Compliance Assessment

Assessment Workflow

Once a system is classified, ActLoom generates a tailored list of compliance requirements based on its risk category. The assessment workflow walks you through each requirement one by one.

What you gain from the assessment

A prioritized compliance baseline

You see which obligations are already covered, which are partially implemented, and which are missing entirely.

Evidence-ready answers

The workflow encourages you to attach proof while you assess, so you do not need to reconstruct evidence later for audits or customers.

A realistic remediation path

Scores, gap analysis, and AI-assisted plans help you decide what to fix first instead of treating every control as equally urgent.

Operational aspect	What to know in ActLoom
Prerequisites	An AI system must already be registered and classified. Better results come when ownership, deployment stage, and legal role are already correct on the system record.
Main inputs	Requirement statuses, evidence notes, uploaded files, links, comments, approvals, and any framework-specific detail fields.
Main outputs	Requirement-level assessment state, compliance score, gap analysis, remediation candidates, and historical score snapshots.
Who typically uses it	Compliance operators, legal reviewers, system owners, and executives who monitor score trends.
Plan access	Assessment and scoring are available across plans. AI remediation and heavier downstream documentation depend on higher tiers.
Relevant routes	/api/compliance/assessments, /api/compliance/gap-analysis, /api/compliance/remediation, /api/compliance/score-history, /api/v1/assessments, /api/v1/remediation/plans

Compliance Assessment Flow

Start Assessment

Select an AI system and begin the guided assessment wizard.

Evaluate Requirements

Answer Met / Partially Met / Not Met for each obligation.

Add Evidence

Attach notes, links, or files as supporting evidence.

Review & Submit

Review summary, score calculated automatically, submit assessment.

High-Risk Requirements (7 Core Obligations)

#	Obligation	AI Act Article	Description
1	Risk Management System	Art. 9	Establish and maintain a risk management system throughout the AI system lifecycle
2	Data Governance	Art. 10	Training, validation, and testing data must meet quality criteria
3	Technical Documentation	Art. 11	Comprehensive technical documentation before market placement
4	Record Keeping	Art. 12	Automatic logging of events during operation
5	Transparency	Art. 13	Provide clear information to deployers about system capabilities and limitations
6	Human Oversight	Art. 14	Design system to allow effective human oversight
7	Accuracy, Robustness, Cybersecurity	Art. 15	Achieve appropriate levels of accuracy, robustness, and security

Assess: Recruitment AI

3 of 7

Requirement #3: Technical Documentation

Art. 11 — Comprehensive technical documentation must be prepared before the AI system is placed on the market.

Does your system have technical documentation?

Met — Full documentation exists

Partially Met — Some documentation exists

Not Met — No documentation

Unknown — Need to investigate

Notes (optional)

We have partial docs in Confluence but need to formalize…

Auto-saved 5 seconds ago

← Previous

Fig 13. Assessment wizard — one requirement per screen with clear descriptions, helper text, and progress indicator.

Auto-save

Your assessment progress is automatically saved every 30 seconds. You can leave and return at any time without losing work.

Best inputs before you start assessing

Have the current system description and deployment context confirmed in AI Systems.
Bring system-specific evidence, not only generic policies.
Know which controls are truly in operation versus planned.
Decide who can approve ambiguous or borderline answers before scoring starts drifting.

Compliance Scoring

ActLoom calculates a compliance score from 0–100% based on your assessment responses. Each requirement is weighted according to its regulatory importance.

Status	Points	Meaning
Met ✅	100%	Requirement fully satisfied with supporting evidence
Partially Met 🟡	50%	Some measures in place but gaps remain
Not Met ❌	0%	Requirement not addressed — action needed
Unknown ❓	0%	Unable to assess — investigation required

Met (3)

43%

Partially Met (2)

29%

Not Met (2)

28%

Fig 14. Score breakdown — donut chart showing compliance distribution with colour-coded segments.

Score colour coding

80–100%—Compliant

50–79%—Partially Compliant

0–49%—Non-Compliant

Gap Analysis

After completing an assessment, ActLoom generates a detailed gap analysis that highlights exactly what is missing and what needs to be done. Each gap includes:

Requirement — Which obligation is not met
Current Status — Not Met or Partially Met with details
Priority — Mandatory vs. Recommended
Effort Estimate — Approximate hours to remediate
Recommended Actions — Specific steps to close the gap

Gap Analysis — Recruitment AI

Priority	Requirement	Article	Status	Effort	Action
🔴	Risk Management System	Art. 9	Not Met	40h	Fix →
🔴	Data Governance	Art. 10	Not Met	32h	Fix →
🟡	Technical Documentation	Art. 11	Partially Met	16h	Fix →
🟡	Human Oversight	Art. 14	Partially Met	8h	Fix →

Fig 15. Gap analysis table — prioritised view of compliance gaps with effort estimates and action buttons.

