Show me your Article 9 risk-management evidence for the last 90 days.

Filter the audit chain by framework_citations contains 'eu-ai-act:Article-9' for the date range. Export as signed evidence envelope via the GRC adapter, or as raw JSONL with regulus audit verify output for offline use.

How do you enforce purpose limitation at the agent's tool dispatch?

The policy plugin reads the purpose claim on the calling Principal and denies tool calls whose purpose doesn't match the agent's registered purpose. Show the DENY events in the chain with decision = DENY AND clause LIKE 'eu-ai-act:Article-5%' .

What happens when residency fails?

The residency plugin fails closed. Show the FAIL_CLOSED events filtered by decision = RESIDENCY_DENIED ; explain that no PII left the resolved region. The events include the attempted region and the resolved-allowed-set.

How do you evidence model risk for the Annex III classification?

Every model invocation carries model_tier ; tier-3 invocations require dual-control via ADK's ToolConfirmation primitive. The Model Registry (regulus.model-risk.registry) is the single source of truth for tier assignment + validation evidence pointers.

Where's your Article 12 logging?

The Regulus audit chain is the Article 12 log. Retention is 24 months by default (or the strictest active profile's window). Offline verification: regulus audit verify chain.jsonl . Cloud Logging ingest also writes to Cloud Audit Logs for the IAM round-trip.

EU AI Act — what Regulus delivers for ADK agents

Who does it apply to?

Any organisation deploying an AI system on the EU market — including non-EU companies whose AI output reaches EU users.
Providers of general-purpose AI models (GPAI) with systemic risk, regardless of where the model is trained.
Deployers of high-risk AI systems (Annex III) — credit scoring, employment screening, public service eligibility, critical infrastructure, healthcare diagnostics.
Any agent making decisions that fall into Annex III categories, even if the model itself isn't high-risk by classification.

Two-minute explainer

The EU AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 and applies in phases. The phase that matters most for agentic AI builders is the GPAI Code of Practice enforcement date — 2 August 2026 — after which the AI Office can request evidence on demand from any provider or deployer of a GPAI-derived agent in the EU market.

The regulation classifies AI systems into four risk tiers: prohibited, high-risk (Annex III), limited-risk, and minimal-risk. Most agentic LLM workflows building real business value end up in high-risk territory: credit scoring (Annex III, point 5(b)), employment screening (Annex III, 4), public-service eligibility (Annex III, 5(a)), critical infrastructure (Annex III, 2), healthcare diagnostics (Annex III, 5(c)).

For a high-risk system, the operational obligations cluster around:

Article 9 — Risk-management system. A continuous, documented process of identifying, evaluating, and mitigating risks across the lifecycle. Critically, this is a runtime obligation: the regulator will ask what risks materialised during operation, not just what was identified at design time.
Article 10 — Data and data governance. Training data lineage plus runtime data handling. PII handling at runtime is in scope.
Article 12 — Record-keeping. Logs of the AI system’s operation must be automatically generated and retained for a duration appropriate to the system’s purpose (typically interpreted as matching the GDPR retention obligation for personal data, or longer if the AI system’s downstream effects persist).
Article 14 — Human oversight. A natural person must be able to oversee and intervene in the system’s operation. For agents, this maps to HITL on high-impact tool dispatches and the kill switch.
Article 15 — Accuracy, robustness, cybersecurity. Technical characteristics of the system, including cybersecurity measures appropriate to the risk class.
Article 50 — Transparency. Users interacting with AI must be informed that they’re interacting with an AI system, in a clear, distinguishable way.

The Regulus EU AI Act profile encodes the runtime-facing pieces of each Article into specific policy rules, audit event fields, and framework citations. Activating the profile is one line of YAML or one CLI flag; the audit chain populates accordingly.

What the profile doesn’t do is the human side — the risk-management documentation (Annex IV), the conformity assessment, the post-market monitoring plan as a document, the human-oversight training. Those are your governance team’s deliverables. Regulus delivers the operational evidence those documents reference.

