Skip to main content

EU AI Act Compliance with Adjudon

The EU AI Act (Regulation 2024/1689) requires organizations deploying AI systems to maintain transparency, human oversight, and technical documentation. Adjudon automates compliance for runtime AI decisions.

Article-by-article coverage

Article 13 — Transparency ✅ Live

Requirement: AI systems must be designed to allow users to interpret output and understand system behavior.

How Adjudon implements this:

Every AI decision is traced with input, output, confidence score, and rationale. The audit log provides a complete, tamper-proof record of every decision ever made — who sent what, when, what the confidence was, and what policy outcome was applied.

The SHA-256 hash chain makes the audit log verifiable: any third party can confirm that the log has not been tampered with.

What to configure:

  • Ensure all AI agent decisions are sent as traces via the SDK
  • Verify the audit log chain regularly via GET /api/v1/audit/verify

Article 14 — Human Oversight ✅ Live

Requirement: AI systems must allow human oversight, including the ability to intervene and override AI decisions.

How Adjudon implements this:

The Policy Engine flags uncertain or risky decisions. Flagged decisions are routed to the Review Queue where human reviewers can approve, reject, or escalate — before or after the decision has been acted upon.

The review record itself is audit-logged, creating a complete chain of accountability: AI decision → flag → human review → outcome.

What to configure:

  • Define policies for high-risk decision types
  • Assign reviewers to your organization's Review Queue
  • Set up webhook notifications so reviewers are alerted in real time

Article 12 — Record-Keeping 🗓 Roadmap Q3 2026

Requirement: High-risk AI systems must automatically log their operations with sufficient detail to enable post-hoc evaluation.

Current state: Adjudon's trace storage and audit log already provide the logging infrastructure. All decisions are stored with full input/output and a tamper-proof audit trail.

Roadmap: Dedicated Art. 12 compliance features including structured log exports in regulator-ready format and automated retention enforcement per your compliance policy.

Article 26 — Deployer Obligations 🗓 Roadmap Q3 2026

Requirement: Deployers of high-risk AI must monitor operation, report serious incidents, and maintain technical documentation.

Current state: Analytics, anomaly detection, and alerting features in the dashboard support monitoring. Policy enforcement provides automatic incident detection.

Roadmap: Deployer compliance packs with structured incident reporting, automated regulator-ready documentation, and self-assessment templates.

Practical compliance checklist

Use this checklist to verify your organization's compliance posture:

  • All AI agent decisions are sent as traces (Art. 13)
  • Policies are defined for high-risk decision types (Art. 14)
  • At least one reviewer is assigned to the Review Queue (Art. 14)
  • Audit log integrity is verified at least monthly (Art. 13)
  • PII scrubbing is active — verified that sensitive data is not stored (GDPR)
  • Data residency confirmed — all data in EU (GDPR)
  • DPA (Data Processing Agreement) signed with Adjudon (GDPR Art. 28)
  • Retention period configured per your compliance requirements

GDPR role

Adjudon is a Data Processor under GDPR Article 28. Your organization is the Data Controller. A Data Processing Agreement (DPA) template is available on request — contact [email protected].

See Data Residency & GDPR for infrastructure details.