FREE RESOURCE
EU AI Act Compliance Checklist (On-Premise AI)
A practical one-page checklist for teams running AI on-premise or self-hosted: risk tiers, what each obligation requires, and the steps to evidence compliance. Enter your email to unlock it. Not legal advice.
✓ Here it is — bookmark or print this page.
1. Classify the risk tier
- Unacceptable — banned (e.g. social scoring).
- High-risk — hiring, credit, medical, critical infra → strict obligations.
- Limited-risk — chatbots/generation → transparency duties.
- Minimal-risk — most tools → largely unregulated.
2. High-risk obligations
- ☐ Risk management system
- ☐ Data governance + training-data provenance
- ☐ Logging of inputs/outputs
- ☐ Human oversight of decisions
- ☐ Technical documentation + conformity assessment
3. GPAI (general-purpose models)
Transparency + technical docs + training-data summary; extra rules for systemic-risk models. Self-hosting an open model usually makes you a deployer, but you still inherit usage/documentation duties.
4. On-premise advantage
On-prem does NOT exempt you, but data, logs and the model stay in your perimeter — making residency, audit logging and access control easy to evidence. Pin processing to an EU/sovereign location.
5. Action list
- ☐ Inventory every AI use case + assign a tier
- ☐ Enable input/output logging for high-risk systems
- ☐ Document data sources and governance
- ☐ Define human-oversight points
- ☐ Disclose AI interaction to users where required
- ☐ Confirm data residency / jurisdiction
- ☐ Track provider vs deployer responsibilities
General information, not legal advice. The Act phases in over time — consult qualified counsel for your obligations and deadlines.
Read the full EU AI Act guide →