Know Exactly Where You Stand on Article 4 Compliance
A full seven-pillar assessment with risk-calibrated scoring, sector benchmarks, and a prioritised action plan. Not a checklist — a conversation with Alma that adapts to your sector, your risk profile, and the evidence you can actually produce.
One-time · Includes 12 months dashboard access
Your Report Includes
Fit & Requirements
- Compliance officers preparing for Article 4 enforcement
- Department heads who need to understand their AI risk exposure
- SMEs (10-500 employees) deploying AI tools across teams
- Organisations that want data, not just opinion
- You need board-level presentation materials (→ Executive Report)
- You want a 90-day implementation roadmap with effort estimates
- You require multi-stakeholder assessment across departments (→ Team tier)
- You need consultation support to act on findings
None. The assessment adapts to your starting point. You will need 20-30 minutes of uninterrupted time and ideally access to any existing AI policies or training documentation.
Inside the Seven Pillars
Each pillar maps directly to what Article 4 requires. Here is exactly what we assess — and why it matters.
1Deployment Competence
Deployment Competence
What we assess
Whether your people understand what AI is, what it can do, what it cannot do, and what risks it carries. This is the foundation of Article 4 — you cannot be competent with tools you do not understand.
Sample questions
- “How would your team explain the difference between AI-generated and AI-assisted output?”
- “What training have staff received on AI limitations and hallucination risks?”
Evidence we look for
Awareness programme documentation, training attendance records, internal communications about AI use, onboarding materials mentioning AI
2Policy & Data Protection
Policy & Data Protection
What we assess
Whether clear, enforceable policies exist for AI use, data handling, and privacy. This pillar covers the governance framework that Article 4 sits within — including GDPR alignment.
Sample questions
- “Does your organisation have a written AI acceptable use policy?”
- “How are personal data processed through AI systems classified under GDPR?”
Evidence we look for
AI acceptable use policy, data protection impact assessments (DPIAs) for AI systems, data processing records, privacy notices updated for AI
3Training & Development
Training & Development
What we assess
Whether AI training is structured, role-appropriate, and ongoing. Article 4 requires ‘sufficient’ competence — training is how you build and evidence it.
Sample questions
- “What AI training has been delivered in the last 12 months?”
- “Is training differentiated by role and AI exposure level?”
Evidence we look for
Training programme documentation, completion records, role-based training matrices, CPD logs mentioning AI, vendor training certifications
4Tools & Technology
Tools & Technology
What we assess
Which AI tools are in use, whether they are deployed responsibly, and whether appropriate oversight exists. Shadow AI — tools adopted without organisational awareness — is the single biggest risk most organisations face.
Sample questions
- “Can you list all AI tools currently in use across your organisation?”
- “What approval process exists for adopting new AI tools?”
Evidence we look for
AI tool inventory/register, procurement policies mentioning AI, tool configuration documentation, vendor risk assessments, usage monitoring data
5Evidence Collection
Evidence Collection
What we assess
Whether you can prove compliance if asked. Regulators will not take your word for it. Evidence covers documentation, audit trails, and the ability to demonstrate competence.
Sample questions
- “If a regulator asked you to demonstrate AI literacy compliance today, what would you show them?”
- “Are training completions and policy acknowledgements recorded centrally?”
Evidence we look for
Centralised compliance records, audit trail documentation, evidence collection procedures, inspector-ready reporting capability
6Governance
Governance
What we assess
Who is responsible for AI within the organisation. Governance covers roles, accountability structures, escalation paths, and decision-making processes for AI deployment.
Sample questions
- “Who is accountable for AI compliance in your organisation?”
- “Is there a cross-functional body that reviews AI deployment decisions?”
Evidence we look for
AI governance charter, RACI matrix for AI decisions, AI committee meeting minutes, incident response procedures, escalation documentation
How the Assessment Works
This is not a form. It is a conversation.
We Learn About You First
Alma asks about your organisation — sector, size, jurisdiction, AI tools in use. From this, we build your risk profile across 8 dimensions: jurisdiction, workforce dynamics, exposure density, population vulnerability, change capacity, union dynamics, public scrutiny, and deployment scale. This determines your risk tier (Low / Medium / High) and calibrates every threshold that follows.
