:PROPERTIES:
:ID:       06fcdb02-2643-4f9d-ab41-e711a99cc390
:ID:       auto-eu-ai-act
:CREATED:  [2026-05-23 Sat]
:END:
#+title: EU AI Act
#+filetags: :passepartout:compliance:framework:eu:

** EU AI Act

First comprehensive AI regulation globally (effective August 2026). Risk-based
tiers: unacceptable (banned), high-risk (conformity assessment), limited
(transparency), minimal (code of conduct). High-risk systems require: risk
management, data governance, technical documentation, transparency, human
oversight, accuracy/robustness/cybersecurity. Third-party conformity assessment
for some high-risk systems (notified bodies).

Who must comply: Providers and deployers of AI systems in the EU. Extraterritorial
if the AI system output is used in the EU. Scope covers GPAI (general-purpose AI)
with additional obligations for systemic-risk GPAI.

Penalties: Up to 35M EUR or 7% of global turnover (higher than [[id:513d5996-4ac7-4567-a992-18fc01599104][GDPR]]).

Why it matters: The EU AI Act's conformity assessment requirement creates an
instant certification market. [[id:28c46769-c14b-42aa-ac7a-69d310157f8f][Passepartout]]'s gate stack can serve as the
human oversight and accuracy/robustness infrastructure for any AI system
deployed through it. The [[id:827bc546-e887-5b7c-9b65-6392beaf0920][verification monopoly]] argument applies at maximum
force: an ACL2-verified gate stack is the most defensible approach to AI Act
compliance. First-mover advantage: the regulation takes effect August 2026.
No certification body or tool vendor has an ACL2-based compliance pipeline.
First to market captures the standard-setting role.

** [[id:717ef2df-2a80-4362-b23a-5e7e12554251][DORA (Digital Operational Resilience Act)]]