Before you mark a control as met

Confirm the control exists in practice, not only in a draft policy or future roadmap.
Attach a document, screenshot, or owner note that would still make sense to an auditor six months from now.
Check that the evidence is system-specific when the obligation depends on a particular high-risk use case.
If a control is only partial, say so. Accurate scoring is more useful than an inflated percentage.

Remediation Plans

ActLoom generates AI-powered remediation plans tailored to each compliance gap. Plans include step-by-step implementation guidance, template documents, and timeline suggestions.

Remediation Lifecycle

Identify Gap

Gap detected from assessment or monitoring.

Generate Plan

AI creates actionable remediation steps with templates.

Implement

Team follows checklist, marks steps complete.

Verify

Re-assess requirement, update score automatically.

Not Met

Remediation: Risk Management System

Art. 9 · Est. 40 hours

Progress

2/6

Define risk assessment methodology

Identify and document foreseeable risks

Implement risk mitigation measures

In progress — click for guidance

Establish residual risk acceptance criteria

Create risk monitoring procedures

Schedule periodic risk reviews

Fig 16. Remediation plan — step-by-step checklist with progress tracking and associated document templates.

AI-generated guidance

Remediation plans are generated by ActLoom's AI engine, which references the AI Act text, industry best practices, and your specific system context to provide actionable guidance.

Related Sections

AI Systems

Go back here when scores or obligations look wrong and the underlying system scope may be incomplete.

Governance & AIMS

Use this when gaps need ownership, review rhythm, or formal management follow-through.

Documents

Read this when you are ready to package assessment results into evidence, reports, or external outputs.

Artifacts

Use this for the output-centric view of scores, backlogs, remediation plans, and their export surfaces.

Ready to get started?

Join hundreds of companies using ActLoom to simplify AI Act compliance. Start your free assessment today — no credit card required.

Start Free Assessment View Pricing

Questions? Contact us at support@actloom.com

Operational aspect

What to know in ActLoom

Prerequisites

An AI system must already be registered and classified. Better results come when ownership, deployment stage, and legal role are already correct on the system record.

Main inputs

Requirement statuses, evidence notes, uploaded files, links, comments, approvals, and any framework-specific detail fields.

Main outputs

Requirement-level assessment state, compliance score, gap analysis, remediation candidates, and historical score snapshots.

Who typically uses it

Compliance operators, legal reviewers, system owners, and executives who monitor score trends.

Plan access

Assessment and scoring are available across plans. AI remediation and heavier downstream documentation depend on higher tiers.

Relevant routes

/api/compliance/assessments, /api/compliance/gap-analysis, /api/compliance/remediation, /api/compliance/score-history, /api/v1/assessments, /api/v1/remediation/plans

Obligation

AI Act Article

Description

Risk Management System

Art. 9

Establish and maintain a risk management system throughout the AI system lifecycle

Data Governance

Art. 10

Training, validation, and testing data must meet quality criteria

Technical Documentation

Art. 11

Comprehensive technical documentation before market placement

Record Keeping

Art. 12

Automatic logging of events during operation

Transparency

Art. 13

Provide clear information to deployers about system capabilities and limitations

Human Oversight

Art. 14

Design system to allow effective human oversight

Accuracy, Robustness, Cybersecurity

Art. 15

Achieve appropriate levels of accuracy, robustness, and security

Status

Points

Meaning

Met ✅

100%

Requirement fully satisfied with supporting evidence

Partially Met 🟡

50%

Some measures in place but gaps remain

Not Met ❌

Requirement not addressed — action needed

Unknown ❓

Unable to assess — investigation required

Priority

Requirement

Article

Status

Effort

Action

🔴

Risk Management System

Art. 9

Not Met

40h

Fix →

🔴

Data Governance

Art. 10

Not Met

32h

Fix →

🟡

Technical Documentation

Art. 11

Partially Met

16h

Fix →

🟡

Human Oversight

Art. 14

Partially Met

Fix →

Remediation Plans

ActLoom generates AI-powered remediation plans tailored to each compliance gap. Plans include step-by-step implementation guidance, template documents, and timeline suggestions.

Remediation Lifecycle

Identify Gap

Gap detected from assessment or monitoring.

Generate Plan

AI creates actionable remediation steps with templates.

Implement

Team follows checklist, marks steps complete.

Verify

Re-assess requirement, update score automatically.

Not Met

Remediation: Risk Management System

Art. 9 · Est. 40 hours

Progress

2/6

Define risk assessment methodology

Identify and document foreseeable risks

Implement risk mitigation measures

In progress — click for guidance

Establish residual risk acceptance criteria

Create risk monitoring procedures

Schedule periodic risk reviews

Fig 16. Remediation plan — step-by-step checklist with progress tracking and associated document templates.

AI-generated guidance

Remediation plans are generated by ActLoom's AI engine, which references the AI Act text, industry best practices, and your specific system context to provide actionable guidance.