EU AI Act Compliance
The EU AI Act requires enterprises to prove accountability end-to-end for automated operations. AGLedger provides the accountability layer that makes compliance faster and easier — exportable proof, not reconstructed summaries.
This mapping is tested — the AGLedger testbed runs a full EU AI Act compliance scenario end-to-end. This isn't a roadmap item.
AGLedger provides the records and infrastructure. Your organization provides the judgment, policies, and decisions.
Article-by-article mapping
| Article | Requires | AGLedger provides | Enterprise owns |
|---|---|---|---|
| Art. 9 | Risk classification | Field to record the classification (high, limited, minimal) and Annex III domain tag per mandate | The classification decision and methodology |
| Art. 12 | Event logging | Append-only audit vault — every state change, attestation, and tolerance check result recorded automatically | Determining which events are in scope |
| Art. 13 | Transparency | Full chain exportable and machine-readable (JSON, CSV, NDJSON) | Deciding what to disclose and to whom |
| Art. 14 | Human oversight | Structured record of the designated overseer — name, role, authority scope, designation date | Designating the overseer and defining their authority |
| Art. 15 | Accuracy and robustness | Tolerance bands enforce numeric bounds on mandate criteria | Defining the tolerance thresholds and acceptance criteria |
| Art. 17 | Quality management | Cross-mandate compliance attestation records, linked to audit chain | The quality management system and policies |
| Art. 18 | Technical documentation | Audit export formatted for regulatory submission and third-party audit | The documentation content and narrative |
| Art. 20 | Corrective actions | Dispute resolution (3-tier), remediation states, revision workflow | Deciding what corrective action to take |
| Art. 26 | Deployer obligations | 4 attestation record types: workplace notification, affected persons, input data quality, FRIA | Performing the attestation — we record it, you do it |
| Art. 27 | Fundamental rights impact assessment | Structured record per mandate with risk level, domain, mitigation measures | Conducting the assessment itself |
| Art. 49 | Registration | EU AI Act domain classification across 8 Annex III categories | The registration filing |
| Art. 72 | Incident reporting | The audit vault contains timestamped, hash-chained records of every agent action, mandate, receipt, and verdict — export a complete incident reconstruction from a single source instead of correlating across multiple systems under a 72-hour deadline | Incident determination, authority notification, and the filing obligation |