🇪🇺 EU AI Act: What It Means for AI Systems and How to Prepare
The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive law on artificial intelligence, which entered into force on 1 August 2024. It introduces a risk-based approach: practices with unacceptable risk are prohibited, high-risk systems must meet strict requirements for risk management, data, logging, human oversight, and cybersecurity, and a separate regime is introduced for generative AI and general-purpose AI models (GPAI). This guide walks through the risk tiers, the application timeline, the penalties, and — most important for us — Article 15 (accuracy, robustness, cybersecurity) and Article 12 (logging), and shows what SYNTREX — the defense layer of the Spectorn platform — provides: attack detection, an immutable audit trail, and policy enforcement. At the same time we note the boundary honestly: compliance is an organizational task; SYNTREX closes its technical part.
Spectorn is a security and compliance-perimeter platform; SYNTREX is its AI-defense layer, deployed both inside Spectorn and standalone on internal perimeters. The EU AI Act imposes obligations; SYNTREX provides the technical controls and provability your compliance program relies on.
⚠️ Important on timelines (as of mid-2026): in May 2026 a preliminary political agreement was reached on the "Digital Omnibus on AI," postponing a number of deadlines (first and foremost, Annex III high-risk systems — from 2 August 2026 to 2 December 2027). At the time of writing, this agreement has not yet been published as law — until publication in the Official Journal, the original dates of Regulation 2024/1689 are legally in effect. Check against EUR-Lex.
The Risk-Based Approach: Four Tiers
The EU AI Act classifies AI systems by risk level and ties obligations to that level.
Unacceptable risk — prohibited practices (Article 5)
Applies from 2 February 2025. Fully prohibited, in particular:
- Manipulative/subliminal techniques that distort behavior and cause significant harm;
- Exploitation of vulnerabilities (age, disability, socio-economic situation);
- Social scoring of citizens with disproportionate consequences;
- Predicting the likelihood of crime based on profiling of an individual;
- Untargeted scraping of faces for facial-recognition databases;
- Emotion inference in the workplace and in education (except for medical/safety purposes);
- Biometric categorization by sensitive attributes (race, political views, religion, sexual orientation);
- Real-time remote biometric identification in public spaces for law enforcement (with narrow exceptions).
High risk (Annex III + Annex I)
Systems on the Annex III list (biometrics, critical infrastructure, education, employment, access to essential services and credit scoring, law enforcement, migration, justice) and systems embedded in regulated products (Annex I). The provider's key obligations (Articles 8–15):
- Risk management system (Art. 9) — an iterative process across the whole lifecycle;
- Data governance (Art. 10) — relevance, representativeness, bias control;
- Technical documentation (Art. 11 + Annex IV);
- Logging (Art. 12) — automatic recording of events throughout the entire service life;
- Transparency for the deployer (Art. 13) — instructions, capabilities, limitations, metrics;
- Human oversight (Art. 14) — the ability to monitor, intervene, stop;
- Accuracy, robustness, and cybersecurity (Art. 15) — see the walkthrough below.
Limited risk — transparency obligations (Article 50)
Applies from 2 August 2026. Chatbots must disclose that the user is interacting with an AI; synthetic content (images, audio, video, text) must be machine-readably marked as AI-generated; deepfakes and AI text on matters of public interest must be disclosed by the deployer (watermark marking was postponed by the "Omnibus" to 2 December 2026).
Minimal risk
Everything else (spam filters, AI in games, warehouse management) — with no mandatory requirements; voluntary codes of conduct are encouraged.
General-Purpose AI Models (GPAI): Chapter V
Applies from 2 August 2025. The obligations of GPAI providers (Art. 53): technical documentation, information for downstream integrators, a copyright-compliance policy, a public summary of the training data. Open-source (FOSS) models are partially exempt — but not from the copyright policy and data summary, and not where systemic risk is present.
Systemic risk (Art. 51) is presumed when training compute exceeds 10²⁵ floating-point operations (FLOP). For such models, the following are added (Art. 55): model evaluation and documented adversarial testing, assessment and mitigation of EU-level systemic risks, reporting of serious incidents, and adequate cybersecurity of the model and infrastructure. GPAI enforcement is carried out by the European Commission itself; the penalty is up to €15 million or 3% of worldwide turnover (Art. 101).
