The definitive EU AI Act compliance guide for AI providers and deployers. Covers Article 6 high-risk classification, Article 12 logging requirements, Article 14 human oversight, Annex III systems, conformity assessment, and technical documentation. August 2, 2026 deadline compliance with AI Agentree decision tracing platform. Penalties up to €35 million or 7% of global turnover for non-compliance.
The EU AI Act is the world's first comprehensive AI regulation. High-risk AI systems must comply by August 2, 2026 or face fines up to €35 million.
This guide covers classification, logging requirements, human oversight, and how AI Agentree provides built-in Article 12 compliance.
The EU Artificial Intelligence Act (Regulation 2024/1689) is the world's first comprehensive legal framework for AI. It establishes a risk-based approach to regulating AI systems operating in the European Union.
The Act categorizes AI systems into four risk levels:
Banned entirely (social scoring, manipulation, real-time biometric surveillance)
Strict requirements (Annex III systems: healthcare, HR, finance, law enforcement)
Transparency obligations (chatbots, deepfakes, emotion recognition)
No specific requirements (spam filters, games, most consumer AI)
Most enterprise AI applications — including AI-powered recruitment, credit scoring, healthcare diagnostics, and customer service automation — fall under the high-risk category and must comply with Articles 9-15 by August 2, 2026.
EU AI Act enters into force (20 days after Official Journal publication)
Prohibited AI practices ban takes effect (6 months)
GPAI rules, AI literacy, governance bodies established (12 months)
High-risk AI systems (Annex III) must comply — 24 months
Remaining provisions including Annex I high-risk systems (36 months)
Article 6 of the EU AI Act defines two pathways to high-risk classification. If your AI system falls under either pathway, you must comply with the full requirements by August 2, 2026.
AI systems in these use cases are automatically classified as high-risk:
Remote biometric identification and emotion recognition systems
AI in energy, water, gas, heating, and digital infrastructure
AI for student assessment, exam scoring, and learning analytics
CV screening, interview analysis, task allocation, performance evaluation, termination decisions
Credit scoring, loan approval, insurance pricing, emergency services dispatch
Risk assessment, polygraphs, evidence evaluation, profiling
Visa applications, asylum processing, border control
Sentencing assistance, case outcome prediction, legal research
Note: Even if you believe an exemption applies, you must document your reasoning and retain evidence. Regulators may challenge exemption claims.
Articles 9-15 establish mandatory requirements that high-risk AI systems must meet before market placement.
Establish and maintain a risk management system throughout the AI lifecycle
Training, validation, and testing data must be relevant, representative, and free of errors
Comprehensive documentation demonstrating compliance before market placement
Automatic logging of AI system operations for traceability and auditing
AI systems must be sufficiently transparent for users to interpret outputs
Enable human oversight and intervention during AI system operation
AI Agentree's decision tracing platform provides built-in compliance with the EU AI Act's most demanding requirements.
Automatic decision tracing captures every AI decision with context, rationale, and outcomes — exactly what Article 12 requires.
Learn moreBuilt-in review workflows, confidence thresholds, and escalation paths satisfy Article 14 human oversight requirements.
Learn moreSemantic search across decision history, exportable audit trails, and compliance reporting for regulators.
Learn moreExplore detailed guides for each compliance requirement.
Step-by-step requirements for high-risk AI system compliance
Read guideArticle 6 & Annex III classification guide
Read guideAudit trail and decision tracing obligations
Read guideArticle 14 human-in-the-loop obligations
Read guideAssess your AI system's compliance readiness
Read guideFor prohibited AI practices
For high-risk system violations
For incorrect information to authorities
These are the highest AI-specific penalties globally. The regulation applies extraterritorially — any company serving EU customers must comply, regardless of where they're headquartered.
Different industries face specific EU AI Act obligations based on their AI use cases. Many also have existing regulations that intersect with AI Act requirements.
Credit scoring and loan approval AI systems are classified as high-risk under Annex III. Financial institutions must comply with both EU AI Act and existing regulations (MiFID II, Basel III, PSD2).
Financial services AI compliance guide →AI in medical diagnosis, treatment recommendations, and patient triage is high-risk. Healthcare AI must also comply with MDR (Medical Devices Regulation) where applicable.
Healthcare AI compliance guide →CV screening, interview analysis, and performance evaluation AI are explicitly listed as high-risk in Annex III. US companies also face NYC LL144 and EEOC requirements.
HR & recruiting AI compliance guide →The EU AI Act enforcement is phased: Prohibited AI practices (February 2025), GPAI rules and governance (August 2025), High-risk AI systems under Annex III (August 2, 2026), and remaining provisions including Annex I (August 2027). Most companies need to focus on the August 2, 2026 deadline for high-risk systems.
High-risk AI systems are those listed in Annex III of the EU AI Act and AI systems used as safety components of products. This includes AI in recruitment, credit scoring, healthcare, education, law enforcement, and critical infrastructure. These systems must meet strict requirements for transparency, documentation, human oversight, and risk management.
Article 12 requires high-risk AI systems to automatically record logs (decision traces) that enable monitoring, verification of compliance, and post-market surveillance. Logs must capture the AI system's operation including inputs, outputs, and operational parameters. AI Agentree provides built-in compliance with these logging requirements.
Fines can reach up to €35 million or 7% of global annual turnover for prohibited AI practices, €15 million or 3% for high-risk system violations, and €7.5 million or 1.5% for providing incorrect information. These are the highest AI-specific penalties globally.
Yes, the EU AI Act has extraterritorial scope. It applies to any provider placing AI systems on the EU market or whose AI system outputs are used in the EU, regardless of where the company is established. This makes it effectively global for companies serving EU customers.
High-risk AI systems require: technical documentation, quality management system, conformity assessment, EU declaration of conformity, CE marking, registration in EU database, and ongoing monitoring. AI Agentree's decision tracing automatically generates audit-ready documentation.
AI Agentree provides built-in Article 12 logging, human oversight workflows, and audit-ready documentation. Get compliant before August 2026.
What every high-risk AI system must log, and how to capture it.
Designing effective human-in-the-loop controls for AI decisions.
Which AI use cases the Act classifies as high-risk.
A step-by-step checklist to reach and document compliance.
Estimate your EU AI Act compliance effort and cost.
Key enforcement dates, including the August 2, 2026 deadline.
Penalty tiers up to €35M or 7% of global annual turnover.
Disclosure duties for AI systems and their outputs.
Build a risk management system and assess conformity.
Rules for providers of general-purpose AI models.
Extraterritorial scope and what US providers must do.
The latest changes to the EU AI Act timeline and rules.
Estimate your maximum fine under the Article 99 tiers.
What technical documentation the EU AI Act requires.
What deployers of high-risk AI must do, including log retention.
The QMS providers of high-risk AI must document.
Data quality, bias mitigation, and governance duties.
The staff AI-literacy duty in force since February 2025.
Who bears which obligation — and when a deployer becomes a provider.
Who must run a Fundamental Rights Impact Assessment, and how.
Scope, operators, and the extraterritorial reach of the EU AI Act.
Articles 72–73: ongoing monitoring and incident reporting.
How the voluntary standard and the binding law fit together.
A practical crosswalk between the framework and the law.
High-risk medical AI, MDR/IVDR interplay, and clinician oversight.
Credit scoring, insurance pricing, and existing financial regulation.
Hiring AI as high-risk, plus NYC LL144 and EEOC overlap.