EU AI Act Overview

The EU AI Act enters full enforcement on August 2, 2026, with a maximum penalty of 35M EUR or 7% of global annual turnover. Fuze directly covers 8 articles and assists with 6 more.

Why this matters for agents

AI agents that make autonomous decisions, especially those that interact with external systems, process personal data, or operate in regulated industries, may be classified as high-risk AI systems under the Act.

High-risk systems must comply with Articles 8-27, which include requirements for:

  • Automatic event logging (Art. 12)
  • Human oversight mechanisms (Art. 14)
  • Robustness and fault resilience (Art. 15)
  • Post-market monitoring (Art. 72)
  • Incident reporting within 72 hours (Art. 73)

What Fuze provides

Art. 12, Record-Keeping

Fuze's TraceRecorder and AuditStore automatically log every guarded function call:

  • Timestamps (start and end, ISO 8601)
  • Agent identity (agent_id, version, model, provider)
  • Tool call details (name, arguments hash, result summary)
  • Cost (tokens in/out, USD)
  • Guard decisions (proceed, loop_detected, budget_exceeded)
  • Human oversight events

All records are append-only with hash chain for tamper detection. Minimum 6-month retention (configurable).

Art. 14, Human Oversight

The Act literally requires a stop button. Fuze provides:

  • Kill switch, dashboard, CLI, TUI
  • Approval gates, pause and wait for human decision
  • Anomaly alerts, notify humans when something looks wrong
  • Override capability, humans can override any Fuze decision

Art. 15, Robustness

  • Smart recovery (retry, rollback, fork, escalate)
  • Loop detection prevents stuck agents
  • Budget enforcement prevents resource exhaustion
  • Side-effect tracking prevents duplicate actions

Art. 72, Post-Market Monitoring

Continuous runtime monitoring with agent health scores, cost trend analysis, failure pattern detection, and performance tracking over time.

Art. 73, Incident Reporting

Fuze generates structured incident reports containing: system identification, full trace, timeline of events, actions taken, side-effects, and compensation status.

Enabling compliance mode

toml
[compliance]
enabled = true
risk_level = "high"    # "minimal", "limited", or "high"
log_pii = false        # Keep false unless you have GDPR lawful basis

Next steps

See the full compliance matrix for article-by-article coverage details.