Key Definitions
| Term | Definition |
|---|---|
| Self-Assessment | A systematic internal evaluation of an organization's compliance posture against defined criteria, conducted by the organization itself |
| Compliance Checklist | A structured list of requirements organized by regulatory framework, with indicators for assessing conformity status |
| Conformity | The state of meeting all specified requirements of a standard or regulation |
| Gap Analysis | The process of comparing current compliance status against required status to identify areas needing improvement |
| Maturity Level | A measure of how advanced an organization's compliance practices are on a defined scale |
| Control | A measure or action taken to manage risk and ensure compliance with requirements |
| Evidence | Documentation, records, or observable facts that demonstrate compliance with a requirement |
| Remediation Plan | A documented plan of actions to address identified compliance gaps |
| Risk-Based Approach | Prioritizing compliance efforts based on the level of risk associated with non-compliance |
| Compliance Framework | A structured set of guidelines, standards, and regulations that an organization must follow |
| Provider | A natural or legal person that develops or commissions the development of an AI system with a view to placing it on the market or putting it into service (EU AI Act Art.3(3)) |
| Deployer | A natural or legal person using an AI system under its authority (EU AI Act Art.3(4)) |
Chapter 1: How to Use This Checklist
This self-assessment tool provides organizations with a structured, comprehensive framework for evaluating their AI compliance posture across all major regulatory and standards frameworks. Each checklist item maps to a specific legal requirement or standard clause, includes assessment guidance, and provides a consistent rating scale. Organizations can use this tool for initial gap analysis, ongoing compliance monitoring, pre-audit preparation, and management reporting on AI governance maturity.
1.1 Assessment Rating Scale
Use the following scale consistently across all checklists:
| Rating | Symbol | Description |
|---|---|---|
| Fully Conforming | FC | Requirement is fully met with documented evidence |
| Substantially Conforming | SC | Requirement is largely met; minor gaps exist |
| Partially Conforming | PC | Some elements addressed but significant gaps remain |
| Non-Conforming | NC | Requirement is not met |
| Not Applicable | N/A | Requirement does not apply to this AI system/organization |
| Not Assessed | - | Assessment not yet completed for this item |
1.2 Priority Classification
Each checklist item is classified by priority:
| Priority | Description | Timeframe for Addressing Gaps |
|---|---|---|
| P1 — Critical | Mandatory regulatory requirement; non-compliance creates immediate legal risk | Immediate (within 30 days) |
| P2 — High | Key compliance requirement; significant risk exposure if not addressed | Short-term (within 90 days) |
| P3 — Medium | Important for comprehensive compliance; moderate risk | Medium-term (within 180 days) |
| P4 — Lower | Best practice or enhancement; supports overall compliance maturity | Long-term (within 12 months) |
1.3 Assessment Process
Step 1: Scope Definition
- Identify all AI systems in your organization
- Classify each system by risk level
- Determine applicable regulatory frameworks
- Select relevant checklists from this guide
Step 2: Evidence Collection
- Gather existing documentation (policies, procedures, records)
- Conduct interviews with key personnel
- Review system configurations and technical documentation
- Collect monitoring data and performance reports
Step 3: Assessment Execution
- Rate each checklist item using the standard scale
- Document evidence supporting each rating
- Note any observations or concerns
- Identify gaps requiring remediation
Step 4: Gap Analysis and Prioritization
- Compile all non-conforming and partially conforming items
- Prioritize based on risk level and regulatory deadline
- Develop remediation plans with timelines and owners
- Estimate resources required for remediation
Step 5: Reporting and Action
- Prepare assessment summary for management
- Present findings with recommended actions
- Obtain management approval for remediation plans
- Initiate remediation activities
1.4 Assessment Documentation Template
`
AI COMPLIANCE SELF-ASSESSMENT
Organization: _______________
Assessment Period: _______________
Assessed By: _______________
Date Completed: _______________
AI Systems in Scope: _______________
Summary Results:
- Total Items Assessed: [N]
- Fully Conforming: [N] ([%])
- Substantially Conforming: [N] ([%])
- Partially Conforming: [N] ([%])
- Non-Conforming: [N] ([%])
- Not Applicable: [N]
Overall Maturity Score: [___] / 5
Critical Gaps Identified: [N]
Remediation Plans Required: [N]
Assessment Approved By: _______________
Date: _______________
`