Getting Ready for the EU AI Act, Phase 1: Discover & Catalog

As enforcement of the EU AI Act rolls out, organizations face increasing accountability for every AI-enabled feature they deploy. This applies not only to in-house AI but also to the growing number of embedded AI capabilities within SaaS applications. The first phase of readiness focuses on discovering and cataloging AI systems with enough detail to support later risk categorization. The goal is not exhaustive inventory from the start, but rather purposeful identification of AI systems that may have meaningful impact on people’s lives, safety, or fundamental rights.

In our opinion, this  Gartner® report outlines a multi-path intake workflow that includes crowdsourced employee submissions, new system intake during application updates, developer intake during solution creation, and targeted intake within business units handling potentially higher-risk activities such as HR, education, insurance, or safety-related processes. Each discovered AI system must be documented with specific attributes, including intended use, possible misuse, data processed, and the system’s business context, to enable accurate future classification under the Act’s low-risk, high-risk, or prohibited categories.

Our Key Takeaways:

• The EU AI Act introduces three risk tiers with fines up to €35 million or 7% of global turnover for the most serious violations.
• Discovery should prioritize AI systems tied to HR, biometrics, education, creditworthiness, insurance, safety monitoring, and other sensitive processing activities.
• Organizations must collect sufficient detail for each AI system, including intended use, personal data categories, possible misuse, and associated vendors, to support later phases of compliance work.

Download the Gartner report today to learn more about how to prepare for the EU AI Act.

Gartner, Getting Ready for the EU AI Act, Phase 1: Discover & Catalog, Nader Henein, Gabriele Rigon, 28 October 2025.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.