EU AI Act for builders: the four obligations that touch your runtime

The EU AI Act is in force. Most of the discussion focuses on the classification question - is your system high-risk, limited-risk, minimal-risk. That matters, but for the builders shipping the system, four runtime obligations matter more because they show up in the inference path itself.

1. Article 14 - Human oversight. For any high-risk system, the operator must be able to intervene before the output produces an effect. This is a runtime requirement. A dashboard that shows the output after the fact does not satisfy it.

2. Article 15 - Robustness and accuracy. Includes resilience against adversarial input and unauthorised use. Runtime input filtering and tool-call gating fall here.

3. Article 12 - Logging. Automatically generated logs of the system's operation, retained for the duration the obligation applies. Tamper-evident logs are not required by the text - but if a regulator disputes the log, you will wish you had them.

4. Article 50 - Transparency. Disclosure obligations for systems interacting with humans, generating content, or detecting emotion / classification. The disclosure must accompany the output, which means it must be enforced at the gateway, not in a config file.

Each obligation maps to a specific NukonAI™ enforcement primitive:

• Article 14 → REVIEW verdict + escalation routing
• Article 15 → policy pack on tool calls + input classification
• Article 12 → cryptographic audit chain (default-on)
• Article 50 → response augmentation policy at egress

The full Article-to-policy map ships with our EU AI Act compliance pack.