ActComply vs Saidot: EU AI Act compliance workflow

ActComply vs Saidot: EU AI Act compliance workflow

For an EU startup shipping AI features, the difference between compliance tooling that fits and tooling that does not comes down to what question you are trying to answer. Saidot has built a platform around AI transparency registers, model cards, and governance documentation at the portfolio level. That approach serves large organisations that need to catalogue dozens of AI systems and demonstrate responsible AI use to a broad set of stakeholders. For a startup CTO or Head of Product who needs to know whether a specific feature triggers Annex III obligations, what documentation Article 11 requires, and how to structure a risk management system that will satisfy auditors, the workflow is different. Compliance needs to map directly to the act, not to a transparency framework.

What the EU AI Act requires

The EU AI Act structures obligations around risk. Prohibited systems are banned outright. High-risk systems under Annex III face the most intensive requirements: a risk management system (Article 9), data and data governance procedures (Article 10), technical documentation (Article 11), automatic logging of operations (Article 12), transparency obligations to deployers (Article 13), human oversight mechanisms built into the product (Article 14), and a quality management system covering the full development and deployment lifecycle (Article 17). Deployers of high-risk systems have their own obligations under Article 25. The compliance deadline for Annex III systems is December 2, 2027. If your product uses or exposes a general-purpose AI model, GPAI obligations under Article 53 are already active from August 2, 2026, with fines of EUR 15 million or 3% of global annual revenue for non-compliance.

What this means for your business

Saidot's strength is AI transparency at scale: producing model cards, populating public or internal registers, and helping organisations communicate their AI use in a structured way. This is valuable for public sector clients, regulated enterprises, and organisations building stakeholder trust through documented AI inventories. For a startup navigating the EU AI Act specifically, the compliance obligation is more article-specific. You need to produce the right documents, implement the right controls, and do it in a way that would satisfy an EU market surveillance authority or enterprise procurement team asking for AI Act compliance evidence. ActComply is built around this workflow: classify your system against the act, identify which articles apply, and produce documentation to the standard the act requires.

Steps to get compliant

1. Run a risk classification: use the ActComply screener to determine whether your AI system is high-risk under Annex III, whether it involves GPAI components, or whether it triggers only the transparency obligations under Article 50.
2. Prioritise your most urgent obligations: GPAI and Article 50 obligations are active from August 2, 2026. If your product is affected, address these before turning to the December 2027 Annex III deadline.
3. Build Article 11 documentation early: technical documentation under Article 11 requires detailed system-level information about design choices, training data, performance metrics, and limitations. This is best produced while the system is being built, not retroactively.
4. Document your deployer obligations: if you are deploying a third-party high-risk AI system, your obligations under Article 25 are distinct from the provider's. Clarify this in contracts and in your own compliance records.

Free EU AI Act risk assessment

Not sure where your AI system stands? The free ActComply risk screener classifies your system in under 5 minutes. No sign-up required.

Check your EU AI Act risk in 5 minutes

Free risk classifier. No signup required. August 2 deadline.

Run the free screener