Skip to content
Intric Intric Help Center

Being AI Act compliant

Introduction

Section titled β€œIntroduction”

🎯 Learning goals

  • Know how to assess your AI Act compliance in four steps
  • Be able to correct common myths and misinformation about the AI Act
  • Know where to find authoritative information

Compliance in four steps

Section titled β€œCompliance in four steps”

See our documentation on assessing your assistant in four steps: help.intric.ai/en/docs/security-compliance/ai-act/

  1. Describe how you are using your assistant
  2. Assess your risk class
  3. Confirm your role
  4. Map out your requirements

Tips and myths

Section titled β€œTips and myths”

To establish yourself as the AI expert in your organization, here are some common myths that you can dispel:

What about β€œlow risk” and β€œminimal risk” AI?

Those categories don’t actually exist! Way back when, the European Commission published a pyramid of risk classes to illustrate that most AI systems would not be touched by the Act, and that the point was to focus on the riskier ones. This eventually got translated into four risk classes: unacceptable, high, low, and minimal. But β€œlow” and β€œminimal” are not mentioned in the Act itself. Rather, AI systems that aren’t unacceptable or high risk may only have transparency requirements, with the implication that they have inherently lower risk. (Although high risk systems can also have transparency requirements!)

Are AI agents governable?

Yes. While the AI Act doesn’t mention them, it was written to be technology-agnostic. The European Commission wrote a recent FAQ about agents, basically saying: it’s hard to regulate something that doesn’t even have a common definition, but yes, agentic AI systems fall under the purview of the AI Act. They will likely be high risk and meet the definition of GPAIs, because they are intended to be general purpose.

There is quite a lot of misinformation out there. We strongly recommend to ask us if you have a question, or go straight to the text of the regulation itself: you will get a better answer than if you search online. The language of the Act is very precise, and as people blog about it and summarize requirements, they slowly drift away from the actual wording.

Key takeaways

Section titled β€œKey takeaways”
  • Compliance starts with a clear description of how your assistant is used β€” everything else follows from that
  • The four steps are: describe your use, assess your risk class, confirm your role, map your requirements
  • β€œLow risk” and β€œminimal risk” are not legal categories in the AI Act β€” dispel this myth if you hear it
  • Human-in-the-loop does not change your risk class
  • AI agents are regulated β€” the Act was designed to be technology-agnostic
  • When in doubt, go to the source: the text of the AI Act itself