Compliance checklist
Learn how to work through the right requirements for each risk class in a structured way.
After the risk assessment, the checklist guides you through the concrete requirements relevant for the specific system. This turns the classification into an actionable work plan.
Information
The checklist does not replace legal advice. It does, however, structure the operational documentation, evidence, and ownership inside your organisation.
Checklist logic
Minimal risk
Focus on inventory capture, purpose description, ownership, and baseline privacy hygiene.
Limited risk
Adds transparency duties, user-facing notices, and traceable descriptions of generated content.
High risk
Adds broader duties such as risk management, data governance, technical documentation, human oversight, and formal evidence.
- 1
Confirm risk class
Make sure the current risk class still matches the system’s actual use context.
- Review assessment result
- Cross-check the use case
- Reassess when things changed
- 2
Work through checklist items
Work through each requirement and mark items as done only when they are actually fulfilled.
- Read the requirement
- Check the evidence
- Document status cleanly
- 3
Attach evidence
Attach supporting documentation where a simple checkbox is not enough.
- Upload PDF/DOCX files
- Add a short description
- Attach documents to the system
- 4
Update system status
Use status values to reflect the actual maturity level of the system.
- Use DRAFT while working
- Use UNDER_REVIEW for review
- Use APPROVED only with solid documentation
Status and evidence
Work through the items step by step, add supporting evidence, and only update the system status once the requirements are demonstrably covered.
Additional documentation
- Technical documentation
- Risk management material
- Human oversight concepts
- Internal policies or approvals
