Remediation Roadmap — Track & Resolve Compliance Gaps — EU AI Act

Remediation Roadmap — Track & Resolve Compliance Gaps

The Remediation Roadmap is the action-oriented companion to the Gap Assessment. While the assessment identifies where your organisation falls short, the remediation roadmap tells you what to do about it and helps you track progress toward full compliance. This module automatically generates remediation actions from gap assessment results, assigns priorities based on question weights, and provides a filterable, editable tracking interface. This article covers every element of the remediation roadmap: summary statistics, filtering, the action table, inline editing, and the auto-generation logic.

Accessing the Remediation Roadmap

Step 1 — Navigate to the Roadmap

From the sidebar, go to EU AI Act → Remediation. Alternatively, from the Gap Assessment results page, click the View Remediation Plan button. The roadmap opens showing all remediation actions generated from the most recent gap assessment, or you can select a specific assessment from the assessment selector dropdown if multiple assessments exist.

Step 2 — Review Summary Statistics

The top of the roadmap displays four summary statistic cards that give you an at-a-glance view of the remediation workload and progress.

Step 3 — Apply Filters

Use the filter controls to narrow the action list by priority and/or status. This is essential when you want to focus on critical items first or review only completed actions for audit evidence.

Step 4 — Edit Actions Inline

Each action's Status, Owner, and Due Date fields are editable directly in the table. Click the field to modify it, then press Enter or click away to save. Changes are persisted immediately and recorded in the audit log.

Summary Statistics

Statistic Card	Value	Description
Total Actions	Count	The total number of remediation actions generated from the gap assessment. This equals the number of questions that scored below 3 (Defined & Implemented). A high total indicates significant compliance gaps across the organisation. The count includes actions in all statuses (Open, In Progress, Completed, and Deferred). This number does not change as you work through the actions — it represents the total scope of the remediation effort from the original assessment.
Critical	Count	The number of remediation actions with Critical priority. These are generated from questions with weight W3 that scored below 3. Critical actions represent the most urgent compliance gaps — areas where the organisation is at significant risk of enforcement action, penalties, or prohibition of AI systems. These should be addressed first and given the shortest due dates. A non-zero count here should be escalated to senior management immediately.
Open	Count	The number of actions that have not yet been started (status = Open or In Progress). This is your active workload count. As actions are completed or deferred, this number decreases. The goal is to reduce this to zero, indicating that all identified gaps have been addressed. The card shows both Open and In Progress combined as "active" items needing attention.
Completed	Count	The number of actions that have been marked as Completed. This represents your progress toward full remediation. The card also shows the completion percentage (Completed / Total × 100%). A completion rate above 80% is shown in green, 50–79% in amber, and below 50% in red. Each completed action should have evidence documented in its notes or linked to supporting records in the platform.

Filters

The filter bar provides two dropdown filters that can be used independently or in combination:

Filter	Options	Description
Priority	Critical, High, Medium, Low	Filter actions by their assigned priority level. Priority is automatically determined during remediation generation based on the question weight: Critical — Generated from W3 (Critical weight) questions scored below 3. These represent the highest-risk compliance gaps that could result in enforcement action. High — Generated from W2 (Important weight) questions scored below 3. These are significant gaps that leave the organisation vulnerable during audits. Medium — Generated from W1 (Supporting weight) questions scored below 3. These are improvements that enhance overall compliance maturity. Low — Manually assigned priority for actions that have been reassessed and deemed less urgent than their auto-assigned priority. No actions are auto-generated with Low priority. Select one or more priorities to filter. When no filter is selected, all priorities are shown.
Status	Open, In Progress, Completed, Deferred	Filter actions by their current workflow status: Open — The action has been generated but work has not yet started. This is the initial status for all auto-generated actions. In Progress — Work on the action has begun. Set this status when an owner has been assigned and remediation activities are underway. Completed — The action has been fully addressed. Set this status only when the compliance gap has been closed and evidence is available. Completed actions are counted toward the completion percentage. Deferred — The action has been intentionally postponed. Use this status for gaps that are acknowledged but cannot be addressed within the current planning period. Document the reason for deferral in the action notes. Deferred actions are excluded from the "Open" count but remain visible in the roadmap for future planning.

