If you're a founder or provider
The single most important question in EU AI Act compliance for founders isn't “are we high-risk?” — it's “what role are we in?” Get that wrong and your entire compliance strategy is built on a false assumption.
Article 3 defines both. Most companies are one or the other — some are both at the same time for different parts of their product.
You build the AI system and put it on the market or into service
Full lifecycle responsibility: conformity assessment, technical documentation, CE marking (where applicable), post-market monitoring, registration in the EU database.
Example: You built a CV screening tool and sell it to recruiters.
You use someone else's AI system in your own product or workflow
Narrower obligations: ensure appropriate use, human oversight, protect users' rights, don't use the system outside its intended purpose.
Example: You integrate a third-party hiring model into your HR platform.
These aren't legal tests — they're the questions a compliance review would start with. Work through them before you run your first analysis.
Did your team build the model or train it?
If yes, you are almost certainly a provider, regardless of whether you licensed data or used open-source components.
Are you the one putting it in front of end users?
If you control the deployment — the product, the interface, the terms of service — you carry deployer obligations at minimum, provider obligations if you also built it.
Do you use a third-party model API?
Using an external model API (OpenAI, Gemini, etc.) for a product you control makes you a deployer of that model but potentially a provider of the overall system.
Are you in the EU, or do your users affect people in the EU?
The regulation applies based on where the system's effects are felt, not where you are incorporated. A US startup with EU users is in scope.
Once you know your role, the next question is risk level. That's where the analysis comes in. Describe your system — what it does, who it affects, how it's used — and Regumatrix maps it against the regulation and tells you exactly which articles apply.
If you're high-risk, the report also lays out the obligations timeline so you can see what needs to be in place and by when. If you're lower-risk, it confirms why — with citations you can show a regulator.
The most valuable thing for a founder isn't a definitive legal opinion — it's a clear picture of the problem early enough to do something about it.
Regumatrix also has an Optimizer — if your system lands as high-risk, it analyses every statutory path that might let you legitimately restructure it to a lower classification. That's the conversation most founders need to have before they engage a lawyer.
Find out where your product stands.
3 free analyses on sign-up. No card, no commitment.
