Skip to main content
We Ran Our Own AI Through the EU AI Act. Here's What It Said.
Product

We Ran Our Own AI Through the EU AI Act. Here's What It Said.

AI Comply HQ Team6 min read

We Sell Compliance. So We Checked Our Own.

There is an uncomfortable question every compliance vendor should be able to answer: do you comply with the thing you sell?

We build AI Comply HQ, a tool that walks companies through the EU AI Act and produces their compliance file. It is powered by an assistant we call Blake. Blake interviews you, classifies your AI system, and drafts your documents. Blake is, itself, an AI system. Which means Blake falls under the very regulation we help people comply with.

So we did the obvious thing. We pointed the product at itself. We ran Blake through our own interview, start to finish, and let our own classifier decide what Blake is. No special treatment. No quiet hand-edits to make the result look tidy. Here is exactly what came back.

The Verdict: Limited Risk, Article 50

Blake came out as limited risk, with transparency obligations under Article 50 of the EU AI Act. Confidence: 72 out of 100. Our role: deployer of a general-purpose AI model, since Blake is built on Anthropic's Claude rather than a model we trained ourselves.

If you were bracing for "high risk," here is the part worth sitting with. Most assistant-style AI is not high risk. High risk is a specific, named list. It is the AI that screens job applicants, scores someone for credit, sits inside a medical device, or helps the police. Annex III spells the categories out. A chatbot that explains a regulation and drafts a document for a human to review is simply not on that list.

Blake stays in the limited-risk tier for four concrete reasons, and the classifier named all four:

  • It does not make automated decisions about people. It suggests; a human decides.
  • A human reviews and approves everything before anyone relies on it.
  • It handles business and compliance information, not sensitive personal data.
  • Its output is advisory and clearly a draft, never a binding ruling.

What limited risk actually asks for is honesty. Tell people they are talking to an AI. Be transparent that the classifications and documents are AI-generated drafts meant for human review. That is Article 50, and it is a long way from the conformity-assessment marathon that high-risk systems face.

Three Real Documents, Not Eighteen

A high-risk system in our product generates a stack of eighteen documents: technical documentation to Annex IV, a risk management system, a post-market monitoring plan, the full set. Blake, sitting at limited risk, generated three:

  1. A Risk Assessment Report setting out the tier, the reasoning, and the obligations.
  2. A Transparency Notice built around Article 50, with the actual disclosure language Blake should show its users.
  3. A Voluntary Code of Conduct, the good-practice commitments we take on even where the law does not force our hand.

Three is the right number. It is not a thin result, it is a proportionate one. The Act scales what it asks for to the risk you actually pose, and a well-behaved assistant poses little. We have packaged those three documents, exactly as the product produced them, into a sample compliance pack you can download and read in full.

That is the honest shape of limited-risk compliance. If your AI looks more like Blake than like a hiring algorithm, this is roughly what your own file should look like.

The Bug We Found in Ourselves

Here is the part most vendors would quietly leave out.

When we read Blake's Risk Assessment closely, one citation was wrong. The document pointed to "Article 52" for transparency obligations. In the final text of the EU AI Act, Regulation (EU) 2024/1689, transparency lives in Article 50. Article 52 is something else entirely: the procedure for designating general-purpose models with systemic risk. Our classifier was quoting an article number from an earlier draft of the law.

We traced it in minutes. The slip sat in the instructions we give the model that does the classifying. The underlying rules engine already used the correct Article 50. The prompt did not. We corrected it, added a guard so the draft numbering can never creep back in, and shipped the fix the same day.

We are telling you this on purpose.

The whole point of dogfooding is that it surfaces the things a test suite never will. We would not have caught a stale article number by reading our own code for the hundredth time. We caught it because we sat in our customers' chair and read the output the way they would. That is also the honest answer to the question "how do I know your tool is right?" You do not take our word for it. You watch us hold ourselves to the same standard, find our own mistakes, and fix them in the open.

What This Means for You

Two things.

First, do not assume the worst about your own AI. Founders email us expecting the high-risk gauntlet and walk out classified as limited risk with a short, sane to-do list. The fastest way to stop worrying is to find out, and finding out takes minutes.

Second, the act of assessing yourself is the work. You cannot manage a risk you have not named. Run your own system through the same quick check we ran Blake through, and you will get what we got: a tier, a reason, and a clear next step.

We marked our own homework, in public. Now we are handing you the paper.

Check your AI in 5 minutes

Want to work out where your own system lands? Start with our EU AI Act Risk Assessment Guide and our guide to AI chatbot compliance.

Update: Where the Digital Omnibus Stands (June 12, 2026)

A quick note before you act on any date in this article. The Digital Omnibus is a simplification package the European Commission proposed on November 19, 2025. It would amend several EU digital laws at once, and for the AI Act it proposes two big changes: the high-risk obligations would apply later (December 2, 2027 for the stand-alone high-risk systems listed in Annex III, and August 2, 2028 for high-risk AI embedded in regulated products), and a number of requirements would be simplified along the way.

Here is the part that matters: none of this is law yet. The European Parliament and the Council reached a provisional agreement on May 7, 2026, and formal adoption is expected, but until the final text is adopted and published, nothing changes. The dates and obligations described in this article are the ones in force today. And the rules that already apply, like the prohibited practices and the AI literacy duty, stay exactly where they are no matter what happens to the Omnibus.

We are watching this closely. The moment the Omnibus is adopted, amended, or rejected, we will update this article to reflect the new EU AI compliance dates. Check back, or run the free 90-second risk check to see your obligations under the rules as they stand right now.

Ready to assess your EU AI Act compliance?

Start a guided compliance interview, get your AI system's risk classification, and generate an audit-ready report.

Start Your Free 7-Day Trial

Not ready to sign up? Take the free 90-second risk check →