Is this legal advice?

No. This tool is an educational readiness checklist that surfaces likely obligations based on common regulatory patterns. Always confirm your specific duties with a qualified lawyer before deploying.

How does the EU AI Act classify risk?

The Act sorts systems into prohibited, high-risk, limited-risk (transparency duties), and minimal-risk tiers. High-risk uses such as hiring, credit, or biometric ID carry the heaviest documentation, oversight, and testing requirements.

When do GDPR rules apply to my AI?

GDPR applies whenever you process personal data of people in the EU or UK, regardless of where your company is based. Using personal data to train or prompt a model triggers duties around lawful basis, transparency, and data-subject rights.

What does CCPA require for AI?

CCPA and CPRA give California residents rights to know, delete, and opt out of the sale or sharing of their personal information, including data used in automated decision-making. You must disclose AI-driven profiling and honour opt-out requests.

No. The checklist logic runs entirely in your browser and nothing you enter is uploaded or saved.

AI Compliance Readiness Checker

The AI Compliance Readiness Checker maps your planned AI deployment against the three regimes most teams worry about — the EU AI Act, GDPR, and CCPA/CPRA — and returns plain-English action items for the gaps it finds. It will not replace a lawyer, but it gives product and engineering teams a fast, structured starting point so the right questions reach legal before launch rather than after.

How it works

You describe four things: what your AI system does, the data types it processes, the jurisdiction you serve, and the deployment context (internal tool, customer-facing, or high-impact decisioning). The tool applies the same logic a compliance reviewer would. For the EU AI Act it estimates your risk tier — minimal, limited, high, or prohibited — and surfaces the obligations that attach to that tier, such as transparency notices for chatbots or conformity assessment and human oversight for high-risk uses. For GDPR it checks whether you touch personal data and flags lawful basis, transparency, DPIA, and data-subject-rights duties. For CCPA it checks whether you serve California residents and flags disclosure, opt-out, and automated-decision rights.

Each matched rule produces a concrete action item — “publish a clear notice that users are interacting with AI,” “run and document a Data Protection Impact Assessment,” “add a Do Not Sell or Share link” — rather than a citation you then have to decode.

Tips and notes

Run this checker early, before architecture is locked. The most expensive compliance failures are structural: collecting biometric data you cannot lawfully process, or building an automated hiring filter without the oversight and logging the EU AI Act demands of high-risk systems. Re-run it whenever you add a data type, enter a new market, or move a model from an internal experiment to a customer-facing feature, because any of those can change your risk tier. Treat the output as a briefing for your legal counsel, not a substitute for them — the regimes evolve, enforcement guidance shifts, and only a qualified adviser can confirm your specific duties.