Is my AI high-risk under Annex III?

AI is high-risk under Annex III if it relates to decisions in 8 areas: employment, credit/essential services, education, healthcare, biometric ID, critical infrastructure, law enforcement, migration/justice. Full decision tree at eucomplyhub.com/blog-annex-iii-decision-tree.html

What's the EU AI Act deadline?

Aug 2, 2026 = enforcement deadline for high-risk AI systems (Annex III). Banned uses (Article 5) and transparency (Article 50) are already live since Feb 2, 2025. Article 99 penalty: €15M or 3% global turnover for high-risk violations.

How is this different from Vanta?

Vanta (€9-45K/yr) targets SOC 2/GDPR/ISO 27001. EU AI Act is an add-on. eucomplyhub.com is EU AI Act-specific (Annex III + Article 11/14/50/72/99) for €799 one-time. Complementary, NOT replacement.

Is this legal advice?

NO. The audit is informational. Each report includes a mandatory legal disclaimer + recommendation 'final review by qualified EU AI Act counsel' before final compliance decisions. Provider is NOT a lawyer.

Can I get a refund if not satisfied?

Yes. 30-day money-back guarantee, no questions asked. Full refund via bank transfer or Stripe.

EU COMPLIANCE HUB · 5 REGULATIONS · MID-MARKET

EU compliance audits for mid-market SaaS|

5 regulations. 1 platform. AI Act · EAA · KSeF · DORA · NIS2. Fixed-fee from €199. Clarity in 5 days. No "100% compliant" claims — honest clarity.

Evidence-of-enforcement, not documentation-of-intent. We verify whether your systems actually behave according to policies — not just whether you've written them.

5 enforcement waves 2024-2026 · DORA LIVE · EAA LIVE · AI Act 02.08.2026 · NIS2 transposed · KSeF rolling

View tier matrix → Powered by aiactaudit.pl methodology

Annex III classification
Severity ranking + roadmap
PDF report (legal-ready)
30-day money-back

audit_report.pdf · 5 systems

Sample classification output

resume_screener.ai HIGH RISK

support_chatbot LIMITED

ats_resume_screen HIGH RISK

marketing_personalize MINIMAL

spam_filter MINIMAL

// 5 REGULATIONS · 1 PLATFORM

All EU compliance vectors in one place

Each regulation = separate audit + roadmap. Bundle = save. Mid-market focus, fixed-fee transparency.

AI ACT DEADLINE 02.08.2026

AI Act audit

Annex III high-risk classification + Art. 11/14/50/72/99 compliance roadmap. SaaS focus.

€399 founding · €799 standard

EAA LIVE 28.06.2025

EAA accessibility

European Accessibility Act audit for web/app — WCAG 2.1 AA + EN 301 549 compliance.

€299 founding · €599 standard

KSEF ROLLING 2026

KSeF e-invoice

Polish e-faktura compliance audit — FA(2)/FA(3) XML + KSeF 2.0 API integration check.

€199 founding · €399 standard

DORA LIVE 17.01.2025

DORA financial

Digital Operational Resilience — ICT risk + third-party register + TLPT (when applicable).

€499 founding · €999 standard

NIS2 TRANSPOSED

NIS2 cybersecurity

Network & Information Security audit — essential/important entity classification + risk mgmt.

€399 founding · €799 standard

BUNDLE SAVE €200-€400

EU SaaS Bundle

AI Act + EAA + 5 PILLARS framework. Best for SaaS founders pre-02.08.2026 deadline.

€799 founding · €1,499 standard

→ 5 regulations enforcement 2024-2026. Choose audit or bundle for full coverage.

// THE PROBLEM

5 enforcement waves. Same SMB pain.

of EU SMBs haven't started compliance
(multiple compliance surveys 2025-2026)

€15M

Maximum penalty for high-risk
(or 3% global turnover)

Annex III high-risk areas
(HR, credit, education, healthcare...)

€9-45K

Vanta enterprise pricing
out of reach for SMBs

EU compliance landscape 2024-2026 is 5 independent waves. Each requires a separate audit + roadmap. Most SMBs don't know:

Which regulations apply? AI Act (if you use AI), EAA (if web/app B2C), KSeF (Polish e-invoice), DORA (financial entities), NIS2 (essential/important sectors).
What exactly to do? Annex III classification, accessibility audit, e-invoice migration, ICT risk register, NIS2 incident reporting.
How much does it cost? DIY €5-15K per regulation. Big4 audits €15-50K. Vanta-tier €9-45K/yr without EU specificity.
What are the penalties? AI Act €15M / 3%, EAA €5K-€3M (per country), DORA 2% turnover, NIS2 €10M / 2%.
How to manage all of them? Most firms: separate auditors, separate PDFs, no coherent roadmap.

