The problem
Enforcement starts August 2, 2026. Most deployers can't produce the evidence the Act asks for.
The EU AI Act puts the operational burden on the deployer, not the model vendor. If you run a high-risk agent in hiring, credit, healthcare, education, or critical infrastructure, you are on the hook for the Annex IV technical file, the Article 27 FRIA, the Article 26 monitoring duties, and an Article 73 incident report inside fifteen days of any serious incident.
The existing AI observability stack — Langfuse, Helicone, and the LLM-tracing tools around them — was built to debug agents, not to produce regulator-grade evidence. Traces drop on failure. Schemas drift between releases. Nothing keys back to a specific Article. None of it was designed to survive a regulator asking, six months later, what the agent did and why.
Small teams running agents in production hit this wall first. Building the compliance plumbing from scratch is months of work, and the fines for getting it wrong are €35M or 7% of global turnover, whichever is higher.
Our approach
Component supplier, not certifier.
The Act has a specific role for tooling vendors: Article 25(4) describes the component supplier — a party that contributes a part of a high-risk system and is obliged to share the information the deployer needs to discharge their own duties. That is where Fuze sits.
We provide an open-source SDK that wraps an agent at the point it runs and captures every prompt, tool call, and decision as an append-only evidence stream. The Fuze Control dashboard reads that stream and helps the deployer compile the artefacts the Act asks for. The runtime signs the events; the deployer files the paperwork. We do not issue certificates and we are not a notified body.
This split matters. Conformity assessments are the deployer's responsibility under the regulation, and outsourcing them to a tool would be misrepresenting what the Act allows. What we can do, honestly, is make the evidence side cheap and reliable.
Why Europe, why now
Built in the EU, hosted in the EU, for the regulation it serves.
Fuze is a European company. The managed dashboard runs from Frankfurt. The SDK's default provider adapters cover Mistral, Scaleway, and OVHcloud alongside the major US APIs, so a deployer who needs EU residency on inference as well as storage can get there without leaving the stack.
Most of the AI tooling we use day to day was built somewhere else, for a different regulatory environment. The AI Act is the specific problem we set out to solve, and being inside its jurisdiction means we live with the same constraints our customers do. That is the only edge worth having here.
Open source
The SDK is MIT-licensed. Read every line.
The runtime that captures evidence runs in your process, on your infrastructure. The signing scheme, the event schema, and the audit log format are public specifications. You can self-host the SDK alone, or run it against the managed Fuze Control dashboard.
Contact
Small team. Direct line.
Fuze is built by Neri Carcasci and a small group around him. The fastest way to reach us is email or the issue tracker. For questions about residency, encryption, sub-processors, or anything that belongs in due diligence, the security overview is the starting point.
Next
Five minutes to know if the Act applies to you.
The classifier walks Annex III and tells you which Articles apply, which tier of risk you sit in, and what evidence the Fuze Control dashboard would start emitting on day one. Free, no signup.