EU AI Act Overview

The EU AI Act enters full enforcement on August 2, 2026. Maximum penalty: 35M EUR or 7% of global annual turnover.

Fuze directly covers 8 articles and assists with 6 more.

Why this matters for agents

AI agents that make autonomous decisions — especially those that interact with external systems, process personal data, or operate in regulated industries — may be classified as high-risk AI systems under the Act.

High-risk systems must comply with Articles 8-27, which include requirements for:

  • Automatic event logging (Art. 12)
  • Human oversight mechanisms (Art. 14)
  • Robustness and fault resilience (Art. 15)
  • Post-market monitoring (Art. 72)
  • Incident reporting within 72 hours (Art. 73)

What Fuze provides

Art. 12 — Record-Keeping

Fuze's TraceRecorder and AuditStore automatically log every guarded function call:

  • Timestamps (start and end, ISO 8601)
  • Agent identity (agent_id, version, model, provider)
  • Tool call details (name, arguments hash, result summary)
  • Cost (tokens in/out, USD)
  • Guard decisions (proceed, loop_detected, budget_exceeded)
  • Human oversight events

All records are append-only with hash chain for tamper detection. Minimum 6-month retention (configurable).

Art. 14 — Human Oversight

The Act literally requires a stop button. Fuze provides:

  • Kill switch — dashboard, CLI, TUI
  • Approval gates — pause and wait for human decision
  • Anomaly alerts — notify humans when something looks wrong
  • Override capability — humans can override any Fuze decision

Art. 15 — Robustness

  • Smart recovery (retry, rollback, fork, escalate)
  • Loop detection prevents stuck agents
  • Budget enforcement prevents resource exhaustion
  • Side-effect tracking prevents duplicate actions

Art. 72 — Post-Market Monitoring

Continuous runtime monitoring with agent health scores, cost trend analysis, failure pattern detection, and performance tracking over time.

Art. 73 — Incident Reporting

Fuze generates structured incident reports containing: system identification, full trace, timeline of events, actions taken, side-effects, and compensation status.

Enabling compliance mode

[compliance]
enabled = true
risk_level = "high"    # "minimal", "limited", or "high"
log_pii = false        # Keep false unless you have GDPR lawful basis

Next steps

See the full compliance matrix for article-by-article coverage details.

MCP ProxyCompliance Matrix