| System name | |
|---|---|
| Identifier in the AI system register | |
| Version assessed / planned putting-into-service date | |
| Date of this sheet | |
| Author | |
| Contributors (business, legal, technical) |
| Business purpose (what is it for?) | |
|---|---|
| Users (who uses it?) | |
| Persons affected by the outputs | |
| Input data (personal? sensitive?) | |
| Outputs produced (prediction, content, recommendation, decision) | |
| Underlying provider / product / model (GPAI?) |
| T1 - Inference: are the outputs inferred from a learned model (and not from fixed human-written rules)? | YesNo Evidence: |
|---|---|
| T2 - Outputs: predictions, content, recommendations or decisions? | YesNo Evidence: |
| T3 - Autonomy: outputs produced without prior human validation? | YesNo Evidence: |
| Conclusion: AI system within the meaning of the Regulation? | Yes (T1 and T2 = yes)No → sheet closed, archive the evidence |
| Exclusively military / defence / national security use? | Yes → out of scope (Art. 2(3))No |
|---|---|
| Scientific R&D before placing on the market (no external users in real-world conditions)? | Yes → out of scope (Art. 2(6)-(8))No |
| Strictly personal, non-professional use? | Yes → out of scope (Art. 2(10))No |
| Open-source release (outside prohibited / high-risk / Art. 50 / systemic GPAI)? | Yes → partial exemption (Art. 2(12))No |
| Date of first placing on the market / putting into service (evidence) | |
| High-risk system already on the market before the application date of its regime? | Yes → deferred until a significant change in design (Art. 111(2))No |
| Significant change in design since then? | Yes - date:No → monitor |
| Post-omnibus deadlines (June 2026): Annex III → 2 December 2027; Annex I → 2 August 2028; Art. 50 → 2 August 2026 unchanged; public authorities (Art. 111(2)) → 2 August 2030; GPAI placed on the market before 02/08/2025 → 02/08/2027. | |
| Role retained | ProviderDeployerImporterDistributor |
|---|---|
| Switch: is your name or trademark affixed to the system? | YesNo |
| Switch: has a substantial modification been made? | YesNo Which one: |
| Switch: has the intended purpose been changed towards a high-risk use? | YesNo |
| A "yes" to any of the three switch questions = the organisation becomes the provider of the system (Art. 25). | |
| A1 - Subliminal or deceptive manipulation causing significant harm? | YesNo |
|---|---|
| A2 - Exploitation of vulnerabilities (age, disability, social/economic situation)? | YesNo |
| A3 - Social scoring with unjustified unfavourable treatment? | YesNo |
| A4 - Individual crime prediction through profiling alone? | YesNo |
| A5 - Untargeted scraping of facial images? | YesNo |
| A6 - Emotion recognition in the workplace / in education (outside medical or safety)? | YesNo |
| A7 - Biometric categorisation of sensitive attributes? | YesNo |
| A8 - Real-time remote biometric identification, publicly accessible spaces, law enforcement purposes? | YesNo |
| A9 - Generation or dissemination of non-consensual intimate imagery or child sexual abuse material (omnibus, applicable on 02/12/2026)? | YesNo |
If a single "yes": prohibited use (applicable since 2 February 2025). Dated stop decision, evidence retained, sheet closed.
| 7a. Annex I: product / safety component covered by harmonisation legislation with third-party assessment? | YesNo Applicable text: |
|---|---|
| 7b. Annex III: area concerned? | 1 Biometrics2 Critical infrastructure3 Education4 Employment/HR5 Essential services6 Law enforcement7 Migration8 Justice/democracyNone |
| Precise point of Annex III (quotation) | |
| 7c. Art. 6(3) exemption invoked? | D1 narrow procedural taskD2 improves a human resultD3 detects patterns without replacing the humanD4 preparatory taskNot invoked |
| Safeguard: does the system perform profiling of natural persons? | Yes → exemption impossible, high riskNo |
| Exemption analysis (summary + reference of the dated document) | |
| EU registration (Art. 49(2)) if the exemption is retained | Done on:To be done before putting into service |
| E1 - Direct interaction of people with the system? | YesNo Planned information measure: |
|---|---|
| E2 - Generation of synthetic content? | YesNo Planned marking: |
| E3 - Emotion recognition / lawful biometric categorisation? | YesNo |
| E4 - Deepfake or text informing the public without human review? | YesNo |
| Category retained | ProhibitedHigh risk (Annex I)High risk (Annex III)TransparencyMinimal riskOutside the AI Act |
|---|---|
| Additional transparency obligations (Art. 50)? | YesNo |
| Obligations triggered (list) | |
| FRIA (Art. 27) required? | Yes - deadline:No |
| DPIA (GDPR) required? | Yes - deadline:No |
| Applicable regulatory deadline |
| AI Act lead (name, date, signature) | |
|---|---|
| Legal / DPO (name, date, signature) | |
| AI committee decision (if borderline case - reference) | |
| Next review (≤ 12 months or upon substantial modification) |