What it actually requires of an engineer

Evidence on demand. The AI Office and national supervisory authorities can request technical documentation, risk-management evidence, and audit logs without notice. Your runtime needs to produce these without engineer-quarter turnaround.
Article 9 risk management is a process, not a document. The regulation requires continuous risk identification, evaluation, and mitigation — visible at runtime, evidenced by the agent's audit trail. PDF policies don't satisfy it.
Article 10 data governance binds your dataset and your prompt traffic. Both the training-time data lineage and the runtime data handling (PII redaction, purpose binding, residency) are in scope.
Article 50 transparency is a runtime obligation. AI-generated content surfaced to users must be machine-disclosable. Your audit envelope captures the disclosure event; your front-end emits the disclosure header.
GPAI Code of Practice (2 August 2026) is enforceable. Even if you're not the model provider, your deployer obligations against the GPAI Code start binding from this date.

What Regulus does for you

Regulus control	Delivers
`RegulusPolicyPlugin`	Article 9 risk-management decisions at the BeforeToolCallback seam — every tool call evaluated against the eu-ai-act profile's risk rules, with the matched clause cited verbatim in the audit event.
`RegulusPrivacyPlugin`	Article 10 data-governance evidence — PII redaction before model invocation, with the matched pattern, the redaction policy, and the resolved jurisdiction captured per event.
`RegulusModelRiskPlugin`	Annex III high-risk classification — every model invocation tagged with model tier (Tier 3 ≈ Annex III high-risk), the registered validation evidence pointer, and the framework citation.
`RegulusAuditPlugin`	The hash-chained audit envelope itself — Article 12 logging obligations satisfied with 24-month retention, append-only structure, and offline verifiability via regulus audit verify.
`RegulusGovernanceEvidencePlugin`	Article 50 transparency events routed to the GRC adapter of choice. ServiceNow IRM / OneTrust / MetricStream pickup the framework-citation-attached envelope automatically.
`RegulusDataResidencyPlugin`	Fail-closed residency enforcement on memory + artifact services — keeps personal data inside the resolved EU region without the silent-export failure mode that handrolled stacks tend to have.

Saves you ~18 engineer-weeks

Estimate based on the following honest assumptions:

Greenfield in-house implementation of an Article 9 risk-management surface (4 weeks).
PII redaction patterns + jurisdiction wiring (2 weeks).
Model risk registry + tier-gating SPI (3 weeks).
Hash-chained audit log with offline verify CLI (2 weeks).
ServiceNow IRM / OneTrust integration (3 weeks per adapter).
Article 50 transparency disclosure + audit event (1 week).
Residency fail-closed on memory and artifact services (3 weeks).
Estimates assume a senior engineer familiar with ADK and one regulation consultant available part-time.

What an auditor will ask

The questions you'll see in a real walkthrough — and where to point them.

Show me your Article 9 risk-management evidence for the last 90 days.

Filter the audit chain by framework_citations contains 'eu-ai-act:Article-9' for the date range. Export as signed evidence envelope via the GRC adapter, or as raw JSONL with regulus audit verify output for offline use.
How do you enforce purpose limitation at the agent's tool dispatch?

The policy plugin reads the purpose claim on the calling Principal and denies tool calls whose purpose doesn't match the agent's registered purpose. Show the DENY events in the chain with decision = DENY AND clause LIKE 'eu-ai-act:Article-5%'.
What happens when residency fails?

The residency plugin fails closed. Show the FAIL_CLOSED events filtered by decision = RESIDENCY_DENIED; explain that no PII left the resolved region. The events include the attempted region and the resolved-allowed-set.
How do you evidence model risk for the Annex III classification?

Every model invocation carries model_tier; tier-3 invocations require dual-control via ADK's ToolConfirmation primitive. The Model Registry (regulus.model-risk.registry) is the single source of truth for tier assignment + validation evidence pointers.
Where's your Article 12 logging?

The Regulus audit chain is the Article 12 log. Retention is 24 months by default (or the strictest active profile's window). Offline verification: regulus audit verify chain.jsonl. Cloud Logging ingest also writes to Cloud Audit Logs for the IAM round-trip.

What this doesn't cover

Training-time dataset compliance — Regulus runs against deployed agents, not training pipelines. Your dataset lineage lives in MLOps tooling, not in Regulus.
Conformity assessment by a notified body — Regulus produces the runtime evidence that the conformity assessor reviews; it doesn't substitute for the assessment itself.
Annex IV technical documentation — Regulus emits machine-readable evidence; the human-readable Annex IV TechDoc is your governance-team artefact.
Provider-vs-deployer classification — Regulus assumes you've decided your role under Article 25; it doesn't make the call for you.

Citations

Activate this profile in your agent

regulus init my-agent --profiles=eu-ai-act

Install the CLI All 10 regulations