August 2026. Article 12 enforcement begins. €15M or 3% of global turnover. Your AI agents are in scope. The record-keeping requirement isn't optional.
Article 12 requires per-action records with identity and decisions. ComplyAI produces that shape for AI agents in your environment on day one.
Article 12 enforcement begins 2 August 2026 for high-risk systems. AI agents acting on production systems routinely qualify as high-risk (Annex III, points 6 and 8). The fine schedule starts at €15M or 3% of global turnover. Not sure if your deployment is in scope? Run the free 10-minute readiness check at /eu-ai-act-readiness — a gap report lands in your inbox within one business day.
EU AI Act controls ↔ ComplyAI capabilities.
| EU AI Act control | Requirement | How ComplyAI satisfies it |
|---|---|---|
Art. 12(1) | Automatic recording of events while system is operating | Append-only JSONL ledger captures every AI agent action — automatically, with no developer-side intervention. |
Art. 12(2)(a) | Period of each use, date/time, output | Each event timestamped; session start/end captured; agent response and reasoning blocks logged. |
Art. 12(2)(b) | Identification of natural persons involved | Every event stamped with user identity and organisation ID from the signed-in account. |
Art. 12(2)(c) | Reference database against which input data was checked | Policy file path + version stamped on every decision. Replay-ready against historical policy versions. |
Art. 12(2)(d) | Input data leading to system output | User prompts logged (with optional redaction). Tool arguments logged. Action payload preserved. |
Art. 12(2)(e) | Identification of natural persons who verified output | Approval workflow records the approving identity; deny/allow decision records the rule and risk score. |
Artifacts your auditor can run with.
- Pre-built policy mapped to Article 12 subsections
- Article 12 mapping document with example ledger entries per subsection
- Audit-export template — JSONL filtered to Article 12-relevant fields
- Risk classification questionnaire (Annex III) — does my deployment qualify?
- Customer-managed encryption keys configuration guide (Article 12(3) retention)
- Bridge document for your existing AI Act conformity assessment
Common questions on EU AI Act.
Are AI agents in production environments in scope for the EU AI Act?
It depends on the use case (Annex III). If your AI agents touch production systems in critical infrastructure, employment, education, law enforcement, justice, or biometric ID — likely yes. We provide a classification questionnaire in the pack.
What about Article 13 (transparency to deployers) and Article 14 (human oversight)?
ComplyAI primarily addresses Article 12 (record-keeping) and Article 14 (human oversight — via approval workflows). Article 13 transparency is upstream of us and depends on the foundation model provider.
Does the retention requirement (six months minimum, or contractually longer) apply?
Yes — Article 12(3). Configure ComplyAI to write to durable storage with your retention policy.
Your agents are already taking actions. Governance shouldn't be an afterthought.
ComplyAI is in early access. We're working directly with security and engineering teams to deploy, configure, and demonstrate value in their environment — in a single session.