How AISight Works
AISight is a free, open-methodology tool for assessing your organization's readiness for the EU AI Act (Regulation 2024/1689). This page explains exactly how the assessment works, what the scores mean, and which regulation articles each question maps to.
Source Material
All questions, classification logic, and compliance requirements in AISight are derived from a single source:
- Regulation (EU) 2024/1689 โ the EU AI Act, published in the Official Journal of the European Union on 12 July 2024
We do not use third-party research, market estimates, or proprietary data. Every article reference, risk category, and obligation listed in the tool can be verified against the regulation text at artificialintelligenceact.eu.
Readiness Assessment
How It Works
The assessment consists of 15 questions across 4 sections. Your answers are scored across 4 dimensions, weighted, and combined into an overall readiness score from 0 to 100.
The 4 Dimensions
| Dimension | Weight | What It Measures |
|---|---|---|
| Exposure | 30% | How much EU AI Act obligation your organization likely faces โ based on EU presence, industry, number of AI tools, high-risk use cases, and whether you build AI |
| Visibility | 25% | How well you know what AI is in use โ shadow AI awareness, AI inventory completeness, tool count awareness |
| Governance | 25% | Organizational readiness โ AI usage policy, governance ownership, risk assessment practices |
| Compliance | 20% | Progress toward specific EU AI Act requirements โ awareness of the regulation, risk classification, technical documentation, conformity assessments |
Scoring Formula
Each dimension is scored independently from 0 to 100. The Exposure dimension is inverted (higher exposure = lower score) because greater regulatory exposure with less preparation means lower readiness. The overall score is:
Overall = (100 โ Exposure) ร 0.30 + Visibility ร 0.25 + Governance ร 0.25 + Compliance ร 0.20
The result is rounded and clamped to 0โ100.
Readiness Levels
| Score | Level | Meaning |
|---|---|---|
| 0โ25 | Critical | Significant regulatory exposure with minimal preparation |
| 26โ50 | At Risk | Gaps that need immediate attention before enforcement |
| 51โ75 | In Progress | Foundation in place, but key gaps remain |
| 76โ100 | Well Prepared | Strong compliance posture, fine-tuning needed |
Question-to-Article Mapping
| Question | Dimension | Relevant Articles |
|---|---|---|
| Employee count | Exposure | Article 99 (penalty calculation based on turnover) |
| EU presence | Exposure | Article 2 (territorial scope) |
| Industry | Exposure | Annex III (high-risk use case categories) |
| AI tool count | Exposure / Visibility | Article 49 (registration obligations) |
| Shadow AI | Visibility | Article 4 (AI literacy), Article 26 (deployer obligations) |
| Builds own AI | Exposure | Article 16 (provider obligations) |
| AI use cases | Exposure | Annex III Categories 1โ8 |
| AI policy | Governance | Article 4 (AI literacy) |
| AI inventory | Visibility | Article 49 (EU database registration) |
| Governance ownership | Governance | Article 17 (quality management system) |
| Risk assessments | Governance | Article 9 (risk management system) |
| Regulation awareness | Compliance | Article 4 (AI literacy) |
| Risk classification | Compliance | Article 6 (classification rules) |
| Technical documentation | Compliance | Article 11, Annex IV |
| Conformity assessments | Compliance | Article 43, Annex VI |
Penalty Exposure Estimate
The penalty exposure shown in results is calculated using the maximum penalty tier from Article 99(3): 7% of global annual turnover, capped at โฌ35 million. The turnover is estimated from the employee count range selected. This is an approximation โ actual penalties depend on factors outlined in Article 99(7).
Risk Classification Wizard
The classifier follows the decision logic defined in the EU AI Act:
- Article 5 check โ Is the AI practice prohibited? If yes: Unacceptable Risk.
- Article 6(2) + Annex III check โ Does the AI system fall into an Annex III high-risk category AND make or influence decisions affecting individuals? If yes: High Risk. Critical infrastructure (Annex III Category 2) is high-risk regardless of whether it directly affects individuals.
- Article 6(1) check โ Is the AI system a safety component of a product covered by Annex I harmonisation legislation? If yes or unsure: High Risk.
- Annex III Category 1 check โ Is it a biometric identification or categorisation system? If yes: High Risk.
- Article 50 check โ Does the system interact with people or generate synthetic content? If yes: Limited Risk (transparency obligations).
- Default โ Minimal Risk. No mandatory obligations, voluntary codes of conduct encouraged (Article 95).
Annex III Categories Covered
| Category | Domain | Annex III Reference |
|---|---|---|
| 1 | Biometrics | Annex III, Category 1 |
| 2 | Critical infrastructure | Annex III, Category 2 |
| 3 | Education and vocational training | Annex III, Category 3 |
| 4 | Employment, workers management | Annex III, Category 4 |
| 5(a) | Essential public services, healthcare | Annex III, Category 5(a) |
| 5(b) | Creditworthiness assessment | Annex III, Category 5(b) |
| 5(c) | Life and health insurance | Annex III, Category 5(c) |
| 6 | Law enforcement | Annex III, Category 6 |
| 7 | Migration, asylum, border control | Annex III, Category 7 |
| 8 | Administration of justice | Annex III, Category 8 |
Article 5 Checker
The banned AI checker tests for all prohibited practices listed in Article 5(1) of the EU AI Act:
- Subliminal manipulation โ Article 5(1)(a)
- Exploitation of vulnerabilities โ Article 5(1)(b)
- Social scoring โ Article 5(1)(c)
- Predictive policing based solely on profiling โ Article 5(1)(d)
- Untargeted facial recognition scraping โ Article 5(1)(e)
- Emotion recognition in workplace/education โ Article 5(1)(f)
- Biometric categorisation by protected characteristics โ Article 5(1)(g)
- Real-time remote biometric identification in public spaces โ Article 5(1)(h)
Penalty Calculator
The penalty calculator implements the three-tier structure from Article 99:
| Tier | Violation | Maximum Penalty | Article |
|---|---|---|---|
| 1 | Prohibited AI practices | โฌ35M or 7% of global turnover | Article 99(3) |
| 2 | High-risk system violations | โฌ15M or 3% of global turnover | Article 99(4) |
| 3 | Incorrect information to authorities | โฌ7.5M or 1% of global turnover | Article 99(5) |
For SMEs and startups, the penalty is the lower of the fixed amount or the percentage of turnover (Article 99(6)). For large enterprises, it is the higher of the two.
EU AI Act Timeline
All enforcement dates shown in the timeline are from Article 113 of Regulation (EU) 2024/1689.
Data Privacy
- No account or login is required
- Assessment answers are processed in your browser only โ they are not sent to any server
- If you request an email report, your email address and score are sent to our server to deliver the report
- Checklist, portfolio, and assessment history are stored in your browser's localStorage only
- We use Plausible Analytics โ a privacy-friendly, cookie-free analytics service
Open Source
The scoring logic, classification rules, and question mappings described on this page are implemented exactly as documented. The assessment tool is built with React and TypeScript, and the complete source code is available for review.