EU AI Act
EU AI Act evidence, produced by the runtime.
High-risk obligations apply from 2 August 2026. Nyx turns the technical requirements , logging, traceability, human oversight, data governance, into enforcement that documents itself.
| Article | Requirement | Nyx capability |
|---|---|---|
| Art. 9 | Risk management | Continuous runtime risk events feed the risk register |
| Art. 10 | Data governance | On-device semantic detection + k-anonymity on prompts and attachments |
| Art. 12 | Record-keeping / automatic logging | Hash-chained, tamper-evident ledger |
| Art. 14 | Human oversight | Human-in-the-loop review of automated blocks (also GDPR Art. 22) |
| Art. 26 | Deployer obligations | Fleet policy distribution, Ed25519-signed; monitoring of model responses |
| Annex IV | Technical documentation | Exportable evidence packs |
Who must act
High-risk systems are listed in Annex III, including AI used in employment, creditworthiness and credit scoring, healthcare, essential public and private services, education, and law enforcement. If your organization builds such a system you are a provider; if you put one into use under your authority you are a deployer.
Both carry obligations. Deployers must follow the provider's instructions, ensure human oversight, monitor operation and retain logs. Nyx is built for exactly these duties, see the mapping above.
Penalties. Non-compliance can reach up to €35M or 7% of global annual turnover for prohibited practices, and up to €15M or 3% for other violations.