Why it matters: A 50-person startup and a 5,000-person pharma company face different Article 4 standards. The assessment adapts.
A Conversation, Not a Checklist
Alma walks you through each of the seven pillars in a natural conversation. When you claim compliance (‘We have an AI policy’), Alma asks for evidence. Upload a PDF, paste a URL, or describe what you have. The conversation branches based on what you can prove — not just what you say.
Evidence-gated branching: if you claim Level 2+ maturity, Alma asks you to prove it before scoring you there.
Upload Documents for Instant Analysis
Drop in your AI policy, training records, or governance minutes. Alma reads them in real time and identifies what they cover, what they miss, and how they map to Article 4 requirements. Supports PDF, DOCX, and URLs.
Supported: AI policies, DPIAs, training records, governance minutes, SOPs, vendor assessments
Your Report, Immediately
No waiting. The moment you finish, your report is generated: composite score, per-pillar breakdown, compliance floor position, benchmark ranking, archetype profile, and gap analysis. Download the PDF or access your digital dashboard.
See Where You Stand Against Your Peers
Every Standard Report includes sector benchmark positioning. Your scores are compared against organisations in your industry, size category, and risk tier.
Based on 150+ assessments completed across 9 sectors. Updated quarterly.
Join the Charter Cohort — Free Executive Report
Large consultancies charge €50–150K for AI readiness assessments. Charter Members receive the full Executive Report — department-level assessment, vendor verification, board-ready reporting — plus benchmark positioning against peers across Europe. Charter status is permanent.
By application. Organisations with 50+ employees actively using AI. Decision-maker role required.
Need to Present This to Your Board?
The Executive Report includes a board-ready narrative, 90-day implementation roadmap, and priority remediation plan with effort estimates. Everything your leadership needs to act.
Standard Report Questions
What is the difference between the free Quick Scan and the Standard Report?
The Quick Scan covers all seven pillars at indicative depth in 10-15 minutes — useful for a first impression of your compliance position. The Standard Report goes substantially deeper: risk-calibrated scoring adjusted to your sector and scale, evidence verification through document upload and analysis, sector benchmark comparisons, archetype profiling, and a downloadable PDF report with digital dashboard access. It is the difference between a temperature check and a full diagnostic.
How is my risk profile calculated?
We assess 8 risk dimensions: jurisdiction, workforce dynamics, exposure density, population vulnerability, organisational change capacity, union/works council dynamics, public scrutiny level, and deployment scale. Each dimension is weighted and produces a composite risk tier (Low, Medium, or High). This tier calibrates every scoring threshold — a High-risk organisation needs stronger evidence at every level.
Can I upload confidential documents safely?
Yes. Documents are processed in an isolated environment, used solely for your assessment, and deleted within 30 days unless you explicitly request retention. We never train models on your documents. Processing is covered under GDPR Article 6(1)(b) — contractual necessity.
What are archetype profiles?
Based on your pillar score pattern, we assign one of several archetype profiles that describe your organisation’s compliance personality — for example, ‘Fast Car, No Brakes’ (strong tools adoption but weak governance), ‘Paper Tiger’ (strong policies but no evidence of implementation), or ‘Quiet Achiever’ (solid foundations but poor documentation). The archetype helps you understand not just your score, but the shape of your compliance posture.
Can I upgrade to the Executive Report later?
Yes. If you complete a Standard assessment and later want the Executive Report, you pay only the difference (€500). Your assessment data carries forward — you do not need to retake the assessment.
What happens after I receive my report?
You get immediate access to a digital dashboard where you can explore your results, drill into pillar details, and track changes over time. The PDF is yours to share internally. If you want help acting on the findings, you can book a consultation or explore our training courses — but there is no obligation.
How does the assessment compare to a Team or Enterprise engagement?
The Standard Report assesses one person’s perspective on the organisation. Team and Enterprise tiers involve multiple stakeholders — each contributor has their own conversation with Alma, and results are aggregated with role-aware weighting. If you need multi-department or multi-country assessment, see our Team & Enterprise page.
Ready to Find Out Where You Stand?
20-30 minutes · €490 · Results delivered instantly
Start the assessment now. Save progress and return anytime.