EU AI Act + ISO 42001
GPAI obligations are now in force; high-risk (Annex III) requirements are staged. Agents maintain your AI system register, technical documentation, and risk-management records — signed at write time, mapped to ISO/IEC 42001, so the evidence stands up when a regulator asks.
What this suite does
Regulation (EU) 2024/1689 · GPAI + high-risk AI · ISO/IEC 42001 — enforced per control, per framework, per evidence artifact. Every verdict is signed at write time and replayable byte-identically for five years.
- AI system register — every model in production inventoried and classified
- Technical documentation auto-built from observed system behavior + design records
- Continuous risk-management records (identify · estimate · evaluate · mitigate)
- ISO/IEC 42001 AI management-system evidence mapped to the same control catalog
Key agents in this suite
A representative slice of the 10 agents in this suite. Each ships with deterministic verdicts, a cryptographic evidence chain, and per-framework control mapping.
AI System Register
Continuously maintained inventory of AI systems in production, classified by risk tier.
GPAI Obligations Tracker
Maps general-purpose-AI documentation and transparency obligations to signed evidence.
Risk Management Agent
Runs the continuous risk-management cycle and records each pass as replayable evidence.
Technical Documentation Generator
Builds and version-pins technical documentation from observed behavior and design records.
ISO 42001 Mapper
Projects the same evidence onto the ISO/IEC 42001 AI management-system controls.
Why the substrate matters
Every agent in this suite shares one foundation: a canonical control catalog that projects the same evidence across frameworks, and an evidence chain that is signed at write time, independently timestamped, tamper-evident, and deterministically replayable. The auditor accepts the same artifact at year five that they accept today.
That is the difference between agent-based compliance that is workflow-grounded and AI compliance tooling that is a black box. Agent-based defensibility platform — workflow-grounded.
Read next
Get this suite
Join the early-access cohort ahead of Full GA on August 23, 2026. The substrate the auditor accepts — not legal advice; your counsel stays in the loop.