Is your product compliant with
EU's new digital regulations?
The EU AI Act and Cyber Resilience Act affect nearly every tech product sold in Europe. Get a free AI-powered assessment in under 10 minutes — no account required.
No sign-up required for free check · Results in minutes · Free
Start free. Go deeper when you need to.
EU AI Act + CRA Check
The fastest way to see whether the two most urgent new EU regulations apply to your product, and what they require. Answer a few questions and get a structured report.
- ✓ EU AI Act risk classification
- ✓ CRA obligations + deadlines
- ✓ Actionable next steps
- ✓ No account required
Full Compliance Workspace
Go beyond the new regulations. Identify every applicable norm across 68+ EU standards and global markets, and manage all your products in persistent AI-powered workspaces.
- ✓ 68+ EU directives & standards
- ✓ UK, US, Asia, Amazon marketplaces
- ✓ Persistent workspaces per product
- ✓ AI chat for follow-up questions
Two laws. Overlapping scope.
Most tech products sit at the intersection of both. Our wizard checks for both simultaneously and maps their overlap for your specific case.
AI system regulation
Classifies AI systems into four risk tiers, from minimal to unacceptable. High-risk AI (hiring, credit, biometrics, safety) requires conformity assessments and technical documentation.
- → Affects developers and deployers of AI sold in the EU
- → High-risk obligations from August 2026
Cyber Resilience Act
Covers any product with digital elements sold in the EU, including software, hardware, IoT, and apps. Mandates security-by-design, vulnerability handling, and SBOM documentation.
- → Affects manufacturers of any product with software sold in the EU
- → Full compliance required by December 2027
See what you get
Built for hardware makers adding software, firmware, and AI to their products. You get a product-specific compliance picture in under 10 minutes, not a one-size-fits-all checklist.
Your product profile, built automatically
Paste a URL, datasheet, or firmware spec. NormScout builds a complete digital twin of your product, covering hardware configuration, embedded software, AI components, and intended use, then asks targeted follow-ups to fill any gaps.
- Works from a URL, datasheet, firmware spec, or plain description
- Adapts questions to your hardware, firmware, and software layers
- No compliance expertise needed to start
Every article, mapped to your product
AI cross-references your digital twin against every applicable article in EU AI Act 2024/1689 and CRA 2024/2847, then gives you a traceable, chapter-by-chapter verdict.
- Overall compliance score with EU AI Act + CRA breakdown
- Chapter-by-chapter readiness with legal requirement quoted verbatim
- Direct EUR-Lex links for every finding
A gap list your team can close
Every compliance gap is triaged by severity, assigned a specific required action, and tracked from open to resolved, so your team always knows what to do next.
- Critical → major → minor severity triage
- A specific action for every control gap
- Track status, assign owners, export to CSV
No sign-up · Results in minutes · Free
Compliance from first line of code
The EU AI Act and CRA are the entry point. NormScout supports compliance at every stage, from development-phase norm discovery and design decisions through to CE marking, global market access, and post-launch monitoring.
Explore the full NormScout platform →68+ EU Standards
From CE marking directives to sector-specific norms (ATEX, RED, Machinery) — identify every applicable standard during development, not after launch.
Global Market Coverage
UK (UKCA), US, Canada, Japan, China, Korea, and more. Select the markets you're targeting and get a unified compliance map.
Persistent Workspaces
Save your analysis, ask follow-up questions, and track compliance across multiple products — all in one dashboard.
AI Follow-up Chat
Ask the AI why a norm applies, what testing labs to use, or how to write a Declaration of Conformity — in plain language.
EU AI Act & Cyber Resilience Act — FAQ
Straight answers to the questions companies ask most about the EU AI Act (2024/1689) and the Cyber Resilience Act (2024/2847).
What is the EU AI Act?
The EU AI Act (Regulation (EU) 2024/1689) is the European Union's comprehensive law regulating artificial intelligence. It classifies AI systems by risk — unacceptable, high, limited and minimal — and imposes obligations accordingly: prohibited practices are banned, and high-risk AI systems must meet strict requirements before being placed on the EU market.
What is the EU Cyber Resilience Act (CRA)?
The Cyber Resilience Act (Regulation (EU) 2024/2847) sets mandatory cybersecurity requirements for products with digital elements — hardware and software that can connect to a device or network. Manufacturers must ensure security by design, provide security updates, maintain a software bill of materials (SBOM) and report actively exploited vulnerabilities.
Does the EU AI Act apply to my product?
The EU AI Act applies if your product incorporates an AI system and is placed on or used in the EU/EEA market, regardless of where your company is based. If your product has no AI component, the AI Act does not apply. NormScout's free assessment determines applicability and your risk tier in minutes.
Does the Cyber Resilience Act apply to my product?
The CRA applies to products with digital elements that can connect directly or indirectly to a device or network and are made available on the EU market. Purely mechanical products with no connectivity, and certain sector-regulated products such as medical devices and motor vehicles, fall outside its scope.
When do the EU AI Act and CRA take effect?
The EU AI Act entered into force on 1 August 2024; bans on prohibited AI applied from 2 February 2025, general-purpose AI obligations from 2 August 2025, and most high-risk obligations from 2 August 2026. The Cyber Resilience Act's main obligations apply from 11 December 2027, with vulnerability-reporting duties from 11 September 2026.
What are the penalties for non-compliance with the EU AI Act or CRA?
Under the EU AI Act, prohibited practices can incur fines of up to €35 million or 7% of global annual turnover, whichever is higher. Under the Cyber Resilience Act, breaches of the essential requirements can reach €15 million or 2.5% of global annual turnover.
How can I check whether my product is compliant with the EU AI Act and CRA?
Run NormScout's free EU AI Act + CRA assessment. It asks a few targeted questions about your product, determines which regulations apply, and returns a per-article compliance breakdown traced to the official EUR-Lex text, with remediation steps for any gaps.
Start where you are.
New to NormScout? The free EU AI Act + CRA check takes under 10 minutes — no account needed. Want the full platform? Request a demo.