EU AI Act Review Assessments
Genesis Solutions assesses AI systems against EU AI Act requirements — including risk classification, compliance gap analysis, and enforcement-deadline-prioritized roadmaps — even for US-based organizations with EU exposure.
What Is an EU AI Act Review Assessment?
The EU AI Act is the world’s first comprehensive AI regulation, entering enforcement in phases through 2027. A review assessment evaluates your organization’s AI systems and governance practices against the Act’s requirements — identifying which systems are in scope, their risk classifications, and what compliance actions are needed.
Who Is in Scope?
The EU AI Act has extraterritorial reach. You are in scope if:
- Your AI system’s output is used in the EU — even if hosted in the U.S.
- You place AI systems on the EU market — including SaaS products with AI features
- You deploy AI systems that affect individuals in the EU
What We Evaluate
AI System Risk Classification
- Unacceptable Risk — Banned practices (social scoring, certain biometric surveillance)
- High Risk — Systems in employment, finance, education, healthcare, law enforcement
- Limited Risk — Chatbots, deepfake generators, emotion recognition (transparency obligations)
- Minimal Risk — No specific obligations
Compliance Requirements (High-Risk Systems)
- Risk management systems
- Data governance and training data quality
- Technical documentation
- Transparency and human oversight mechanisms
- Accuracy and robustness standards
GPAI Model Obligations
Additional requirements for general-purpose AI models, with stricter rules for models with systemic risk.
What You Receive
- AI system inventory with risk classifications and EU exposure mapping
- Gap analysis against applicable EU AI Act requirements
- Compliance roadmap prioritized against enforcement deadlines
- Documentation review — Assessment of existing technical documentation and governance
- Cross-framework mapping — How your existing NIST AI RMF or ISO 42001 efforts cover EU AI Act requirements
Enforcement Timeline
| Date | Milestone |
|---|---|
| February 2025 | Prohibited AI practices take effect |
| August 2025 | GPAI model obligations take effect |
| August 2026 | High-risk AI system obligations take effect |
| August 2027 | Full enforcement |
Ready to assess your EU AI Act readiness? Schedule a scoping call.
Frequently Asked Questions
- Does the EU AI Act apply to US companies?
- Yes. The EU AI Act has extraterritorial reach. If your AI system's output is used in the EU, you place AI systems on the EU market, or you deploy systems affecting EU individuals, you are in scope.
- When does the EU AI Act take full effect?
- Enforcement is phased: prohibited practices took effect February 2025, GPAI obligations August 2025, high-risk system obligations August 2026, and full enforcement August 2027.
- What are the risk classifications?
- The Act classifies AI systems as Unacceptable Risk (banned), High Risk (strict requirements), Limited Risk (transparency obligations), or Minimal Risk (no specific obligations).
Ready to get started?
Schedule a call to discuss your eu ai act review assessments needs. Transparent pricing, no surprises.