EU AI Act · Resource Hub

EU AI Act for midmarket — from overview to action

The deadline is 2 August 2026. Atlas gives you AI inventory, risk classification, and audit-ready documentation in one tool.

Deadline 2 Aug 2026 —

100days

09hours

17min

40sec

Try Atlas free →Download checklist (PDF)

Overview

What the EU AI Act is — in plain language

The EU AI Act is a regulation that introduces risk-based rules for AI systems used in Europe. It entered into force in August 2024, with full obligations for most organisations taking effect 2 August 2026.

The regulation distinguishes between AI providers (who build AI systems) and deployers (who use AI built by others). Most midmarket organisations are deployers. You deploy Microsoft Copilot, AI in your ERP, or AI-driven recruitment tools.

It is about governance and documentation, not about banning AI. The regulation defines four risk tiers: unacceptable (banned), high-risk (full compliance), limited risk (transparency), and minimal risk (voluntary recommendations).

For deployers of high-risk AI: you need an AI inventory, risk assessment, technical documentation from your vendor, a human oversight protocol, and an AI literacy programme for affected staff.

The 20 things

What you need to have in order

20 requirements mapped to six categories (A–F). Each maps directly to Atlas compliance cockpit items.

A — OrganisationB — MappingC — TrainingD — Risk assessmentE — VendorsF — GDPR & transparency

A1AI responsible role appointed

A2Governance structure documented

A3Written AI policy published

A4Incident procedure in place

B1AI inventory complete

B2All systems risk-classified

B3Usage description per high-risk system

C1AI literacy baseline assessed

C2Training plan developed

C3Training documented

D1FRIA for all high-risk systems

D2DPIA and FRIA coordinated

D3Technical documentation (Article 11)

D4Automatic logging implemented

E1AI contracts reviewed

E2Due diligence checklist for vendors

E3Ongoing vendor monitoring

F1AI output visibly labelled

F2Human intervention documented

F3GDPR coordination completed

Download full checklist (PDF) →

Where to start

Three steps to AI Act readiness

AI Inventory

Map all AI systems in operation. Find shadow AI. Classify each system using Annex III as a guide.

Read about inventory →

Risk Classification

Run FRIA for high-risk systems. Coordinate with DPIA. Document technical documentation from the vendor.

DPIA vs FRIA →

Documentation

Write AI policy. Build technical documentation. Introduce human oversight protocol. Keep inventory updated.

AI policy guide →

Why Atlas

Built for AI Act compliance — not for Fortune 500 budgets

Built for midmarket

Not for Fortune 500 budgets. Atlas is designed for the IT manager who also has 10 other tasks.

AI-drafted documentation

Review-ready documentation, not just empty templates. Technical documentation, FRIA, and AI policy generated from your actual data.

Audit-ready, not 'compliant'

We do not overpromise. Atlas gives you structure and documentation — not a guarantee certificate.

Resources

Long-form guides

EU AI Act for Midmarket — What You Actually Need to Do

A pragmatic roadmap for 200–5,000 employee organisations

9 min read →

Annex III Explained — When Is Your AI High-Risk?

The eight categories with Nordic midmarket examples

8 min read →

Your AI Policy — 8 Sections You Cannot Skip

What separates a policy that is used from one collecting dust

8 min read →

DPIA and FRIA — Two Documents, Two Purposes

Overlap and difference, and when you need both

9 min read →

AI Inventory — the First Step Toward Compliance

The discovery process, 15 questions per system, shadow AI

9 min read →

FAQ — 20 Q&A →Atlas Changelog →

Download the EU AI Act Midmarket Checklist

20 requirements with status columns (todo / draft / done). A practical tool, not a sales brochure.

Start your AI inventory today

Atlas handles inventory, risk classification, and documentation in one place.

Try Atlas →Talk to us about EA →