gbrain: sync converted org-mode brain files

ideas/compliance/eu-ai-act.org

@@ -0,0 +1,32 @@
+:PROPERTIES:
+:ID:       auto-eu-ai-act
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: EU AI Act
+#+filetags: :passepartout:compliance:framework:eu:
+
+** EU AI Act
+
+First comprehensive AI regulation globally (effective August 2026). Risk-based
+tiers: unacceptable (banned), high-risk (conformity assessment), limited
+(transparency), minimal (code of conduct). High-risk systems require: risk
+management, data governance, technical documentation, transparency, human
+oversight, accuracy/robustness/cybersecurity. Third-party conformity assessment
+for some high-risk systems (notified bodies).
+
+Who must comply: Providers and deployers of AI systems in the EU. Extraterritorial
+if the AI system output is used in the EU. Scope covers GPAI (general-purpose AI)
+with additional obligations for systemic-risk GPAI.
+
+Penalties: Up to 35M EUR or 7% of global turnover (higher than GDPR).
+
+Why it matters: The EU AI Act's conformity assessment requirement creates an
+instant certification market. Passepartout's gate stack can serve as the
+human oversight and accuracy/robustness infrastructure for any AI system
+deployed through it. The [[file:verification-monopoly.org][verification monopoly]] argument applies at maximum
+force: an ACL2-verified gate stack is the most defensible approach to AI Act
+compliance. First-mover advantage: the regulation takes effect August 2026.
+No certification body or tool vendor has an ACL2-based compliance pipeline.
+First to market captures the standard-setting role.
+
+** DORA (Digital Operational Resilience Act)