EU AI Act

AI that is governed by architecture, not by paperwork

The EU AI Act sets risk-based obligations for AI systems across the Union. Scrydon gives you the runtime guardrails, audit trails and evidence packs to demonstrate them — so conformity is something you can show, not just assert.

Book a DemoCommon Questions
What it is

EU AI Act (AI Act)

The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) is the world's first comprehensive horizontal law for AI. It takes a risk-based approach: unacceptable-risk practices are prohibited, high-risk systems face strict requirements for risk management, data governance, technical documentation, logging, human oversight, transparency, accuracy and cybersecurity, and certain AI systems carry transparency duties. It also introduces obligations for providers of general-purpose AI models. Obligations phase in over several years, with significant penalties for non-compliance.

At a glance
Jurisdiction
European Union
Applies to
Providers, deployers, importers and distributors placing AI systems on the EU market or whose AI output is used in the EU.
Talk to us
How we help

How Scrydon helps you comply

Controls are built into the runtime, so compliance is something you can demonstrate with evidence drawn from the platform itself — not assembled after the fact.

Guardrails and data-loss prevention

The DLP guardrails engine scans model inputs and outputs for personal data and hallucination, with regex and JSON gates that can block, redact or quarantine. This supports the AI Act's accuracy, robustness and risk-management expectations and gives you enforceable controls around model behaviour rather than after-the-fact review.

Audit log and technical traceability

Every actor, IP, decision and agent action is captured in an immutable, queryable audit log with redaction and retention controls. This directly supports the Act's logging and record-keeping requirements for high-risk systems and provides the traceability needed for technical documentation and post-market monitoring.

Policy-as-code and human oversight

A single policy-as-code decision point (Rego) authorises actions consistently across the application and data planes, with fail-closed defaults. You can encode human-in-the-loop checkpoints, approval gates and prohibited-use rules so that oversight is enforced by the runtime, not left to operator discipline.

Sovereignty and the AI supply chain

External AI vendors are opt-in, document clearance and classification govern what data reaches a model, and you choose where models run. This gives you control over the AI supply chain and data governance that the Act expects of high-risk deployers and providers.

Framework evidence packs

Scrydon produces framework evidence packs that map platform controls to AI Act articles alongside ISO 42001, ISO 27001 and other frameworks. These accelerate the technical documentation, conformity assessment and supervisory engagement you remain responsible for completing.

Key requirements

What AI Act asks of you

  • Classify each AI system by risk tier (prohibited, high-risk, limited or minimal risk).
  • Operate a continuous risk-management system across the AI lifecycle.
  • Apply data and data-governance practices to training, validation and testing data.
  • Maintain technical documentation and automatic event logging for high-risk systems.
  • Ensure effective human oversight and appropriate accuracy, robustness and cybersecurity.
  • Meet transparency duties, including informing people when they interact with AI.
  • Complete the relevant conformity assessment and register high-risk systems as required.
FAQ

Frequently asked questions

How does Scrydon help with EU AI Act compliance?+
Scrydon embeds the controls the EU AI Act expects directly into the runtime: DLP guardrails on model inputs and outputs, an immutable audit log for logging and traceability, policy-as-code for human oversight and prohibited-use enforcement, and document clearance for data governance. On top of this, framework evidence packs map these controls to specific AI Act obligations. This means you can demonstrate compliance with evidence drawn from the system itself. Scrydon supports and aligns with the Act and produces the evidence; completing the formal conformity assessment for your AI system remains your responsibility.
Is Scrydon certified under the EU AI Act?+
No — and no vendor can be. The EU AI Act regulates AI systems and their providers and deployers, not the underlying platform. Conformity is assessed against your specific AI system and its intended purpose. Scrydon provides controls and evidence that align with the Act and make your conformity work substantially easier, but the certification or declaration of conformity applies to your deployment and is your responsibility.
Does the platform support high-risk AI system obligations?+
Yes. For high-risk systems the Act requires risk management, data governance, automatic logging, human oversight, transparency, accuracy and cybersecurity. Scrydon maps to each of these with guardrails, an immutable audit log, policy-as-code oversight gates, document classification and a fail-closed, mTLS-secured architecture. The evidence packs then tie those capabilities back to the relevant articles for your documentation.
What about general-purpose AI models and external vendors?+
External AI vendors are opt-in, so no model receives your data unless you explicitly allow it, and document clearance controls exactly what is shared. This gives you the supply-chain transparency and data-governance posture the Act expects, whether you run open-weight models in your own environment or selectively use an external general-purpose model.
When do EU AI Act obligations apply?+
The Act entered into force in 2024 and its obligations phase in over time: prohibitions and AI-literacy duties first, then general-purpose AI model obligations, with most high-risk requirements applying later. Because Scrydon builds the controls into the runtime now, you can stand up the governance and evidence early rather than retrofitting it as deadlines arrive.

Related

AI GovernanceAgentic AIAll compliance frameworks
Back to all compliance frameworks