Is Your AI PM Tool EU AI Act Compliant? A Framework for Product Managers
Every AI tool in your stack now has to answer this question. Here is the 4-step framework we used to answer it honestly for Specky, and how to run it on your own stack in under an hour.
Why this question is showing up in your inbox now
If you haven't been asked "are we EU AI Act compliant?" yet, you will be soon. Enterprise security questionnaires are adding it as a standard line item, works councils are asking about it before approving new tools, and procurement teams now flag anything with "AI" in the pitch deck for extra review.
The frustrating part: most people asking the question don't actually know what "compliant" means for a tool like an AI copilot, a PM workspace, or an internal chatbot. And most vendors answering it don't either — they just say "yes" and hope nobody asks a follow-up.
We got asked this about Specky recently. Here's the actual framework we used to answer it honestly — not with a blanket "yes," but with a real risk classification we can defend. You can run the same exercise on any AI feature in your own product in under an hour.
Step 1 — Figure out your role
The EU AI Act (Regulation (EU) 2024/1689) puts obligations on different actors depending on their role:
- Provider — you train or place a foundation/general-purpose AI model on the market.
- Deployer — you integrate someone else's AI model into your own product and offer it to users.
- GPAI provider — you specifically provide the underlying general-purpose model (this is Google, OpenAI, Anthropic, etc. — not the app built on top).
Most B2B SaaS products calling an LLM API are deployers, not providers. That single distinction removes a huge chunk of obligations — technical documentation, copyright policy, and training-data summaries for the model sit with the model provider, not with you.
Step 2 — Check Annex III before you panic
The Act's high-risk category (Annex III) is specific: biometric identification, critical infrastructure, education/vocational access, employment decisions (hiring, firing, promotion, task allocation, performance monitoring), access to essential services or credit, law enforcement, migration control, and administration of justice.
Keep reading
Customer Journey Mapping for Product Managers: Stop Guessing, Start Seeing
Most customer journey maps end up as beautiful wall art that nobody opens after the workshop. Here's how to build one that actually drives product decisions.
The PM's Weekly Review: A 30-Minute Ritual That Replaces 5 Meetings
Most PMs are drowning in sync meetings that produce no decisions. Here is the 30-minute weekly review ritual that gives you the situational awareness of five meetings in one focused session.
Make Product Management Fun Again: Reclaiming the Craft from the Chore
You got into product to build things people love — not to chase Slack threads. Here is how to give the 80% you hate to AI and keep the 20% that is the real craft.