Regardless of your risk level, ALL organizations using AI must:
1. **AI Literacy (Article 4)**: Ensure staff and anyone operating AI systems on your behalf have sufficient understanding of AI. This is the most immediate obligation — it applies from February 2, 2025.
2. **Prohibited Practices Check**: Verify that none of your AI uses fall into the "unacceptable risk" category.
3. **Transparency**: Where AI interacts with people, they must be informed they are dealing with AI.
If you use high-risk AI systems, additional requirements include:
- **Risk Management System**: Continuous process to identify, analyze, and mitigate risks - **Data Governance**: Ensure training data is relevant, representative, and free from bias - **Technical Documentation**: Detailed docs covering system design, capabilities, and limitations - **Record-Keeping**: Automatic logging of system operations for traceability - **Transparency**: Clear information for deployers about capabilities and limitations - **Human Oversight**: Mechanisms to allow human intervention and override - **Accuracy & Robustness**: Testing to ensure consistent, reliable performance - **Cybersecurity**: Appropriate protection against unauthorized access or manipulation
Here is a step-by-step approach to compliance:
**Step 1**: Inventory all AI systems used in your organization **Step 2**: Classify each system by risk level **Step 3**: Check for prohibited practices **Step 4**: For high-risk systems, implement required controls **Step 5**: Train all relevant staff on AI literacy **Step 6**: Generate required compliance documentation **Step 7**: Establish a compliance monitoring process **Step 8**: Register high-risk systems in the EU database **Step 9**: Implement a process for incident reporting **Step 10**: Schedule regular compliance reviews
The AI Act requires several types of documentation:
- **Fundamental Rights Impact Assessment (FRIA)**: For high-risk AI in public services, banking, insurance, and other sectors - **Risk Assessment Reports**: Documenting identified risks and mitigation measures - **Transparency Notices**: Informing users about AI involvement in decisions - **AI Literacy Training Records**: Proof that staff have been trained - **Conformity Declarations**: Formal statements of compliance
AktAI auto-generates all of these documents based on your AI system registrations.
Which obligation applies to ALL organizations, regardless of risk level?