Assessment of whether the AI system falls into prohibited categories (social scoring, biometric categorisation, emotion recognition) or high-risk categories requiring strict regulatory compliance.

Evaluation of transparency obligations including technical documentation, user instructions, AI disclosure requirements, and training data summaries for GPAI models.

Assessment of data governance practices, human oversight mechanisms, cybersecurity protections, and risk management systems required for AI systems.