Compliance Matrix
Article-by-article mapping of EU AI Act requirements to Fuze features.
Coverage legend: Covers = Fuze directly satisfies | Assists = Fuze helps but doesn't fully satisfy | Outside scope = provider/deployer responsibility
High-Risk System Requirements (Art. 8-15)
| Article | Description | Coverage |
|---|---|---|
| Art. 8 | Compliance with requirements | Assists |
| Art. 9 | Risk Management System | Assists |
| Art. 10 | Data and Data Governance | Outside scope |
| Art. 11 | Technical Documentation | Assists |
| Art. 12 | Record-Keeping | Covers |
| Art. 13 | Transparency to Deployers | Covers (logs) |
| Art. 14 | Human Oversight | Covers |
| Art. 15 | Robustness | Covers |
Provider and Deployer Obligations (Art. 16-27)
| Article | Description | Coverage |
|---|---|---|
| Art. 16 | Provider Obligations | Assists |
| Art. 17 | Quality Management System | Assists |
| Art. 18 | Documentation Keeping | Assists |
| Art. 19 | Auto-Generated Logs | Covers |
| Art. 20 | Corrective Actions | Assists |
| Art. 26 | Deployer Obligations | Covers |
| Art. 27 | Fundamental Rights Impact Assessment | Outside scope |
Post-Market and Incident Reporting
| Article | Description | Coverage |
|---|---|---|
| Art. 72 | Post-Market Monitoring | Covers |
| Art. 73 | Serious Incident Reporting | Covers |
Other
| Article | Description | Coverage |
|---|---|---|
| Art. 50 | Transparency (chatbots, deepfakes) | Outside scope |
Summary
8 articles covered, 6 assisted, 3 outside scope.
The 3 outside scope (Art. 10 data governance, Art. 27 fundamental rights impact assessment, Art. 50 transparency labelling) require organisational processes or UI changes that no runtime safety tool can address.
Art. 12 in detail
What Fuze logs for every guarded function call:
| Data Point | Source |
|---|---|
| Start/end timestamps (ISO 8601) | Every @guard call |
| Agent identity | agent_id, version, model, provider |
| Tool call details | Name, args hash, result summary |
| Cost tracking | Tokens in/out, USD |
| Guard decisions | proceed, loop_detected, budget_exceeded |
| Human oversight events | Who reviewed, what they decided |
| Side-effect status | Real-world consequences, compensation status |
All records: append-only, hash-chained, minimum 6-month retention, queryable, exportable (JSON, CSV, PDF).
Art. 14 in detail
| Requirement | Fuze Feature |
|---|---|
| Understand capabilities, monitor operation | Dashboard with live runs, agent health |
| Correctly interpret output | Trace replay with full decision context |
| Decide not to use output | Override capability via dashboard |
| Intervene or interrupt (stop button) | Kill switch: dashboard, CLI, TUI |
| Proportionate to risk | Configurable guard levels per agent |