ComplianceForge AI
All articles

5 Compliance Documents You Need for the EU AI Act

Which documents are required for EU AI Act compliance? Here's the complete list with explanations.

3 min read
ComplianceForge AI

The EU AI Act requires documentation as proof of compliance. Here are the 5 key documents every company using AI needs to prepare.

1. AI Inventory Register

What it is: A central registry of all AI systems in your organization.

Why it's needed: Article 26(1) requires deployers to maintain records of the AI systems they use. Without an inventory, you can't prove that you've identified and classified all AI systems.

What it includes:

  • AI system name and provider
  • Use case category
  • Risk level (Prohibited / High / Limited / Minimal)
  • Responsible person
  • Date of last review

2. AI Acceptable Use Policy (AUP)

What it is: Rules for employees on how to use AI tools.

Why it's needed: Article 4 requires AI literacy — employees must know how to properly use AI tools. The AUP defines what's allowed, what's prohibited, and what data may be entered into AI systems.

What it includes:

  • Approved AI tools
  • Prohibited uses
  • Data classification for AI
  • Approval process for new AI tools
  • Violations and consequences

3. AI Risk Assessment

What it is: A risk assessment for each high-risk AI system.

Why it's needed: Article 9 requires a risk management system for high-risk AI systems. The Risk Assessment documents identified risks and mitigation measures.

What it includes:

  • Description of the AI system and its purpose
  • Identified risks (bias, accuracy, security, privacy)
  • Mitigation measures for each risk
  • Human oversight measures
  • Monitoring plan

4. Data Classification Guidelines for AI

What it is: Rules about which data can go into which AI systems.

Why it's needed: Article 10 requires data governance for high-risk systems. GDPR Article 35 requires a DPIA for high-risk data processing.

What it includes:

  • Matrix: data category x AI tool x allowed/prohibited
  • Anonymization and pseudonymization rules
  • Data minimization guidelines

5. Transparency Notice Templates

What it is: Templates for notifying users who interact with AI systems.

Why it's needed: Article 50 requires transparency — users must know when they are communicating with AI or when content is AI-generated.

What it includes:

  • Chatbot AI disclosure
  • AI-assisted decision notice
  • AI-generated content label
  • Opt-out instructions

How Does ComplianceForge AI Help?

ComplianceForge AI automatically generates all 5 documents based on information from the compliance wizard. Documents are personalized for your industry, AI tools, and specific context — ready to present to an auditor or management.

Want to know your compliance status?

Free questionnaire, AI classification and compliance score in 30 minutes.

Older postWhat Is the EU AI Act and Why Does It Matter for Your Business?
Newer postHow to Classify AI Tools Under the EU AI Act