Application Timeline
The original schedule of Regulation 2024/1689 (Article 113):
| Date | What takes effect |
|---|---|
| 1 Aug 2024 | Entry into force |
| 2 Feb 2025 | Prohibited practices (Art. 5) + AI-literacy obligations |
| 2 Aug 2025 | GPAI rules (Chapter V) + governance structures + penalty provisions |
| 2 Aug 2026 | Most Annex III high-risk systems + transparency (Art. 50) |
| 2 Aug 2027 | High-risk systems embedded in products (Annex I) |
The "Digital Omnibus on AI" (a preliminary agreement of May 2026, not yet law) postpones, in particular: standalone Annex III high-risk systems → 2 December 2027, those embedded in products under Annex I → 2 August 2028, synthetic-content marking → 2 December 2026. Until publication in the Official Journal, the original dates apply — track EUR-Lex.
Penalties (Article 99)
| Violation | Penalty (the greater is taken) |
|---|---|
| Prohibited practices (Art. 5) | up to €35 million or 7% of worldwide annual turnover |
| Other violations (high risk, transparency) | up to €15 million or 3% |
| Incorrect/incomplete information to regulators | up to €7.5 million or 1% |
For GPAI models the European Commission applies a separate regime (Art. 101): up to €15 million or 3%. For SMEs the penalty is capped at the lower of the two amounts (the percentage or the absolute sum).
Extraterritoriality: It Affects Companies Outside the EU Too
The Regulation applies not only to providers and deployers in the EU. Under Article 2(1)(c), it extends to providers and deployers outside the EU if the output of their AI system is used in the Union. This is the key extraterritorial hook: a Russian, American, or any other company whose AI system produces a result that reaches users in the EU falls fully under the Regulation. Exempt: military/defense use, R&D prior to market placement, and partially open-source systems (except high-risk ones and those falling under Art. 5/50).
Article 15 and Article 12: The Direct Hook for AI Security
For a product in SYNTREX's class, two articles matter most — they are the ones that turn AI cybersecurity from "good practice" into a legal obligation.
Article 15 — accuracy, robustness, cybersecurity
High-risk systems must achieve an "appropriate level of accuracy, robustness, and cybersecurity" and maintain it across the whole lifecycle. The article explicitly names the classes of attack against which the provider is obligated to implement technical solutions:
- Data poisoning (poisoning of training data);
- Model poisoning (compromise of pre-trained components);
- Adversarial examples (inputs that cause prediction errors — model evasion);
- Confidentiality attacks;
- Model flaws.
Each of these named attack types corresponds to a compliance obligation — and each is closed off by specific SYNTREX engines (see the map below).
Article 12 — logging (record-keeping)
High-risk systems must technically ensure the automatic recording of events (logs) throughout the entire service life, commensurate with the intended purpose. Logs must support risk identification, post-market monitoring, and operational control. For biometric-identification systems, minimum requirements are specified (periods of use, the reference database queried, the input data of matches, the identity of the operator who verified). Here SYNTREX's Decision Logger provides a ready-made immutable chain of decisions with SHA-256/HMAC hashes.
How SYNTREX Helps Meet the Technical Requirements
SYNTREX closes the technical part of the obligations of Article 15 and Article 12. A map of "EU AI Act requirement → SYNTREX engine/component":
| EU AI Act requirement | What SYNTREX provides | Engines / components |
|---|---|---|
| Art. 15 — adversarial examples / model evasion | Detection of injections, jailbreaks, bypasses | injection, jailbreak |
| Art. 15 — data/model poisoning | Detection of dormant/trigger payloads at runtime | dormant_payload |
| Art. 15 — confidentiality attacks | Masking PII and secrets, exfiltration control | pii, secret_scanner, exfiltration |
| Art. 15 — robustness against agent abuse | Control of tools and the "lethal trifecta" | tool_abuse, cross_tool_guard, lethal_trifecta |
| Art. 12 — logging for the whole service life | An immutable chain of decisions (SHA-256/HMAC) | Decision Logger |
| Art. 14 — supporting human oversight | Alerts and escalation to the SOC for the operator | SOC Correlation Engine |
| Art. 50 — output transparency | Scanning and sanitizing the model's output | output_scanner |
syntrex.yaml configuration
A profile oriented toward the technical controls of Article 15 and the logging of Article 12:
# syntrex.yaml — profile for EU AI Act technical requirements (Art. 15 / Art. 12)
version: "1.0"
mode: ai_gateway
engines:
injection: # Art. 15: adversarial examples / model evasion
action: block
confidence_threshold: 0.7
jailbreak: # Art. 15: bypass of safety training
action: block
confidence_threshold: 0.85
dormant_payload: # Art. 15: data/model poisoning (trigger payloads)
action: alert
pii: # Art. 15: confidentiality attacks (PII)
action: redact
mask_character: "*"
secret_scanner: always_on # Art. 15: secrets never leave the perimeter
exfiltration: # Art. 15: confidentiality attacks (data exfiltration)
action: block
lethal_trifecta: # Art. 15: robustness of the agentic loop
action: block
tool_abuse: # Art. 15
action: block
output_scanner: # Art. 50: output transparency/sanitization
action: sanitize
audit:
decision_logger: true # Art. 12: automatic logging for the whole service life
retention_policy: regulatory
hash_chain: sha256_hmac
SOC correlation rule (supporting human oversight, Art. 14)
rules:
- id: HIGHRISK_INCIDENT_ESCALATION
name: "Escalate an incident to the operator (Art. 14)"
description: "A critical detection on a high-risk system — immediate escalation to a human overseer"
enabled: true
conditions:
- any:
- category: injection
min_confidence: 0.85
- category: lethal_trifecta
min_confidence: 0.7
action:
create_incident: true
severity: CRITICAL
notify: human_oversight
metadata:
eu_ai_act: ["Article 15", "Article 14", "Article 12"]
An honest boundary of responsibility. The EU AI Act is a law, and complying with it is an organizational and legal task: categorizing the system by risk level, conformity assessment, CE marking, appointing an authorized representative, the risk management system (Art. 9), data governance (Art. 10), human oversight (Art. 14). SYNTREX does not make you compliant and does not replace a legal assessment. It closes the technical part of Article 15 (detection of the named attack classes) and Article 12 (immutable logging), providing a provable audit trail your compliance program relies on. The conformity assessment, the documentation, and the management loop are provided by the organization.
