Skip to main content

EU AI Act

Feature row 36 — Sprint COMP-1

The EU AI Act module is included on the Enterprise plan.

Scope

The EU AI Act classifies AI systems by risk tier and imposes obligations on deployers and providers of high-risk systems. Behavry's EU AI Act module maps the technical obligations that a high-risk system's providers and deployers can discharge by running their agents through Behavry.

The module is not legal advice. It provides the evidence layer; your legal / compliance team decides which systems fall under which category.

Source: backend/behavry/compliance/eu_ai_act.py. UI: Compliance → EU AI Act.

Covered obligations

ArticleObligationBehavry answer
Art. 12Record-keeping (logging)Decision Trace, append-only audit log
Art. 13Transparency to usersHuman AI Governance banners, audit log exports on request
Art. 14Human oversightHITL Escalation, Restricted Mode, Global Kill Switch
Art. 15Accuracy, robustness, cybersecurityBehavioral Monitor, ARS continuous testing, security hardening
Art. 17Quality management systemPolicy Writer version history, Change Requests
Art. 19Automatically generated logsAudit log retention + integrity
Art. 20Corrective actionIncident timeline, redaction model, breach preparedness
Art. 26Deployer obligationsTenant-specific policies, per-agent baselines

Record-keeping specifics (Art. 12)

Art. 12 requires that high-risk AI systems keep logs sufficient to:

  • Identify situations that may result in risk (MEDIUM-severity+ events)
  • Facilitate post-market monitoring (trendable, exportable)
  • Monitor the operation of the system (per-action decision traces)

Behavry's audit schema satisfies these explicitly — every tool call, policy decision, DLP hit, and behavioral alert is captured with timestamps, identifiers, and integrity chaining.

Human oversight specifics (Art. 14)

Art. 14 requires effective oversight by natural persons. Behavry provides:

  • HITL Escalation queue — humans can halt, modify, or approve high-risk actions
  • Restricted Mode — operators can put an agent into reduced-capability mode for investigation without full shutdown
  • Global Kill Switch — immediate, fleet-wide halt for emergency response
  • Behavioral Monitor — alerts that draw human attention to anomalous behavior before it becomes an incident

Export

GET /api/v1/compliance/eu-ai-act/export?format=pdf|csv|json