EUAIACT Exposure

EU AI Act Exposure Assessment — Sample Output | VTCDO
Sample Output · EU AI Act Exposure Assessment

This is what an EU AI Act Exposure Assessment actually produces

Real output built on a mid-market industrial manufacturer with EU distribution and vendor-supplied AI. Regulatory role, four scored dimensions, overall narrative, and priority action gaps — not a framework slide.

Free Tool

The EU AI Act Exposure Assessment is free and requires no login. Run your own assessment in approximately five minutes. Start your assessment →

August 2, 2026 is four months away. High-risk AI deployer obligations become enforceable on this date. Organizations with AI systems that affect EU individuals need to act now — not after enforcement begins.
The scenario

Mid-market precision manufacturer — Ohio-based, EU distribution

A company with $180M in revenue, 340 employees, and two AI systems in active production. No formal EU AI Act review has been conducted. The plant manager is aware enforcement is coming but uncertain whether their specific AI tooling creates compliance exposure.

“We use SAP’s embedded AI for demand forecasting across our EU customer base. Our quality inspection line uses a vision system from a third-party vendor to flag dimensional defects before shipment. Both have been in production for 18 months. Neither was assessed for regulatory compliance at implementation. We completed a GDPR review in 2023 that covered our customer data handling. No AI-specific review has been done since.”

IndustryManufacturing
Revenue$180M · 340 employees
EU presenceCustomers and distributors in Germany, Poland, Czech Republic
AI systemsSAP embedded demand planning · Third-party vision inspection
Assessment output

Regulatory role under the EU AI Act

Determined from EU market presence, AI system type, and output reach.

Deployer
In Scope
You use third-party AI systems in professional activities that directly affect EU customers and operations. As a deployer, your obligations center on oversight, monitoring, incident reporting, and verifying that your AI vendors meet the Act’s requirements — you cannot delegate this to your vendors by contract alone.

Assessment results

Four dimensions scored against EU AI Act compliance requirements.

Exposure scope
Medium
You sell to EU-based customers and distributors, and your AI systems produce outputs that influence quality and safety decisions at EU facilities. Your jurisdictional exposure is clear. The “unsure” on whether AI outputs reach EU individuals directly is itself a gap that requires resolution.
System risk classification
High Risk
Your third-party vision inspection system fits Annex III high-risk criteria as a safety component in manufactured products entering the EU market. SAP’s AI-driven demand forecasting is lower risk but must be assessed. Article 4 AI literacy obligations have been active since February 2025.
Governance readiness
Developing
You have AI governance structures in place and board oversight, but you have not evaluated vendor compliance or requested AI compliance documentation from either vendor. The absence of vendor accountability verification is your most critical gap under the Act’s deployer obligations.
Regulatory deadline exposure
Immediate
With the main enforcement deadline four months away, you must act now. The Digital Omnibus extension proposal exists but is not confirmed and cannot be relied upon. Article 4 AI literacy obligations have applied since February 2025 and your vendor documentation gaps remain open.

Overall exposure summary

AI-generated narrative synthesizing all four quadrants against your specific inputs.

You are exposed under the EU AI Act as a deployer because your operations involve selling precision components into the EU market, relying on EU supply partners, and running third-party AI systems with direct influence over product quality and safety. Your most significant exposure comes from your vision-based inspection system for defect detection — this system is almost certainly high-risk under Annex III, which covers AI affecting product quality and operational safety in manufactured goods entering the EU. SAP’s demand forecasting AI is lower risk but is not exempt from review. Your 2023 GDPR review is a meaningful asset: the DPIA infrastructure you built then is most of the way toward meeting the Article 27 Fundamental Rights Impact Assessment requirement that applies to high-risk AI deployers. The governance gap that needs immediate attention is vendor compliance evidence — you must now confirm that both vendors meet EU AI Act conformity requirements, and you cannot delegate that obligation to them by contract alone.

Top priority action gaps

Three specific actions ordered by urgency, each assigned to a named role.

1
Vendor compliance documentation for the vision inspection system
Immediate
Assign your Head of Procurement or Operations to formally request EU AI Act conformity documentation from your vision inspection vendor by June 1, 2026. If the vendor cannot produce documentation, escalate to your General Counsel — you cannot deploy a high-risk AI system without verified vendor conformity.
2
Internal high-risk system impact assessment
Near-Term
Task your AI governance lead to conduct a documented Annex III risk assessment on both AI systems influencing EU product quality. Adapt your existing GDPR DPIA process — it covers most of what an Article 27 FRIA requires. Target completion by June 30, 2026.
3
Ongoing vendor management protocols for AI compliance
Structural
Update supplier management and procurement policies to require EU AI Act documentation for all AI-enabled systems sourced after July 2026. Assign ownership to your Procurement Director to ensure this becomes a standard vendor qualification requirement.
Next step

This profile shows immediate, high-risk exposure and a four-month deadline. A 90-minute EU AI Act advisory session through Hawksroost can scope your vendor obligations and map your existing GDPR infrastructure against what the Act actually requires of you as a deployer.

Schedule an EU AI Act advisory conversation

Run your own assessment

The EU AI Act Exposure Assessment is free and requires no login. Answer five questions about your EU footprint, AI systems, and governance posture. You will receive the same four-quadrant scored output shown here — specific to your organization.

Start your free assessment →
Free · No login required · Approximately five minutes

Need a deeper governance review?

If the EU AI Act Exposure Assessment surfaces gaps you want to close, the AI Governance Accountability Review evaluates your full governance posture — decision accountability, human oversight, board readiness, and EU AI Act classification — across every consequential AI system you operate. Executive Access only.

Join Executive Access — $249/month →

Want to work through this with someone who has done it?

Most advisory conversations start with someone who has already used the tool and wants to take the output into a real decision. If your assessment surfaces obligations that require remediation planning or board preparation, advisory support is available through Hawksroost.

Start a conversation →