How ready is your AI
for European rules?

Twelve questions. Three readiness scores — GDPR, EU AI Act and security posture — with your prioritised gaps and the practical next step for each. No signup required.

Three lenses, one picture

GDPR

Where your data flows, who processes it, and whether the paperwork and impact assessments behind your AI use actually exist.

EU AI Act

Your role under the Act, how risky your use cases are, and whether oversight, logging and transparency match what the risk tier demands.

Security posture

Whether the stack your AI runs on is hardened, auditable and access-controlled — the technical floor every legal duty stands on.

[ Before You Start ]

This navigator is an educational self-assessment tool. Your answers are scored by a transparent, rule-based model that maps common readiness signals to GDPR and EU AI Act themes. The results are not legal advice, do not establish compliance or a violation of any law, and are not a certification or audit. For decisions about your specific situation, consult qualified counsel.

About this assessment

Is this assessment legal advice?

No. It is an educational self-assessment: a transparent, rule-based model that maps your answers to common GDPR and EU AI Act readiness themes. It doesn't establish compliance or a violation, and it isn't a certification. For your specific situation, consult qualified counsel.

How is the readiness score calculated?

Each answer carries a weighted score against one or more frameworks — GDPR, EU AI Act and security posture. The percentages are simple weighted sums, and a few declarative rules cap a tier when a high-signal combination appears, such as special-category data on public endpoints with no processor agreement. No AI model scores your answers.

What happens to my answers?

Scoring runs in your browser; your answers stay on your device unless you choose to email yourself the report. If you do, we process the answers once to generate the email and send our team a copy of the lead — as stated on the form.

Does the EU AI Act apply to companies outside the EU?

Often, yes. Like GDPR, the Act reaches organisations outside the EU when their AI systems are placed on the EU market or their output is used in the EU. The provider-versus-deployer role questions in this assessment are the starting point for working out what applies to you.

How does private AI relate to these frameworks?

Many of the recurring gaps — third-party processors, unknown residency, missing audit trails — exist because prompts flow through infrastructure you don't control. Running models inside your own environment removes those failure modes by construction, which is why our recommendations often point that way. It's the honest overlap between what we sell and what the frameworks reward.

Close the gaps on
infrastructure you own

Bring us your readiness report — we'll turn the gap list into an architecture: every leading model, running privately, with the logging, access control and residency story regulators expect.