Most SaaS founders don't realize they're already subject to EU AI Act obligations. Take this quick check to find out where you stand.
Question 1 of 714%
Before we begin
Did your organisation develop this AI system — or have it developed on your behalf?
Question 1 of 7
Does your product include any AI functionality?
⚠️ You may not think of yourself as an "AI company"
Under the EU AI Act, even calling an external API (like OpenAI) makes you a "deployer" — with legal obligations including transparency, logging, and oversight.
Question 2 of 7
Could your product reach users in the EU?
⚠️ "We don't sell to the EU" isn't enough
The EU AI Act applies if your product is accessible to EU residents — even if you don't actively market there. Unless you block EU access, you may be in scope.
Question 3 of 7
What is the primary use of AI in your product?
Where is this emotion recognition system used?
Where is this biometric identification used?
⚠️ Same technology, different risk levels
A recommendation engine for e-commerce is Minimal Risk. The same technology used for job matching is High Risk. The EU AI Act classifies by use case, not by technology.
Question 4 of 7
Does your AI's output affect any of the following decisions?
⚠️ "A human makes the final call" may not protect you
If humans routinely rely on the AI's output — even as a "reference" — the system can still be classified as High Risk. The Act looks at real-world influence, not just system design.
Question 5 of 7
When your product shows AI-generated content to users, do you label it?
⚠️ Unlabeled AI content = transparency violation
Under the EU AI Act, users have the right to know when they're interacting with AI-generated content — including text, images, and synthetic media (deepfakes).
Question 6 of 7
Do you store logs of your AI's inputs, outputs, model version, and timestamps?
⚠️ No logs = no defense in an audit
For High Risk systems, Article 26(6) requires deployers to retain provider-generated logs for at least 6 months — retrievable on demand. Your provider builds the logging system (Article 12); you must store and preserve the output.
Question 7 of 7
Where is the data processed by your AI stored?
⚠️ Default settings are rarely GDPR-compliant
Vercel, Render, and most cloud platforms default to US regions. If you never explicitly chose an EU region, your data is likely stored outside the EU.
✅
Your product doesn't appear to use AI
The EU AI Act likely doesn't apply to your current product. However, if you add AI features in the future — even a simple chatbot or API integration — you'll be subject to these regulations.
Keep this in mind
Many SaaS products are adding AI features rapidly. The moment you integrate any ML-based functionality, the EU AI Act clock starts. Building compliance infrastructure early costs a fraction of retrofitting later.
If you technically block all EU access, the AI Act doesn't apply today. But if you ever expand to EU markets — or even one EU customer finds a way in — you'll need to comply.
Planning EU expansion?
Companies that build compliance infrastructure before entering the EU market spend significantly less than those who retrofit under deadline pressure. Start preparing now.
Your AI system may be prohibited under the EU AI Act
Immediate action required
Article 5 prohibitions have been enforceable since 2 February 2025. The penalty for operating a prohibited AI system is up to €35 million or 7% of global annual turnover. This is not a future obligation — it is already in force. Seek legal counsel immediately.
This tool provides general guidance only and does not constitute legal advice. A "potentially prohibited" result does not mean your system is definitively banned — narrow exceptions may apply. Consult a qualified legal professional for binding interpretation.