Skip to main content
Observatory ships with 18 EU AI Act requirements pre-mapped to operational controls. The scope of each requirement depends on the risk tier of the app (minimal / limited / high), set in the AI Registry.

Requirement scope by risk tier

If an app’s tier is set incorrectly, the wrong requirements light up. Confirm the tier before reading status.

The 18 mapped requirements

These are grouped roughly along the Act’s structure. Observatory tracks them individually; the grouping is for readability.

Risk management and quality (Articles 9, 17)

Data and data governance (Article 10)

Technical documentation (Articles 11, 12, 13)

Human oversight (Article 14)

Accuracy and robustness (Article 15)

Post-market monitoring (Article 61)

Notifications (Article 62)


Status semantics

Each requirement evaluates to:
  • Met β€” all backing controls have approved, in-date evidence
  • Partial β€” some controls met, others have gaps
  • Gap β€” at least one control has no current evidence
  • Out of scope β€” risk tier doesn’t trigger this requirement
The Article-level roll-up is the worst status of its requirements (any Gap β†’ Gap).

Producing the audit pack

The EU AI Act view supports a one-click export of the audit pack:
  • Per-requirement evidence list with timestamps
  • Backing telemetry summaries
  • Assessment results
  • Gap analysis with remediation plan
Returns a ZIP with PDF and JSON outputs.

Gap analysis & heatmap

Cross-framework view that includes EU AI Act.

NIST AI RMF

Many EU AI Act requirements overlap with NIST controls.
Last modified on June 1, 2026