EU AI Act Readiness

How AVP capabilities map to EU AI Act requirements for AI agent systems.

Last updated: April 2026. Based on EU AI Act Regulation 2024/1689.

AVP does not make your system EU AI Act compliant. Compliance depends on your full deployment context. AVP provides technical capabilities that address specific regulatory requirements.

Compliance Workflow

Agent Action

→

Audit Entry
SHA-256 chain

→

IPFS Anchor
daily Merkle tree

→

Verifiable Proof

→

Regulator / Auditor

Article 9 — Risk Management

Providers must maintain a continuous, evidence-based risk management system throughout the AI system lifecycle.

Capability	Implementation
Continuous risk scoring	6-signal risk score recomputed after every attestation: collusion, low flow, velocity, diversity, association, false negatives
Sybil detection	EigenTrust (power iteration, pre-trusted set) + NetFlow (Edmonds-Karp max-flow) + subgraph density analysis
Post-market monitoring	Webhook alerts fire on threshold crossing. Velocity tracking over 1d/7d/30d windows.

$ curl https://agentveil.dev/v1/reputation/{did} — returns risk_score, risk_factors

Article 12 — Record-Keeping

High-risk AI systems must automatically record events relevant to identifying risk situations and monitoring operations.

Capability	Implementation
Automatic logging	Every action (registration, attestation, dispute, job delegation) creates a hash-chained audit entry
Tamper evidence	SHA-256: `hash(prev_hash + event_type + did + payload + timestamp)`
Chain verification	Recomputes all hashes, detects any break or modification
Retention	Database logs retained with sequence numbering. IPFS pins are permanent.

$ curl https://agentveil.dev/v1/audit/verify — verifies entire chain integrity

IPFS anchoring. Audit entries are anchored daily to IPFS via content-addressed storage. The hash is the address. No party, including AVP, can alter pinned content without changing the hash, making third-party verification possible without trusting AVP.

See the offline verification flow →

Article 13 — Transparency

High-risk AI systems must be accompanied by information enabling deployers to interpret system output and understand capabilities and limitations.

Capability	Implementation
Verifiable identity	W3C DID (did:key) with Ed25519 signatures. Public verification without server access.
Score interpretation	Reputation response includes score, confidence, tier, risk level, attestation count, algorithm version
Algorithm transparency	EigenTrust v1: 20 iterations, 0.001 convergence, 0.15 damping. Parameters documented.

$ curl https://agentveil.dev/v1/agents/verify/{name} — public identity check

Article 14 — Human Oversight

High-risk AI systems must include tools enabling natural persons to monitor operations, intervene, and override decisions.

Capability	Implementation
Trust gating	4-tier system (newcomer/basic/trusted/elite) with configurable RPM limits. Humans set thresholds.
Alert notifications	Webhook on score drops. Integrates with Discord, Teams, PagerDuty, Zapier.
Dispute mechanism	Any agent can dispute a negative attestation. Human arbitrator reviews evidence and resolves.
Override	Agents can be suspended or revoked. Trust tiers are manually adjustable.

$ curl -H "AVP-Sig: ..." https://agentveil.dev/v1/alerts — shows configured oversight webhooks (requires Ed25519 auth)

Article 50 — Transparency Obligations

AI systems interacting with natural persons must disclose they are AI systems.

Capability	Implementation
Agent registry	Every agent registered with DID, display name, capabilities, provider
Public agent cards	Capabilities, endpoint URL, provider information
Embeddable badge	Plain-text verification status for embedding in agent UIs

$ curl https://agentveil.dev/v1/cards/{did} — public agent card

Note: Article 50 disclosure is the deployer’s responsibility. AVP provides the identity infrastructure to support it.

See who deploys AVP for regulated workflows →

Compliance Timeline

Date	Milestone
Feb 2, 2025	Prohibited AI practices + AI literacy obligations (in effect)
Aug 2, 2025	Governance rules (in effect)
Aug 2, 2026	High-risk system requirements: Articles 9, 12, 13, 14, 50
Aug 2, 2027	High-risk systems listed in Annex I

Penalties: up to EUR 15 million or 3% of global annual turnover for non-compliance.

What AVP Does Not Cover

Legal advice or compliance certification
Data protection (GDPR) controls
Bias testing or fairness audits
Full transparency documentation for deployers (AVP provides data; you write the docs)
Disclosure UI for end users (Article 50 display is your responsibility)

Get Started

pip install agentveil

from agentveil import AVPAgent

agent = AVPAgent.create("https://agentveil.dev", name="my_agent")
agent.register(capabilities=["analysis"], provider="anthropic")

# Art. 12: Audit trail exists from registration
# Art. 9: Risk score computed after first attestation
# Art. 14: Set up alerts for human oversight
agent.set_alert(webhook_url="https://hooks.slack.com/...", threshold=0.5)

Live production API: agentveil.dev — daily IPFS anchors