δDOKEO
Regulatory Reference

The EU AI Act:
What regulated institutions need to know

The EU Artificial Intelligence Act is the world's first comprehensive legal framework for AI. It establishes obligations based on risk level and affects providers, deployers, importers, and distributors placing AI systems on the EU market or using them in ways that affect people in the EU.

This page provides a high-level overview for compliance, risk, legal, audit, and AI governance teams. It is not legal advice.

01Risk Levels

Four tiers of risk

Unacceptable

Banned outright. Includes social scoring, real-time biometric identification in public spaces (with exceptions), and manipulative AI.

High Risk

Subject to conformity assessments, documentation, monitoring, and oversight requirements. Covers areas like credit scoring, hiring, medical devices, and critical infrastructure.

Limited Risk

Transparency obligations only. Users must be informed they are interacting with AI (e.g., chatbots, deepfakes, emotion recognition).

Minimal Risk

No specific obligations. Includes AI in games, spam filters, and other low-impact applications. Voluntary codes of conduct encouraged.

02Key Obligations

What high-risk AI systems require

Providers and deployers of high-risk AI systems must meet these requirements across the system lifecycle.

Art. 6–7
Risk ClassificationAI systems must be classified by risk level. High-risk systems listed in Annex III face the strictest requirements.
Art. 9
Risk ManagementHigh-risk systems require a documented risk management system covering identification, analysis, evaluation, and mitigation of risks throughout the lifecycle.
Art. 10
Data GovernanceTraining, validation, and testing datasets must meet quality criteria. Providers and deployers must document data provenance, preparation, and known limitations.
Art. 11
Technical DocumentationDetailed technical documentation must be maintained before the system is placed on the market and kept up to date throughout its lifecycle.
Art. 13
TransparencyHigh-risk AI systems must be designed to be sufficiently transparent for deployers to interpret output and use the system appropriately.
Art. 14
Human OversightSystems must be designed to allow effective human oversight, including the ability to understand, monitor, and intervene in the system's operation.
Art. 15
Accuracy & RobustnessHigh-risk systems must achieve appropriate levels of accuracy, robustness, and cybersecurity throughout their lifecycle.
Art. 17
Quality ManagementProviders must establish a quality management system including procedures for risk management, data governance, monitoring, and incident reporting.
03Timeline

Enforcement timeline

August 2024EU AI Act enters into force
February 2025Prohibited AI practices banned
August 2025Rules for general-purpose AI models apply
August 2026High-risk AI system obligations enforced
August 2027Full enforcement across all provisions
04Dokeo

How Dokeo supports evidence-linked AI Act review

Dokeo gives regulated institutions a formal operating layer for EU AI Act readiness. Teams can map systems, connect evidence to obligations, review findings, coordinate remediation, and support audit-ready compliance operations as requirements evolve.

01Maintain a structured registry of AI systems with ownership and risk classification
02Link technical documentation and evidence to the systems under review
03Map controls, claims, and supporting records to specific AI Act obligations
04Surface findings and track remediation, approvals, and decisions over time
05Coordinate legal, risk, compliance, and technical review in one workflow
06Preserve retrievable audit history for internal review and external scrutiny

Related Reading

What is AI Governance?A guide to the policies, processes, evidence, and controls institutions need to govern AI under scrutiny.EU AI Act vs ISO 42001How the two major AI governance frameworks compare and where each fits in audit-ready compliance operations.

Cookie preferences

We use cookies to run this site, understand usage, and improve performance. By clicking "Accept all," you consent to our use of cookies.Read our cookie policy.