EU AI Act Compliance

Meet Article 6 requirements for high-risk AI systems. Risk assessment, documentation, transparency, and human oversight built into Arx.

Article 6: High-risk AI systems

EU AI Act defines high-risk systems as those that could significantly harm fundamental rights. Security agents often qualify as high-risk due to their capability to modify infrastructure.

Arx is designed to help agents comply with Article 6 requirements.

Risk assessment

Article 6.1(a) requires a risk assessment before deployment:

  • Intended purpose — declare what the agent can and cannot do
  • Known limitations — identified through simulation testing
  • Potential harms — to individuals or systems
  • Risk mitigation — approval gates, blast radius limits, monitoring

Arx simulation mode and risk scoring provide data to support risk assessments.

Technical documentation

Article 6.1(b) requires comprehensive technical documentation:

  • Design specifications (registry entry, connectors, intended actions)
  • Training data (where agents learned behavior)
  • Performance metrics (success rates, latency, error handling)
  • Risk mitigations applied (policies, approval gates)
  • Monitoring plan (how outcomes are tracked)

Arx provides the runtime monitoring data; you provide training/design specs.

Human oversight

Article 6.2(d) requires meaningful human oversight before high-risk actions:

  • High-risk actions require approval before execution
  • Approvers have full context (action, reasoning, outcome prediction)
  • Audit trail shows approver understood the action
  • Denial reasons documented

Arx approval gates are specifically designed for Article 6.2(d) compliance.

Transparency & record-keeping

Article 6.3 requires transparency and records:

  • Users informed — that an AI system may affect them
  • Records maintained — complete audit trail of operations
  • Records provided to authorities — on request
  • Accuracy ensured — agents can't modify outside declared scope

Arx audit trails provide the record-keeping infrastructure.

Compliance checklist

  • ☑ Risk assessment completed
  • ☑ Technical documentation in place
  • ☑ Human oversight procedures defined
  • ☑ Approval gates configured in Arx
  • ☑ Audit trail enabled and monitored
  • ☑ Incident response procedure documented
  • ☑ Regular monitoring of outcomes