EU AI Act compliance — defensible evidence for GPAI and high-risk systems.
The EU AI Act's GPAI obligations carry enforcement from August 2, 2026 (up to €15M or 3% of global turnover); high-risk Annex III obligations follow (likely December 2, 2027). acipta is the agent-based defensibility platform — workflow-grounded — that produces signed, replayable evidence mapped to the specific articles you must satisfy.
EU AI Act alongside SOC 2, HIPAA, GDPR, CCPA & WCAG 2.1 AA — one evidence chain.
Deterministic Precision. Experiential Intuition. Autonomous Agents.
GPAI is enforcing. Annex III is coming.
Two clocks, decomposed. Treating them as one is how programs miss the near one.
GPAI obligations enforce
Articles 51–56. Penalties up to €15M or 3% of global turnover. Not delayed.
High-risk (Annex III)
Risk management, Article 12 logging, FRIA, technical documentation. Timeline likely shifts here — not for GPAI.
Evidence architecture
The defensible-evidence decision is made before the deadline, not during the audit. Commit the chain early.
The Act asks for specific artifacts — produce them as evidence.
Compliance here is documentary and ongoing. acipta produces each artifact as signed, replayable evidence rather than a one-time PDF.
Technical documentation
GPAI model documentation and training-data summaries, maintained and version-pinned — not a stale binder.
Article 12 logging
Automatic, tamper-evident records of high-risk system operation — signed at write time and replayable.
FRIA + risk records
Fundamental Rights Impact Assessments and risk-management records mapped per-article, reusable across frameworks.
Know which obligations attach to you.
The Act assigns duties by role and risk tier. acipta maps evidence to whichever applies — and to the other 20 frameworks you carry.
Model providers
Transparency, documentation, copyright policy, AI Office information-sharing. Live now.
Annex III deployers/providers
Risk management, logging, FRIA, conformity documentation. The heavier tier.
One chain
acipta produces per-article evidence for either, on the same signed, replayable substrate as your SOC 2 / HIPAA / GDPR program.
EU AI Act compliance — questions
Is the EU AI Act GPAI deadline delayed?
No. General-purpose AI (GPAI) model obligations under Articles 51–56 took effect August 2, 2025, with enforcement powers and penalties applying from August 2, 2026 (up to €15M or 3% of global turnover). The high-risk Annex III timeline is the part likely to shift (toward December 2, 2027); GPAI is not.
What does the EU AI Act actually require me to produce?
For GPAI: technical documentation, training-data summaries, a copyright policy, and information sharing with the AI Office. For high-risk (Annex III): a risk management system, logging (Article 12), a Fundamental Rights Impact Assessment (FRIA), and audit-ready technical documentation.
Does this apply to us if we only use AI, not build models?
Likely yes for high-risk use, and increasingly for deployers. The obligations attach to the role you play (provider, deployer, importer) and the risk tier of the system — acipta maps evidence to whichever articles apply to you.
How does acipta help specifically?
acipta produces signed, replayable evidence mapped to the specific EU AI Act articles — Article 12 logging, FRIA records, technical documentation — alongside your other frameworks, on one evidence chain. Defensible if the AI Office asks years later.
Defensible before August 2.
acipta is the agent-based defensibility platform — workflow-grounded. Per-article EU AI Act evidence on one chain with 20+ frameworks. Public Early Access June 28, 2026; Full GA August 23, 2026.