Hael
Sign inBook a demo
FRAMEWORK

EU AI Act

The EU's binding law for AI systems. It classifies systems by risk and places hard obligations on providers and deployers of high-risk AI.

Coverage · EU AI Act
Framework coverage
92%
Coverage
23
Obligations mapped
8
Files on record
Live · synced 2 min ago
THE OBLIGATION

High-risk AI carries documentation obligations you must hold before deployment.

The Act sorts AI systems into prohibited, high-risk, limited-risk and minimal-risk tiers. High-risk systems — including much AI used in credit, employment, insurance and essential services — must hold a defined technical file, a risk-management process, and post-market monitoring.

Obligations fall on both the provider that builds the system and the deployer that puts it into use. Each role carries its own evidence requirements, and both must be able to produce them on request.

At a glance
Applies toProviders and deployers of high-risk AI in the EU market
Your likely roleOften both Provider and Deployer
Key deadlineHigh-risk obligations apply from December 2027
Penalty exposureUp to 7% of global annual turnover
ARTEFACTS

The files this framework actually requires.

For a high-risk system the Act names the documents by Annex. Hael generates and versions each one from the system's real configuration.

Files · Evidence pack
Annex IV Technical Filev4Approved
Risk Management File — Art. 9v3Approved
Fundamental Rights Impact Assessmentv2Approved
Model Cardv2Approved
Post-Market Monitoring Plan — Art. 72v1Draft
Statement of Applicabilityv1Draft

GRC tools tell you these are missing. Hael generates them — from each system's real configuration.

THE DIFFERENCE

A checklist tells you what's missing. Hael puts it on record.

For a high-risk system, the obligation is not to list the documents — it is to hold them. Hael produces and maintains them.

Typical GRC tool
Annex IV Technical Fileupload required
Risk Management File — Art. 9upload required
Fundamental Rights Impact Assessmentupload required
Model Cardupload required
Post-Market Monitoring Plan — Art. 72upload required
Statement of Applicabilityupload required

Tracks the gap. You still author every document.

Hael
Annex IV Technical Filev4Generated 2 min agoview
Risk Management File — Art. 9v3Generated · Approvedview
Fundamental Rights Impact Assessmentv2Generated · Approvedview
Model Cardv2Generated · Approvedview
Post-Market Monitoring Plan — Art. 72v1Generated · Draftview
Statement of Applicabilityv1Generated · Draftview

Generated from each system's real configuration, versioned, and kept current as it changes.

COVERAGE

Every obligation, mapped to the control that satisfies it.

Rows are the framework's clauses.

Columns are the controls and files that satisfy them.

Cells update as the underlying configuration changes.

Coverage Map
Obligation → Control
6 obligations · 5 controls
92%
covered
Risk File
Annex IV
FRIA
Model Card
Monitoring
Art. 9 Risk Mgmt
Art. 10 Data Governance
Art. 11 Technical Docs
Art. 14 Human Oversight
Art. 15 Accuracy & Robustness
Art. 72 Post-Market Monitoring
MAPPING

Clause by clause.

Obligation
What it requires
Hael control / file
Status
Art. 9Establish and maintain a risk management systemRisk Management FileApproved
Art. 10Data and data governanceData Governance RecordApproved
Art. 11 / Annex IVTechnical documentationAnnex IV Technical FileApproved
Art. 14Human oversight measuresOversight Control RecordApproved
Art. 15Accuracy, robustness, cybersecurityRobustness Test ReportIn progress
Art. 72Post-market monitoringMonitoring PlanDraft
REUSE

Author once. Satisfy many.

The Annex IV file, risk management process and model card you author for the EU AI Act also evidence overlapping obligations under ISO/IEC 42001 and NIST AI RMF — and feed your buyer-facing Trust Center. Map the obligation once; satisfy it everywhere it recurs.

→ shared evidenceISO/IEC 42001NIST AI RMFGDPR Art. 22DORA
Trust & Security
SOC 2 Type IIISO/IEC 27001EU & US data residencySSO / SCIMEncryption in transit & at restAudit logging

Be ready before the deadline, not after the audit.

High-risk EU AI Act obligations apply from December 2027. Hael puts the files, controls and coverage on record before they are asked for.