Action Table

The main content of the remediation roadmap is a table listing every remediation action. Each row contains the following columns:

Column	Content	Editable	Description
Action	Text description	No	A description of the remediation action to be taken. This is auto-generated from the gap assessment question text and the identified gap. For example, if a question about risk management documentation scored 1 (Initial/Ad Hoc), the action might read: "Establish and document a formal risk management system for high-risk AI systems per Art. 9, including risk identification, analysis, evaluation, and mitigation procedures." The action text is static once generated and cannot be edited inline (to preserve audit trail integrity), but you can add context via the notes feature.
Article Ref	Article number	No	The EU AI Act article reference associated with this remediation action (e.g., "Art. 9", "Art. 10", "Art. 14"). This links the action directly to the regulatory requirement, making it easy to cross-reference with the regulation text and demonstrate traceability during audits. Clicking the article reference opens a tooltip with the article title and a brief description.
Priority	Badge	No (auto-assigned)	A colour-coded priority badge: Critical (red), High (orange), Medium (amber), Low (green). Priority is determined by the question weight at generation time. The badge provides instant visual prioritisation — scan the table for red and orange badges to find the most urgent items. While priority cannot be changed inline, platform administrators can adjust priorities through the detail view if reassessment is needed.
Status	Dropdown	Yes — Inline	Click the status cell to reveal a dropdown with four options: Open, In Progress, Completed, Deferred. Changing the status immediately persists the update and records the change in the audit log with a timestamp and the user who made the change. Status transitions are not restricted — you can move from any status to any other status. However, best practice is to follow the natural flow: Open → In Progress → Completed. The status dropdown uses colour coding matching the priority badges for quick visual scanning.
Owner	Text input	Yes — Inline	Click the owner cell to type or select the person responsible for completing this remediation action. You can enter a name or email address. The field provides autocomplete suggestions based on users in your organisation's directory. Assigning an owner creates accountability and is essential for effective remediation management. If your organisation uses email notifications, the assigned owner will receive a notification when they are assigned and when the due date approaches.
Due Date	Date picker	Yes — Inline	Click the due date cell to open a date picker. Set a realistic target date for completing the remediation action. Due dates that have passed are highlighted in red to indicate overdue actions. Due dates within 7 days are shown in amber as a warning. It is recommended to set due dates based on priority: Critical actions within 30 days, High within 60 days, Medium within 90 days. These are guidelines — adjust based on your organisation's capacity and the specific nature of the gap.

Auto-Generation Logic: Remediation actions are automatically generated when a gap assessment is submitted. The generation logic is straightforward: for every question in the assessment that received a score below 3 (Defined & Implemented), a remediation action is created. The action's priority is determined by the question's weight:

Weight W3 → Critical priority
Weight W2 → High priority
Weight W1 → Medium priority

Questions scored 3 or 4 do not generate remediation actions, as they indicate that the requirement is already adequately met. If a subsequent assessment generates new remediation actions for the same requirements, the new actions are created as separate records — they do not overwrite or merge with previous actions. This preserves the audit trail and allows you to track remediation progress across multiple assessment cycles.

Tip — Export for Reporting: You can export the remediation roadmap as a CSV or PDF for offline tracking and management reporting. The export includes all columns, current statuses, and any notes. Use the filtered view before exporting to generate focused reports (e.g., "All Critical open actions" or "All completed actions for audit evidence"). The PDF export is formatted for printing and includes the summary statistics at the top.

Warning — Deferred Actions: Deferring a remediation action does not eliminate the underlying compliance gap. Deferred actions represent accepted risk and should be formally acknowledged by management. Document the reason for deferral and the planned timeline for future remediation in the action notes. Supervisory authorities and auditors will scrutinise deferred items closely, so ensure the rationale is sound and well-documented. Consider setting a review date for deferred actions to revisit them in the next assessment cycle.

Linking to Other Modules

Many remediation actions correspond to records that should be created in other EU AI Act sub-modules. For example:

A remediation action for Art. 10 data governance gaps → Create dataset records in the Datasets module with proper bias assessments
A remediation action for Art. 11 technical documentation gaps → Create technical documents in the Technical Documentation module
A remediation action for Art. 14 human oversight gaps → Define oversight measures in the Human Oversight module
A remediation action for Art. 72 monitoring gaps → Create monitoring plans in the Post-Market Monitoring module

As you create these records in the respective modules, update the corresponding remediation action status to "Completed" and note the linked record for traceability.

Audit Trail

Every change to a remediation action — status change, owner assignment, due date modification — is recorded in the platform's audit log. The audit trail captures the timestamp, the user who made the change, the field that was modified, and the previous and new values. This comprehensive logging ensures full traceability for regulatory audits and internal governance reviews.