Framework

EU AI Act

The world's first comprehensive AI regulation. It classifies AI systems by risk level — from minimal to unacceptable — and imposes strict obligations on high-risk systems. Amanvi maps every system in your inventory to the Act's requirements so nothing falls through the cracks.

What the Act requires

The EU AI Act entered into force in August 2024 and is being phased in through 2027. It applies to any organization placing an AI system on the EU market or putting it into service within the EU. The core structure is a risk-based approach:

  • Unacceptable risk. Systems that manipulate human behavior, exploit vulnerabilities, or use social scoring by governments are banned outright.
  • High risk. AI used in critical infrastructure, education, employment, law enforcement, migration, and justice must meet strict transparency, data governance, human oversight, and accuracy standards.
  • Limited risk. Chatbots and deepfakes must disclose that users are interacting with AI.
  • Minimal risk. Most AI systems fall here and face only voluntary codes of conduct.

How Amanvi helps

Amanvi inventories your AI systems and classifies each one against the EU AI Act's risk tiers with grounded, citable reasoning. For every high-risk system, the platform identifies the specific obligations triggered — from Article 10 data governance to Article 14 human oversight — and tracks evidence coverage against each one.

When an auditor or regulator asks why a system was classified as high-risk, Amanvi shows the exact Annex III clause and the rationale in plain language. When they ask for proof of compliance, the evidence is already linked to the system and the obligation it satisfies.

Key obligations Amanvi tracks

  • Risk management systems (Art. 9) — continuous identification and mitigation of risks across the system lifecycle.
  • Data governance (Art. 10) — training, validation, and testing data must be relevant, representative, and free of errors to the best extent possible.
  • Technical documentation (Art. 11) — comprehensive records demonstrating compliance, maintained and kept up to date.
  • Record-keeping (Art. 12) — automatic logging of events during operation to ensure traceability.
  • Transparency (Art. 13) — users must be informed they are interacting with an AI system and understand its capabilities and limitations.
  • Human oversight (Art. 14) — natural persons must be able to understand, interpret, and intervene in the system's operation.
  • Accuracy and robustness (Art. 15) — systems must achieve appropriate levels of accuracy, robustness, and cybersecurity.