Most SMB needs 3-4 of 5 regulations. Single audit = expensive. Bundle = realistic for mid-market.

→ Audit per regulation in 4h. Bundle saves €200-€400.

// 5 PILLARS

5 pillars of enforceable governance

Most AI Act guidance defaults to enterprise frameworks (NIST AI RMF, ISO 42001 full deployment). That's the wrong altitude for a 50-person SaaS team facing 02.08.2026.

Mid-market governance instead requires smaller deterministic control layers around critical execution points:

Constrain execution. Runtime rules that block non-compliant outputs before they ship to users.
Escalate uncertainty. Confidence thresholds that surface edge cases for human review (Article 14 transparency).
Preserve authority boundaries. Role-based access (engineer / policy / customer) so nobody overrides what they shouldn't.
Evidence tied to runtime behavior. Logs of what actually happened, not what was supposed to happen (Article 12 logging).
Traceable intervention paths. Every override, exception, manual decision — documented and reproducible.

Documentation-of-intent vs evidence-of-enforcement. Having an AI policy ≠ having an enforced AI policy. A system may have extensive documentation and still fail governance integrity when execution behavior remains unconstrained under drift, ambiguity, or due-diligence pressure.

→ This audit identifies which pillars your current AI systems satisfy — and which become deal-killers in due diligence.

// QUICK CHECK

Is your AI high-risk? Check in 30 seconds.

3 questions, instant result. No email capture. No sales pitch.

Question 1 of 3

1. Does your AI use BANNED practices?

Social scoring by gov · real-time biometric ID in public spaces · emotion recognition in the workplace · predictive policing · facial scraping · subliminal manipulation

2. Does your AI make decisions in any of the 8 Annex III areas?

Employment (HR/recruitment) · credit scoring · education (admission/grading) · biometrics · critical infrastructure · law enforcement · migration · justice · healthcare

3. Does the end user interact with the AI?

Chatbot · AI-generated content · deepfakes · emotion recognition (informational) · biometric categorization (non-prohibited)

Full audit €799 →

⚠️ This quiz is a simplified guide. Full classification requires manual review per system. The full €799 audit gives you precise classification of every AI system with documentation.

// WHAT YOU GET

Full sample audit — fictional Acme HR-Tech

Don't take my word for it. See exactly what you get in 5-7 days. Sample report: Acme HR-Tech GmbH (fictional German HR-tech, 35 emp), 3 AI systems, 11-page PDF.

EXECUTIVE SUMMARY

8 findings · €15M penalty exposure

1 Critical 2 High 3 Medium 2 Low

Headline risk: CV ranker without human-in-loop on rejections (Art. 14 violation)

ANNEX III CLASSIFICATION

3 AI systems → 2 high-risk + 1 limited

CV Ranker — Annex III #4 employment HIGH

Interview Summarizer — Annex III #4 worker eval HIGH

Marketing Chatbot — Art. 50 transparency LIMITED

REMEDIATION ROADMAP

Critical → High → Medium, anchored Aug 2, 2026

Wk 1-2 Human review process for CV rejections (Art. 14)

Wk 3-4 Candidate transparency disclosure (Art. 13)

Mo 2-3 Annex IV technical documentation (Art. 11)

Mo 3+ Post-market monitoring system (Art. 72)

View full sample audit (11-page PDF) →

Opens in new tab. Cmd-P (Mac) / Ctrl-P (Win) → Save as PDF.

// TIMELINE

EU AI Act — rollout calendar

Most companies think the deadline is "sometime in 2026". In reality, penalties can already be issued (prohibitions live since Feb 2, 2025).

Feb 2, 2025

Prohibitions live

Banned AI practices enforceable. €35M / 7% turnover.

Aug 2, 2025

Governance + GPAI

EU AI Office operational. General-purpose AI obligations applicable (GPT-4, Claude, Gemini).

May 13, 2026

Digital Omnibus trilogue

EU decision — push the high-risk deadline? Apr 28, 2026 trilogue = FAIL without agreement.

Aug 2, 2026

High-risk obligations

Annex III enforcement. €15M / 3% turnover. 3 months from today.

Dec 2, 2027

Possible deferral target

If Digital Omnibus passes — high-risk deadline pushed by 16 months.

// WHAT'S ON THE MARKET

Why €799?

The compliance market is bipolar: enterprise (Vanta-tier, €9-45K/yr) or DIY (€9,500+ of your time). The SMB layer is missing. My Pricora stack is reusable + Claude automation = low my cost = low your price.

