigger selected in intake. |
| Product safety component | Article 6(1) | Not triggered | No regulated product/safety component declaration. |
| Annex III domain | Annex III | Triggered | Matched domains: essentialServices |
| Article 6(3) exception | Article 6(3) | Documented exception | Annex III trigger is present, but intake declares a narrow/preparatory task with no profiling and no material decision influence. |
| Fundamental-rights impact | Recitals and Articles 9, 10, 14 | Required | Selected domain can materially affect people rights; structured impact assessment is required. |
| Operational obligations | Articles 9-15 and 72 | Required | High-risk indicators trigger a full conformity workstream. |
| Source | Version | Applicability | Link |
|---|---|---|---|
|
EU AI Act Article 5 Prohibited AI practices Regulation (EU) 2024/1689, Article 5 |
Official Journal L, 2024/1689 | 2025-02-02 | Open |
|
EU AI Act Article 6(1) High-risk AI systems - product safety component Regulation (EU) 2024/1689, Article 6(1) |
Official Journal L, 2024/1689 + Commission AI Omnibus timeline | 2028-08-02 | Open |
|
EU AI Act Article 6(3) Annex III significant-risk exception Regulation (EU) 2024/1689, Article 6(3) |
Official Journal L, 2024/1689 + Commission draft high-risk guidelines | 2027-12-02 | Open |
|
EU AI Act Articles 9-15 Risk management, data governance, technical docs and oversight Regulation (EU) 2024/1689, Articles 9-15 |
Official Journal L, 2024/1689 + Commission high-risk timeline | 2027-12-02 / 2028-08-02 | Open |
|
EU AI Act Article 72 Post-market monitoring and incident reporting Regulation (EU) 2024/1689, Article 72 |
Official Journal L, 2024/1689 + Commission high-risk timeline | 2027-12-02 / 2028-08-02 | Open |
|
EU AI Act Annex III(5) Essential private and public services Regulation (EU) 2024/1689, Annex III(5) |
Official Journal L, 2024/1689 + Commission high-risk timeline | 2027-12-02 | Open |
|
European Commission high-risk AI guidelines Draft classification guidance and enforcement timeline European Commission, Guidelines for providers and deployers of AI high-risk systems |
Commission draft guidance, checked 2026-07-01 | 2027-12-02 / 2028-08-02 | Open |
|
European Commission AI Act timeline Risk-based approach and application timeline European Commission, AI Act policy page |
Commission AI Act page, checked 2026-07-01 | 2025-02-02 / 2025-08-02 / 2026-08-02 / 2027-12-02 / 2028-08-02 | Open |