The AI risk and readiness checklist.

The checklist walks through the eight questions you need a clear answer to before an AI feature is fit for production. For simple AI features, it may confirm that only light controls are needed. For regulated or high-impact systems, it shows where deeper work is required:

1. Risk classification. Is the feature a prohibited practice, a high-risk system under Annex III, a limited-risk system with transparency duties, or out of scope? With the questions you need to answer to decide.
2. Transparency & user disclosure. Who is told that AI is involved, how, and at what point in the user journey.
3. Human oversight. Where the human is in the loop, what they can see, and what they can override, Article 14 in plain English.
4. Logging & traceability. What inputs, outputs, model version, and decision context you record, the practical baseline for Article 12.
5. Data governance. Training and inference data: provenance, lawful basis under UK GDPR, minimisation, retention, and bias review.
6. Accuracy & robustness. How you measure model quality, drift, and failure modes, and how you report it to non-technical stakeholders.
7. Documentation & model cards. The minimum technical documentation any auditor or enterprise buyer will ask for.
8. Post-market monitoring. What you watch after launch, what triggers a serious incident report, and where it goes.

Each step has a one-line acceptance criterion and space to record evidence. The full checklist fits on a few pages, the goal is to be used, not bookmarked.

• Product leads deciding whether a feature is ready to ship into a regulated market.
• Engineering leads needing a concrete list of what to log, document, and monitor.
• Compliance and DPO leads who need to show their board, an enterprise buyer, or an auditor that AI features have been properly assessed.
• Founders and CTOs in financial services, healthcare, recruitment, insurance, or legal who want a quick gut-check before committing to a build.

It is not a substitute for legal advice or a formal conformity assessment. It is the practical conversation starter that makes those engagements much shorter.

1. Download. One click below. No email, no form.

2. Print or open in any PDF reader. The document is fillable, type directly into it or print and write by hand.

3. Run it on one specific feature. The checklist is sharper when applied to a concrete AI capability rather than a whole product or roadmap.

4. Share the answered version internally. Use it as the base document for a risk and readiness conversation with engineering, product, and legal in the same room.

5. Bring it to us if you'd like a second pair of eyes. Optional, and free for a 30-minute review.

Zyvra Studio Ltd is a security-first software studio based in Birmingham, UK, working with clients worldwide. We build production-grade software, shipped fast with AI as the build accelerator. Some of the products we build include AI capability; some do not.

If you're scoping an AI feature and want a sharper view than the checklist alone gives you, the fastest way in is a free scoping call for a Build & Ship engagement: one fixed price that decides whether the build is feasible in your environment and then ships it. When AI is part of the proposed build, scoping folds in Article 12 logging and inference cost modelling alongside the universal dimensions.

Email hello@zyvra.studio or use the contact form on the homepage. We'll acknowledge within one business day.