How is your organization affected by the EU AI Act? Are you prepared? Get answers in 5 minutes.
Run a risk assessment. Plan ahead.
Compliance
Last updated: April 2026
IRP Compliance is the data controller for your submission.
Contact: privacy@irp-compliance.com
When you submit the assessment form, we collect: email address, company name, annual revenue range, employee count, your role, your EU AI Act role, and your assessment responses.
We process your data to: deliver your assessment results; send relevant follow-up communications about EU AI Act compliance; and improve the assessment tool.
We process your personal data on the basis of your consent (Article 6(1)(a) GDPR), given when you tick the consent checkbox and submit the form. You may withdraw consent at any time by contacting us.
Formspree Inc. (USA) — processes form submissions on our behalf. Data transfers to the USA are covered by Standard Contractual Clauses.
Resend — processes email delivery on our behalf.
Your partner integrator (if you accessed via a co-branded URL) receives your assessment data as joint controller.
We retain your data for 12 months from submission, or until you request deletion.
Under GDPR you have the right to: access your data; correct inaccuracies; request erasure; restrict or object to processing; data portability; and withdraw consent. To exercise any right, contact privacy@irp-compliance.com.
You have the right to lodge a complaint with your national data protection authority. In Sweden: Integritetsskyddsmyndigheten (IMY).
Compliance
Run a risk assessment. Plan ahead.
Compliance
Your role under the EU AI Act determines which obligations apply to you. Select the one that best describes how your organisation relates to the AI system you are assessing.
Compliance
All information on this page is provided for informational purposes only and should not be considered formal legal advice. For advice tailored to your specific situation and company, contact a qualified lawyer or law firm.
Compliance
Here is what your board needs to know — your current posture, your regulatory exposure, and the gaps to close before August 2, 2026.
Tier 2 fine (Art. 99): 3% of worldwide annual turnover, capped at €15M. Demonstrating a documented, good-faith compliance effort is a recognised mitigating factor in enforcement proceedings.
The EU Council agreed in March 2026 to potentially delay enforcement of Annex III obligations until December 2027. This does not pause all obligations: GPAI provider requirements (Articles 51–55) have been live since August 2025, and general transparency, logging, and oversight obligations continue on the current timeline. Organisations that wait risk being unprepared when enforcement begins — and lose the mitigating value of a documented compliance record.
ISO 42001 is a voluntary management system standard covering how your organisation governs AI internally. The EU AI Act is binding EU law with enforcement deadlines and financial penalties. Holding ISO 42001 certification demonstrates good AI governance practice and may support a good-faith defence — but it does not satisfy EU AI Act obligations or replace conformity assessments, IFU documentation, FRIA, or post-market monitoring requirements.
All information on this page is provided for informational purposes only and should not be considered formal legal advice. For advice tailored to your specific situation and company, contact a qualified lawyer or law firm.