Free risk assessment · 2 minutes

AI Compliance Risk Assessment

Answer 5 questions about your business. Know your AI compliance risk level — Low, Medium, or High — and which regulations are most relevant to you.

Get my personalized risk score — free

The 5 Key Risk Factors

Answer these questions honestly. Each "Yes" adds to your risk level.

1

Do you use AI to make decisions that affect people's employment, credit, housing, education, or healthcare?

Why it matters: These are "consequential decisions" that trigger the most regulations globally.

High-risk trigger
2

Do you have customers or employees in the EU?

Why it matters: EU AI Act and GDPR Art. 22 apply regardless of where your company is based.

High-risk trigger
3

Do you use chatbots or AI-generated content that users interact with?

Why it matters: EU AI Act Article 52 requires disclosure when interacting with AI. Medium risk.

Medium-risk trigger
4

Does your AI system process biometric data, health data, or location data?

Why it matters: Biometric and health data processing triggers enhanced obligations in most jurisdictions.

High-risk trigger
5

Do you hire employees in NYC, Colorado, or Illinois?

Why it matters: These states have specific AI hiring laws already in force (NYC LL144, CO AI Act, IL AAIA).

Medium-risk trigger

What Your Score Means

Low Risk
0–1 "Yes" answers

You use AI minimally, no consequential decisions, primarily domestic US market without special AI hiring laws. Still needs basic documentation.

Est. compliance work: 2–4 hours

Medium Risk
2–3 "Yes" answers

You have some EU exposure, use chatbots, or hire in regulated US states. Need transparency notices, policy documentation, and monitoring.

Est. compliance work: 8–16 hours

High Risk
4–5 "Yes" answers

You use AI for consequential decisions, have EU exposure, or process sensitive data. Comprehensive compliance program required.

Est. compliance work: 40+ hours

Example Risk Profiles

High

SaaS startup, EU customers, uses ChatGPT for support

EU AI Act applies. ChatGPT in customer support = Limited Risk transparency obligation. EU customers = GDPR Art. 22 if automated decisions.

EU AI ActGDPR Article 22
Medium

US e-commerce, no EU customers, uses AI product recommendations

No immediate EU AI Act risk. Watch Colorado AI Act if you use AI in hiring. California CPRA if you have CA customers.

California CPRAColorado AI Act (if hiring in CO)
High

Healthcare provider, US-only, uses AI for appointment scheduling

AI in healthcare = High-Risk under EU AI Act (if any EU patients). HIPAA + state health AI laws. NYC LL144 if AI used in hiring.

EU AI Act (High-Risk)Illinois AAIA (if hiring in IL)State health AI laws
Low

Marketing agency, global clients, uses AI copywriting tools only

AI copywriting tools are typically Minimal Risk. No automated decisions on individuals. EU AI Act transparency notice needed if chatbot-facing.

EU AI Act transparency (Limited)

Get your exact risk score

The guide above shows general patterns. ComplianceIQ asks 15 questions specific to your business and gives you a precise risk score, applicable regulations, and all required documents — in 30 minutes.

Start my personalized assessment — free

Related Tools

Compliance Cost Calculator

Estimate your compliance budget

Penalty Calculator

Calculate maximum fines

Regulation Finder

Find laws that apply to you

Risk scoring methodology aligned with the NIST AI Risk Management Framework (AI RMF 1.0). Five weighted dimensions: high-stakes AI use (30%), personal data processing (25%), geographic regulatory exposure (20%), existing compliance controls (15%), and business scale (10%).