EU AI Act Compliance Self-Assessment for Accounting Firms

Evaluate your accounting firm's readiness for EU AI Act compliance before the August 2026 enforcement deadline. This self-assessment covers the key requirements most relevant to professional services firms using AI tools.

About this assessment: The EU AI Act (Regulation 2024/1689) entered into force in August 2024, with phased implementation through 2027. For most business applications, key compliance requirements apply from August 2026. This questionnaire helps you identify areas that may need attention.

Why It Matters for Accounting Firms

Accounting firms increasingly use AI for document processing, client communication, data analysis, and workflow automation. The EU AI Act establishes obligations depending on how AI systems are developed, deployed, and used. Even firms that only use third-party AI tools (rather than building their own) have compliance responsibilities as "deployers" under the Act.

Self-Assessment Questions

1 AI System Inventory

EU AI Act requirement: Organizations must understand which AI systems they use and their purposes. Article 26 requires deployers to take appropriate technical and organizational measures. The first step is knowing what AI you actually have.

We maintain a documented inventory of all AI tools and systems in use, including their purposes and data flows. We have a partial understanding of our AI tools but no formal documentation. We use AI tools but have not inventoried them systematically. We do not know which AI systems are in use across the firm.

2 Risk Classification Awareness

EU AI Act requirement: The Act categorizes AI systems into risk tiers: prohibited, high-risk (Annex III), limited risk (transparency obligations), and minimal risk. High-risk uses in employment decisions, creditworthiness assessment, or access to essential services trigger extensive requirements.

We have assessed each AI system against EU AI Act risk categories and documented the classification. We are aware of the risk categories but have not formally assessed our systems. We have limited awareness of how risk classification applies to our AI use. We are unfamiliar with the EU AI Act risk classification system.

3 Human Oversight

EU AI Act requirement: Article 14 requires that high-risk AI systems be designed to allow effective human oversight. Even for lower-risk systems, having humans review AI outputs before consequential decisions is a best practice that reduces compliance risk.

All AI-assisted decisions with material client impact are reviewed by qualified staff before action. Most AI outputs are reviewed, but some automated processes run without human checks. Human oversight is informal and varies by task or individual. AI systems operate largely autonomously without systematic human review.

4 Data Governance

EU AI Act requirement: Article 10 addresses data quality requirements for high-risk systems. For all AI usage, understanding what data enters AI systems (including client data) and how it is processed is essential for both AI Act and GDPR compliance.

We have clear policies on what data can be used with AI tools, documented data flows, and client consent procedures. We have some data policies but they do not specifically address AI system inputs. Data governance for AI usage is ad hoc and not formally documented. We have not considered data governance specifically for AI tools.

5 Transparency to Clients

EU AI Act requirement: Article 50 requires transparency when AI systems interact with natural persons. Clients should understand when AI is involved in processing their information or communications, unless this is obvious from context.

We proactively inform clients when AI is used in their matters and have documented disclosure practices. We disclose AI use when asked but do not proactively communicate it. AI disclosure is inconsistent across the firm. We have not considered client disclosure of AI usage.

6 Staff AI Literacy

EU AI Act requirement: Article 4 mandates that personnel using AI systems have sufficient AI literacy appropriate to the context. For accounting firms, staff should understand the capabilities and limitations of the AI tools they use.

We provide structured AI training and have documented competency requirements for AI tool users. Some training exists but it is not systematic or mandatory. Staff learn AI tools informally without structured training. We have not addressed AI literacy or training.

7 Vendor Assessment

EU AI Act requirement: When using third-party AI systems, deployers must ensure they receive adequate documentation and cooperate with providers on compliance. Article 26 places specific obligations on deployers regarding instructions of use and monitoring.

We assess AI vendors for EU AI Act compliance, review their documentation, and have contractual provisions addressing responsibilities. We consider vendor compliance informally but without a structured assessment process. We rely on vendors to handle their own compliance without our review. We have not considered vendor compliance with the EU AI Act.

Your Assessment Results

Recommended Next Steps

Official EU AI Act Resources

This self-assessment provides general guidance based on publicly available EU AI Act requirements. It does not constitute legal advice. Consult qualified legal counsel for compliance decisions specific to your firm.

Need Help With EU AI Act Compliance?

If your assessment reveals gaps, Mue can help. Our constraint-driven approach to AI operations is designed with compliance in mind from the start. Every agent operates under explicit rules, with full audit trails and transparency.