Compliance Coverage
EU AI Act Compliance Matrix
How Fuze maps to each article. What is covered automatically, what is partially assisted, and what you still need to handle.
4 Articles
Directly covered
Fuze handles this automatically
6 Articles
Partially assisted
Fuze gives you a head start
3 Articles
Outside Fuze's scope
You need to address these separately
Fuze is a compliance tool, not a compliance guarantee. Coverage here refers to technical capabilities — you still need legal review and internal processes to meet the full requirements of each article.
Full Compliance Matrix
| Article | Requirement | Fuze Status | What Fuze Does | What You Still Need |
|---|---|---|---|---|
| Art. 9 | Risk Management | 🟡Partial | Loop detection, budget limits, recovery strategies | Formal risk register, risk assessment documentation |
| Art. 11 | Technical Documentation | ⬜Out of scope | — | You must write and maintain docs describing your system |
| Art. 12 | Record-Keeping / Logging | ✅Covered | Full trace: tool name, args, results, cost, timestamps | Ensure traces are stored for 180+ days |
| Art. 13 | Transparency | 🟡Partial | Audit trail shows agent reasoning and tool calls | Add user-facing disclosure of AI involvement |
| Art. 14 | Human Oversight | ✅Covered | Kill switches, budget caps, human escalation mode | Define escalation process and responsible person |
| Art. 15 | Robustness | ✅Covered | Loop detection, budget enforcement, error recovery | Input validation, adversarial testing |
| Art. 19 | Log Retention | ✅Covered | retention_days config, trace storage | Set retention_days ≥ 180 in fuze.toml |
| Art. 20 | Corrective Actions | 🟡Partial | Compensation functions for side-effect rollback | Incident response procedures, customer notification |
| Art. 26 | Deployer Obligations | 🟡Partial | Monitoring hooks, alerts | Review deployer obligations with legal team |
| Art. 27 | Rights Impact Assessment | ⬜Out of scope | — | Conduct FRIA if your use case is in scope |
| Art. 50 | AI Transparency | ⬜Out of scope | — | Add AI disclosure to user-facing products |
| Art. 72 | Post-Market Monitoring | 🟡Partial | Trace replay, performance metrics | Define monitoring plan and review cadence |
| Art. 73 | Incident Reporting | 🟡Partial | Trace logs provide incident evidence | Define incident response and reporting process |
Risk Management
Fuze does
Loop detection, budget limits, recovery strategies
You still need
Formal risk register, risk assessment documentation
Technical Documentation
You still need
You must write and maintain docs describing your system
Record-Keeping / Logging
Fuze does
Full trace: tool name, args, results, cost, timestamps
You still need
Ensure traces are stored for 180+ days
Transparency
Fuze does
Audit trail shows agent reasoning and tool calls
You still need
Add user-facing disclosure of AI involvement
Human Oversight
Fuze does
Kill switches, budget caps, human escalation mode
You still need
Define escalation process and responsible person
Robustness
Fuze does
Loop detection, budget enforcement, error recovery
You still need
Input validation, adversarial testing
Log Retention
Fuze does
retention_days config, trace storage
You still need
Set retention_days ≥ 180 in fuze.toml
Corrective Actions
Fuze does
Compensation functions for side-effect rollback
You still need
Incident response procedures, customer notification
Deployer Obligations
Fuze does
Monitoring hooks, alerts
You still need
Review deployer obligations with legal team
Rights Impact Assessment
You still need
Conduct FRIA if your use case is in scope
AI Transparency
You still need
Add AI disclosure to user-facing products
Post-Market Monitoring
Fuze does
Trace replay, performance metrics
You still need
Define monitoring plan and review cadence
Incident Reporting
Fuze does
Trace logs provide incident evidence
You still need
Define incident response and reporting process
Disclaimer
This matrix is provided for informational purposes only. It does not constitute legal advice. The EU AI Act is a complex legal instrument and its application depends on your specific use case, jurisdiction, and system design. Consult qualified legal counsel for compliance decisions.
Ready to start?
Add compliance infrastructure in one line.
Fuze gives you automatic logging, loop detection, budget enforcement, and human escalation from day one.
npm install fuze-ai