Chapter 1: Before You Begin
1.1 Purpose of This Guide
This guide translates the legal requirements of the EU AI Act into actionable implementation steps. It is designed for organisations that have read the regulatory framework and now need to operationalise compliance. Every section includes templates, checklists, or procedures that can be adapted to your organisation's context.
This is not a legal overview. For the regulatory text, risk classification definitions, and enforcement structure, refer to the EU AI Act Compliance Bible (ai_eu_bible_v1).
1.2 Who Needs This Guide
| Organisational Role | Primary Sections |
|---|---|
| Chief Technology Officer | Chapters 2, 3, 5 (system inventory, technical requirements, documentation) |
| Chief Compliance Officer | Chapters 2, 4, 6 (risk classification, conformity assessment, ongoing monitoring) |
| Data Protection Officer | Chapters 3, 5 (data governance, GDPR-AI Act coordination) |
| Project Manager | Chapters 2, 7 (inventory, implementation timeline) |
| Legal Counsel | Chapters 4, 6 (conformity assessment, penalties, cross-border) |
| AI/ML Engineers | Chapters 3, 5 (technical requirements, documentation, testing) |
1.3 Implementation Principles
The following principles guide effective AI Act implementation:
Proportionality: Compliance effort should match the risk level of the AI system. Minimal-risk systems require minimal action. High-risk systems require comprehensive measures.
Documentation-first: Every compliance activity should produce a documented output. If it is not documented, it cannot be demonstrated to a regulator.
Integration: AI Act compliance should integrate with existing governance structures (GDPR, product safety, quality management) rather than creating parallel systems.
Continuous: Compliance is not a one-time project. The AI Act requires ongoing monitoring, incident reporting, and periodic reassessment throughout the AI system lifecycle.
Want to monitor your AI compliance automatically? Try AIOS — your AI compliance OS. https://mmoww.net/ai/app/
Quick Decision Matrix
Use this matrix to determine your AI compliance obligations.
| Your Situation | Risk Level | Priority Action | Go To |
|---|---|---|---|
| Deploying AI that affects employment decisions | High | Impact assessment required | Chapter 3 |
| Using AI for customer-facing services | Medium-High | Transparency obligations apply | Chapter 4 |
| Internal AI tools (analytics, automation) | Medium | Document and monitor | Chapter 5 |
| AI in regulated sector (finance, health) | High | Sector-specific rules apply | Chapter 3 |
| Procuring AI from third-party vendor | Medium | Vendor due diligence needed | Chapter 5 |
| Just exploring AI for the first time | Low | Start with governance framework | Chapter 2 |
5-second answer: If your AI system makes decisions that affect people, you have compliance obligations. Start with Chapter 2 for the regulatory framework, then Chapter 3 for your specific obligations.