Frequently Asked Questions (FAQ)
What is the EU AI Act in plain terms? It is the EU's first comprehensive law on artificial intelligence (Regulation 2024/1689), which entered into force on 1 August 2024. It divides AI systems by risk level: unacceptable practices are prohibited, high-risk ones must meet strict requirements (risk management, data, logging, oversight, cybersecurity), and a separate regime is introduced for generative AI and general-purpose models.
When do the EU AI Act requirements take effect? On the original schedule: prohibited practices — from 2 February 2025, GPAI rules — from 2 August 2025, most high-risk systems — from 2 August 2026. The "Digital Omnibus" (a preliminary agreement of May 2026) postpones Annex III high-risk systems to 2 December 2027 — but as of mid-2026 this is not yet published law, and the original dates are legally in effect.
Does the EU AI Act affect companies outside the EU? Yes. Under Article 2(1)(c), the Regulation applies to providers and deployers outside the EU if the output of their AI system is used in the Union. A company from Russia, the United States, or any other country whose AI results reach users in the EU falls under the Regulation and its penalties.
What are the penalties under the EU AI Act? Up to €35 million or 7% of worldwide annual turnover for prohibited practices (Art. 5); up to €15 million or 3% for other violations; up to €7.5 million or 1% for incorrect information to regulators. The greater of the amounts is taken. For GPAI the European Commission applies a regime of up to €15 million or 3%.
Does SYNTREX make my AI system compliant with the EU AI Act? No, and we note this boundary honestly. Compliance is an organizational and legal task (risk categorization, conformity assessment, CE marking, risk management, oversight). SYNTREX closes the technical part of Article 15 (detection of data/model poisoning, adversarial examples, confidentiality attacks) and Article 12 (immutable logging via the Decision Logger), providing a provable trail for your compliance program.
What exactly does Article 15 require on cybersecurity? High-risk systems must achieve an appropriate level of accuracy, robustness, and cybersecurity and implement technical solutions against explicitly named attacks: data poisoning, model poisoning, adversarial examples (model evasion), confidentiality attacks, and model flaws. This turns AI defense from a recommendation into an obligation — and each attack class is closed off by the corresponding SYNTREX engine.
How does the EU AI Act relate to NIST AI RMF? The EU AI Act imposes obligations (a law with extraterritorial reach), while the NIST AI RMF is a voluntary management framework. Organizations often use the AI RMF functions (especially MAP and GOVERN) as an operating model on top of which they prepare for the mandatory requirements of the EU AI Act. The certifiable bridge between them is ISO/IEC 42001.
Sources
- Regulation (EU) 2024/1689 — official text on EUR-Lex — the primary source.
- European Commission — Regulatory framework on AI — the official AI Act page.
- AI Act Service Desk (EC) — Article 113 (timeline) — the official application schedule.
- AI Act Explorer — Article 5 (prohibited practices).
- AI Act Explorer — Article 15 (accuracy, robustness, cybersecurity).
- AI Act Explorer — Article 99 (penalties).
- AI Act Explorer — Article 51 (GPAI classification).
- NIST AI RMF and ISO/IEC 42001 — complementary frameworks.
Related guides: NIST AI RMF · MITRE ATLAS · OWASP Top 10 for LLMs · Government and CII · Industry Scenarios