EU AI Act Evidence Mapping

Obligation: High-risk AI systems must automatically record events (logs) during operation. Records must be comprehensive and retained for regulatory inspection.

Evidence: AKIOS Pro captures every agent session as a structured trace: model used, prompt and completion data, tool calls and results, policy evaluation decisions, and human review actions. Traces are timestamped with nanosecond precision, immutable after capture, and retained per configurable organization policy.

Export: Trace export with session correlation. Evidence pack with control mapping to Art. 12.

Obligation: Deployers must be informed about AI system capabilities, limitations, and risks. Documentation must be clear and accessible.

Evidence: AKIOS Pro generates human-readable evidence packs that document what the AI system did, which data it accessed, how decisions were reached, and which controls were applied. Packs include model identification, data processing descriptions, and risk summary.

Export: Evidence pack in HTML or PDF format with cover page, table of contents, and framework mapping summary.

Obligation: High-risk AI systems must enable effective human oversight. Oversight measures must be built into the system before deployment.

Evidence: Findings track every high-risk action requiring human review: escalation path, reviewer identity, approval or rejection decision, and timestamp. Review SLA violations are captured as findings. Human-in-the-loop events are recorded in the trace with full context.

Export: Oversight report: all review actions with decisions, time-to-review metrics, and SLA compliance summary.

Obligation: High-risk AI systems must perform consistently, be resilient to errors, and be secure against adversarial exploitation.

Evidence: AKIOS Pro monitors for anomalies: cost spikes, behavioral loops, unexpected tool access, policy violations, and PII exposure. These are recorded as findings with severity classification. Security events and policy enforcement actions are captured in the audit trail.

Export: Anomaly and incident report: all security findings with severity distribution, remediation status, and trend analysis.

Obligation: Providers must ensure conformity assessment, technical documentation, and quality management systems.

Evidence: AKIOS Pro evidence packs provide the documentation layer for conformity assessments. Trace records, policy evaluations, and review trails demonstrate that the system was monitored and governed during operation.

Export: Technical documentation package: architecture description, evidence model, control mappings, and deployment configuration.

Obligation: Deployers must use AI systems in accordance with instructions, monitor for risks, and maintain logs.

Evidence: Deployers use AKIOS Pro evidence packs to demonstrate that agent workflows are monitored, governed, and subject to human oversight. Retention controls ensure logs are maintained per regulatory requirements. Purge attestations demonstrate compliance with data minimization obligations.

Export: Deployer compliance report: evidence collection status, retention policy, monitoring coverage, and oversight summary.

Obligation: Deployers of high-risk AI systems must conduct fundamental rights impact assessments.

Evidence: Traces and findings provide the data needed for impact assessments: PII exposure across sessions, policy violation patterns, escalation frequency, demographic coverage, and remediation history. Structured evidence supports thorough and reproducible assessments.

Export: Impact assessment data pack: PII exposure report, policy violation analysis, escalation patterns, and remediation metrics.