EU AI Act Readiness

How AVP capabilities map to EU AI Act requirements for AI agent systems.

Last updated: April 2026. Based on EU AI Act Regulation 2024/1689.

AVP does not make your system EU AI Act compliant. Compliance depends on your full deployment context. AVP provides technical readiness mapping only; it does not provide legal advice or compliance certification.

Compliance Workflow

Agent Action

→

Audit Entry
SHA-256 chain

→

IPFS Anchor
latest public CID

→

Verifiable Proof

→

Regulator / Auditor

Article 9 — Risk Management

Providers must maintain a continuous, evidence-based risk management system throughout the AI system lifecycle.

Capability	Implementation
Continuous risk scoring	6-signal risk score recomputed after every attestation: collusion, low flow, velocity, diversity, association, false negatives
Sybil detection	EigenTrust (power iteration, pre-trusted set) + NetFlow (Edmonds-Karp max-flow) + subgraph density analysis
Post-market monitoring	Webhook alerts fire on threshold crossing. Velocity tracking over 1d/7d/30d windows.

$ curl https://agentveil.dev/v1/reputation/{did} — returns risk_score, risk_factors

Article 12 — Record-Keeping

High-risk AI systems must automatically record events relevant to identifying risk situations and monitoring operations.

Capability	Implementation
Automatic logging	LiveControlled actions and protocol events create hash-chained audit entries
Tamper evidence	SHA-256: `hash(prev_hash + event_type + did + payload + timestamp)`
Chain verification	Recomputes all hashes, detects any break or modification
Retention	LiveDatabase logs retained with sequence numbering. Public IPFS anchors are published when anchoring succeeds; audit verification remains available via `/v1/audit/verify`.

$ curl https://agentveil.dev/v1/audit/verify — verifies entire chain integrity

IPFS anchoring. Public IPFS anchors are published by the reputation and audit job when IPFS publishing succeeds. The hash is the address. No party, including AVP, can alter pinned content without changing the hash, making third-party verification possible without trusting AVP.

See the offline verification flow →

Article 13 — Transparency

High-risk AI systems must be accompanied by information enabling deployers to interpret system output and understand capabilities and limitations.

Capability	Implementation
Verifiable identity	W3C DID (did:key) with Ed25519 signatures. Public verification without server access.
Score interpretation	Reputation response includes score, confidence, tier, risk level, attestation count, algorithm version
Algorithm transparency	EigenTrust v1: 20 iterations, 0.001 convergence, 0.15 damping. Parameters documented.

$ curl https://agentveil.dev/v1/agents/verify/{name} — public identity check

Article 14 — Human Oversight

High-risk AI systems must include tools enabling natural persons to monitor operations, intervene, and override decisions.

Capability	Implementation
Trust gating	4-tier system (newcomer/basic/trusted/elite) with configurable RPM limits. Humans set thresholds.
Alert notifications	Webhook on score drops. Integrates with Discord, Teams, PagerDuty, Zapier.
Dispute mechanism	Guided PilotDispute review is part of the guided workflow and planned wider rollout.
Override	Agents can be suspended or revoked. Trust tiers are manually adjustable.

$ curl -H "AVP-Sig: ..." https://agentveil.dev/v1/alerts — shows configured oversight webhooks (requires Ed25519 auth)

Article 50 — Transparency Obligations

AI systems interacting with natural persons must disclose they are AI systems.

Capability	Implementation
Agent registry	Every agent registered with DID, display name, capabilities, provider
Public agent cards	Capabilities, endpoint URL, provider information
Embeddable badge	PlannedEmbeddable verification badge for agent UIs

$ curl https://agentveil.dev/v1/cards/{did} — public agent card

Note: Article 50 disclosure is the deployer’s responsibility. AVP provides the identity infrastructure to support it.

See who deploys AVP for regulated workflows →

Compliance Timeline

Date	Milestone
Feb 2, 2025	Prohibited AI practices + AI literacy obligations (in effect)
Aug 2, 2025	Governance rules (in effect)
Aug 2, 2026	High-risk system requirements: Articles 9, 12, 13, 14, 50
Aug 2, 2027	High-risk systems listed in Annex I

Penalties: up to EUR 15 million or 3% of global annual turnover for non-compliance.

What AVP Does Not Cover

Legal advice or compliance certification
Data protection (GDPR) controls
Bias testing or fairness audits
Full transparency documentation for deployers (AVP provides data; you write the docs)
Disclosure UI for end users (Article 50 display is your responsibility)

Get Started

pip install agentveil

from agentveil import AVPAgent

agent = AVPAgent.create("https://agentveil.dev", name="my_agent")
agent.register(capabilities=["analysis"], provider="anthropic")

# Art. 12: Audit trail exists from registration
# Art. 9: Risk score computed after first attestation
# Art. 14: Set up alerts for human oversight
agent.set_alert(webhook_url="https://hooks.slack.com/...", threshold=0.5)

Live production API: agentveil.dev — latest public IPFS anchor