ISMS Copilot
ISMS Copilot

EU AI Act Copilot for independent consultants

Classify a client's AI system correctly before any remediation begins.

Start Free TrialSee it in action

Deliver EU AI Act classification work

  • Place a client's AI system into the prohibited, high, limited, or minimal tier
  • Test the system against Annex III high-risk use cases
  • Identify general-purpose AI (GPAI) obligations where they apply
  • Scope the conformity assessment for high-risk systems
  • Map EU AI Act work to ISO 42001 controls a client may hold
  • Reusable classification approach across client engagements

Classifying a client's AI system against Annex III before remediation

Every EU AI Act engagement turns on classification, and remediation done before classification is usually wasted. The Act sorts systems into tiers — prohibited, high-risk, limited-risk, and minimal-risk — and the consequences differ sharply at each level. The decisive step for most clients is testing the system against the Annex III high-risk use cases, because landing there triggers conformity assessment and a substantial obligation set. Separately, providers of general-purpose AI models carry their own GPAI obligations regardless of downstream use. ISMS Copilot helps consultants reason through the tier boundaries, walk a client's system against Annex III, flag GPAI exposure, and scope the conformity assessment that follows. That sequencing keeps your engagement honest: classify first, then build the remediation plan the classification actually requires.

Explore the EU AI Act Copilot →

Classify first with the free risk-tier checker

Since remediation before classification is wasted, start every engagement with the free EU AI Act Risk-Tier Checker: a deterministic prohibited/high-risk/limited/minimal classification (with the GPAI axis) against Regulation 2024/1689 in a few questions — the input to the Annex III analysis, not a replacement for it.

Open the free EU AI Act Risk-Tier Checker →

Frequently Asked Questions

What are the EU AI Act risk tiers?

The Act sorts AI systems into prohibited, high-risk, limited-risk, and minimal-risk, with obligations escalating sharply for high-risk systems.

Why classify against Annex III first?

Annex III lists the high-risk use cases. Landing there triggers conformity assessment and a large obligation set, so classification has to come before any remediation plan.

Does ISMS Copilot cover GPAI obligations?

Yes. It helps you identify where general-purpose AI model obligations apply, which exist independently of how a downstream system is classified.

Ready to streamline your compliance work?

Built for speed, accuracy, and audit-ready output.

Try ISMS Copilot 2.0