AI inventory
Make each system visible: purpose, owner, vendor, user group, data, output, impact, lifecycle and status.
AI Act readiness
AI Act readiness: from AI inventory to workable roadmap
Readiness means knowing which AI systems exist, which role your organisation has, which risks matter, which evidence is missing and which actions come first. It is not a certificate, but a workable preparation for supervision, procurement, internal review and implementation.
Readiness stack
What should be clear at minimum?
A readiness check should not only ask about policy. Its value sits in the connection between systems, roles, risks, people, vendors and evidence.
Risk classification
Check whether the system involves prohibited AI, Annex III high-risk AI, transparency duties, a GPAI relationship or low risk.
Governance and policy
Define who may start, review, block, accept and reassess AI use. Connect this to intake, procurement, security and privacy.
DPIA, FRIA and fundamental rights
Bring privacy impact, fundamental rights impact, data quality, bias, human oversight and documentation together.
Article 4 AI literacy
Determine the AI literacy level needed per role and record training, assessment, certificates and progress.
Vendors and change control
Request vendor evidence and manage model changes, incidents, transparency duties and periodic reviews.
30-60-90 days
A practical AI Act readiness route
The sequence below prevents teams from filling in templates too early without knowing which systems, roles and risks determine priority.
0-30
Create visibility
Bring AI systems, vendors, owners, users, purposes, data and existing policies together. Immediately mark systems that may touch HR, education, finance, healthcare, public services, biometrics or critical infrastructure.
31-60
Classify and prioritise
Determine each system’s AI Act role, risk category, GDPR/DPIA impact, FRIA relevance, transparency duty and training need. Put uncertainties into a review list.
61-90
Decide and execute
Turn the analysis into policy, owners, intake process, training, vendor questions, documentation, monitoring and leadership decisions. Start with systems that have the highest legal and operational impact.
Teams
Readiness is multidisciplinary
AI Act readiness often stalls when one department has to carry everything. The best route distributes responsibilities from the start.
Make it governable
A good readiness route does not end in a list of loose gaps, but in decisions: what do we stop, what do we accept temporarily, what gets priority and who owns it?
Board and leadership
Needs visibility of risk, ownership, budget, priorities, decisions and accountability.
Legal, privacy and compliance
Needs to connect AI Act roles, GDPR, DPIA/FRIA, contracts, transparency and evidence.
IT, data and security
Needs to know which systems run, which data is used and how logging, access, monitoring and change control work.
HR, procurement and business owners
Needs to recognise when a tool contains AI, when high-risk or transparency duties arise and which vendor evidence is needed.
Internal routes
Read readiness together with governance, Article 4 and Annex III
Use this page as an entry point into the key parts of the knowledge platform. This keeps AI Act readiness connected to the legal text, tools and evidence routes.
Start with the legal basis
Classify systems
Build evidence
Determine your next step
Practical follow-up
From readiness to execution
When the first analysis is clear, two follow-up routes usually appear: governance and implementation on one side, demonstrable AI literacy on the other.
Embed AI
AI Act readiness sprint
For organisations that want a compact gap analysis around AI inventory, risk classification, governance, vendors, GDPR and priorities.
View readiness sprintEmbed AI
EU AI Act consultant
For support with scope, policy, AI inventory, decision-making, DPIA/FRIA overlap and implementation planning.
View consultant profileLearnWize
AI literacy readiness assessment
For teams that need visibility of role gaps, training needs, certificates and Article 4 evidence.
Start team assessmentExpertise
Readiness requires legal, technical and organisational translation
Zahed Ashkara helps organisations with EU AI Act readiness, AI governance, AI literacy and responsible AI use in processes such as HR, public services, legal teams, finance and software development.
FAQ
Frequently asked questions about AI Act readiness
Short answers for organisations that want to structure their AI Act preparation practically.
What is AI Act readiness?
AI Act readiness is the degree to which an organisation has visibility of AI systems, roles, risk classification, governance, training, vendors, documentation and priorities. It is preparation and evidence-building, not certification.
Where should AI Act readiness start?
Start with an AI inventory and role mapping. Then classify systems, connect GDPR/DPIA/FRIA and Article 4 to the right roles, and create a priority list.
Is AI Act readiness the same as compliance?
No. Readiness shows where you stand and what is needed. Compliance then requires execution, evidence, controls, technical documentation and appropriate governance per system.
How does AI literacy relate to readiness?
AI literacy is a core part of readiness. People who use, procure, review or build AI need suitable training and the organisation should be able to evidence this.
Which teams should be involved?
At minimum leadership, legal, privacy, compliance, IT, security, data, HR, procurement and business owners. The exact group depends on the AI systems and risks.
Sources
Official sources and primary documents
This route links to the official AI Act text and Commission information. For concrete classification, always check the current text, guidance and supervisory information.