ISMS Copilot
Supported frameworks

Use ISMS Copilot for EU AI Act compliance

ISMS Copilot helps you assess AI systems against EU AI Act requirements, draft governance documentation, and prepare for audits. The platform's knowledge base covers obligations across prohibited practices, high-risk AI systems, transparency rules, and general-purpose AI requirements.

Before you begin: The EU AI Act is supported across all ISMS Copilot plans. Use a dedicated workspace to organize your EU AI Act compliance work separately from other projects.

Supported EU AI Act scope

ISMS Copilot's proprietary knowledge base includes guidance on:

  • Prohibited AI practices — Identify and avoid banned AI applications

  • High-risk AI system requirements — Assess risk classification, conformity obligations, and technical documentation

  • Transparency obligations — Draft disclosure requirements for AI interactions and generated content

  • General-purpose AI (GPAI) rules — Understand provider responsibilities and systemic risk assessments

  • Governance and quality management — Build AI risk management frameworks and accountability structures

The platform can analyze your existing AI documentation (policies, impact assessments, technical specs) to identify compliance gaps.

Example prompts for EU AI Act work

Use specific references to EU AI Act requirements when prompting. Here are proven examples:

Risk classification and assessment

Assess our [describe AI system] against EU AI Act risk classification criteria. Are we considered high-risk?
What conformity assessment procedure applies to our high-risk AI system under the EU AI Act?

Documentation and governance

Create an AI governance framework compliant with EU AI Act transparency and documentation requirements for [organization type].
Draft technical documentation for a high-risk AI system under EU AI Act Article 11, covering [system description].

Transparency and disclosures

What are the transparency requirements for general-purpose AI under the EU AI Act?
Generate user disclosure text for AI-generated content that meets EU AI Act transparency obligations.

Gap analysis

Review this [upload AI impact assessment] against EU AI Act requirements for high-risk AI systems. List compliance gaps and remediation actions.

Include context about your AI system (use case, risk level, deployment model) in your prompts for more tailored outputs. Reference specific EU AI Act articles or annexes when you need precise guidance.

Organize EU AI Act work in workspaces

Create a dedicated workspace for EU AI Act compliance to keep conversations, documents, and outputs separate from other frameworks.

To create a workspace:

  1. Navigate to Workspaces in the sidebar

  2. Click "Add" or "+" to open the workspace dialog

  3. Name it descriptively, such as "EU AI Act - [AI System Name]" or "[Client] - EU AI Act Compliance"

  4. Click "Start a conversation"

Within your EU AI Act workspace, you can upload AI system documentation, policies, or risk assessments for gap analysis. ISMS Copilot supports PDF, DOCX, XLS, and other common formats (up to 5MB per file).

For multi-client consultants: Create separate workspaces for each client's EU AI Act project to avoid mixing outputs and maintain confidentiality.

Learn more about workspace organization in How to manage multi-client compliance projects using workspaces.

Conduct gap analysis for EU AI Act

Upload your existing AI documentation to analyze compliance gaps:

  1. In your EU AI Act workspace, click the paperclip icon or drag files into the chat

  2. Upload relevant documents: AI impact assessments, risk management procedures, technical documentation, governance policies

  3. Prompt the AI to review against EU AI Act requirements, for example: Review this AI impact assessment against EU AI Act high-risk system requirements. Identify missing elements and prioritize remediation steps.

ISMS Copilot will extract content from your uploads and analyze them against EU AI Act obligations. Outputs typically include compliance coverage matrices, gap lists, and prioritized remediation roadmaps.

Free plan users have 10 document uploads per month. Plus plan ($24/mo) increases this quota. Check your current usage in account settings.

Best practices

  • Be specific about your AI system — Include use case, data types, automation level, and deployment context in prompts

  • Reference EU AI Act articles and annexes — Cite specific provisions (e.g., "Article 6 classification rules" or "Annex III high-risk systems") for precise answers

  • Verify outputs against official texts — ISMS Copilot accelerates drafting, but cross-check critical compliance claims with the official EU AI Act regulation

  • Use Mistral for EU regulatory work — Mistral models are trained on European regulations and offer strong EU AI Act coverage; see Using Mistral for Compliance Work

  • Supported Compliance Frameworks — Overview of all frameworks in the knowledge base

  • EU Cyber Resilience Act (CRA) — Related EU regulation for product manufacturers

  • How to conduct ISO 27001 gap analysis using ISMS Copilot — Gap analysis workflow example for another framework

Was this helpful?