Vanta / Drata

Enterprise

€9,000-45,000 / year
Setup: 4-12 weeks
SOC 2 / ISO / GDPR — primary focus
EU AI Act: add-on, not core
Sales call required before purchase
For mid-market 100+ emp with compliance team
Annual contract

eucomplyhub.com

SMB · self-serve

€799 one-time (founding rate)
Setup: 5-7 days
EU AI Act specifically (Annex III + Art. 50/99)
PDF report + Loom video walkthrough (5-10 min)
Self-serve: buy, audit starts Day 1
For SMB SaaS 10-150 emp without compliance team
30-day money-back guarantee

DIY self-assessment

In-house

€9,500-14,500 of your time
Setup: 4-6 weeks
Reading regulations + research
Annex IV documentation = 30+ categories per system
No external validation
Plus €5-9k legal review at the end
Risk: missing key Articles

Cold honest: if you have a compliance team and €10k+/yr budget — Vanta is better. If you have 100+h free per week and like reading regulations — DIY works. eucomplyhub.com is for SMB SaaS founders who have neither.

// PRICING

Packages

30-day money-back guarantee — no questions asked. All tiers include a legal disclaimer + sources.

Single Audit

€199-499 one-time

Per regulation · founding pricing

KSeF €199 / EAA €299 / AI Act €399
NIS2 €399 / DORA €499
4h audit per regulation
Severity ranking + roadmap
PDF report (legal-ready)
30-day money-back

Choose reg →

Best Value

EU SaaS Bundle

€799 one-time

Founding · standard €1,499

AI Act audit (Annex III + Art. 11/14)
EAA accessibility audit
5 PILLARS framework apply
Combined PDF + Loom
SAVE €200 vs single audits
2 weeks email support
30-day money-back

Buy Bundle €799 →

Polish SMB

€599 one-time

Founding · standard €1,199

KSeF e-invoice audit
EAA accessibility check
GDPR review (legacy)
Combined PDF
SAVE €100 vs single audits
30-day money-back

Buy €599 →

Financial SMB

€899 one-time

Founding · standard €1,799

DORA full audit
NIS2 cybersecurity
AI Act (if AI in stack)
Combined PDF
SAVE €400 vs single audits
30-day money-back

Buy €899 →

Why so accessible? Vanta = €9-45K/yr enterprise. Freelance EU AI Act audit = €4,500+. DIY self-assessment = €9,500-14,500. I deliver this for €799 (founding) because the Pricora stack is reusable and Claude automation keeps cost low — which keeps your price low. Same depth, lower price.

// HOW IT WORKS

From purchase to PDF in 5 days

Async delivery. No sales calls, no setup overhead. Your time = 30 minutes (form + walkthrough).

You buy the audit

Pick a package, pay via Stripe. Fill out a short form about your company and AI stack.

I run the audit

4 hours of work: Claude skill ai-act-audit + manual review. Annex III classification, gap analysis, roadmap.

You get the PDF + call

Ready in 3-5 days. Severity ranking + fix recommendations + sources. Plus Loom video walkthrough.

Optional upgrade

High-risk → upgrade to Quick-Fix or Monitoring. Minimal/limited → relax.

// WHO BUILDS THIS

Who I am

Piotr Reder — solo founder, Malaga.

Just made it through the regulatory gauntlet with LocalBite (Apple DSA + EAA + Spanish autónomo). Built Pricora SaaS for Polish accountants from zero to live in 2 weeks.

15+ years in offshore industry, Anthropic Claude expertise, EU regulatory research (PL + EN markets).

WHAT I'M NOT

I'm not a lawyer

I don't provide legal services
I don't issue legal opinions
I don't represent clients before regulators
I don't promise "100% compliant" status
I don't eliminate penalty risk

WHAT I DO

I'm an auditor

I classify AI systems per Annex III
I deliver severity ranking + roadmap
I identify compliance gaps and fix costs
I'm actively looking for qualified EU AI Act counsel as legal partner
Each report includes mandatory disclaimer + recommendation for counsel review before final compliance decisions

Radical honesty: if someone is selling you "100% AI Act compliance" for €799 — they're lying. Compliance is a process, not a product. The €799 audit buys you clarity (classification + severity + roadmap), not insurance. Final legal sign-off always requires a lawyer.

// LEGAL

Legal Disclaimer

This audit is informational and does not replace legal advice. A final compliance determination requires review by qualified EU AI Act counsel.

Penalties under Article 99 EU AI Act:

€35M / 7% turnover (unacceptable risk)
€15M / 3% turnover (high-risk)
€7.5M / 1% turnover (incorrect information)

Sources (Q2 2026):