Regulation (EU) 2024/1689 · Enforcement August 2, 2026
EU AI Act compliance starts at the action layer
Most organizations are securing the model. The EU AI Act also requires securing what the model does — every API call, every MCP server connection, every agent action. That is the gap Salt Security was built to close.
Enforcement deadline
Aug 2, 2026
weeks away
Maximum fine
€35M
or 7% of global turnover
Life/safety incident reporting
24 hrs
Article 73 window
Other serious incidents
72 hrs
Article 73 window
EU AI Act Summary
What is the EU AI Act?
Regulation (EU) 2024/1689, known as the EU AI Act, is the world’s first comprehensive legal framework for artificial intelligence. It entered into force on August 1, 2024, and establishes a tiered risk classification system that imposes increasingly strict obligations on AI systems based on the potential harm they can cause.
The Act applies to providers who place AI systems on the EU market, deployers who operate high-risk AI systems within the EU, and third-country organizations whose AI outputs are used in the EU. Article 5 prohibited-practice provisions have been enforceable since February 2025. The full set of high-risk AI system mandates becomes enforceable August 2, 2026.
For security teams, the most consequential aspect is Article 15: high-risk AI systems must be resilient against adversarial attacks across their entire action layer, not just at the model output level. That means the APIs your agents call are in scope.
EU AI Act Risk Categories
A tiered framework for AI risk
The EU AI Act classifies AI systems into four risk tiers. Your compliance obligations depend entirely on where your AI deployments sit in this hierarchy. If you use AI agents in hiring, credit, infrastructure, or law enforcement, you are almost certainly subject to the highest obligations.
Unacceptable risk
Prohibited practices
AI applications that pose an unacceptable threat to fundamental rights. Prohibited outright under Article 5. In force since February 2025.
High risk
Full compliance required
AI systems listed in Annex III. Subject to the full range of obligations: risk management, data governance, technical documentation, logging, human oversight, and cybersecurity resilience.
Limited risk
Transparency obligations
AI systems with specific transparency obligations, primarily chatbots and synthetic media tools. Users must be informed they are interacting with an AI system.
Minimal risk
Voluntary codes of conduct
AI systems with no mandatory obligations under the Act. Providers may voluntarily adopt codes of conduct aligned with the regulation’s principles.
Critical scope note
If your AI agents invoke APIs — including internal services, third-party platforms, or MCP servers — that action layer is in scope under the Act’s cybersecurity and logging mandates. Recitals 99 and 100 address multi-agent architectures explicitly: in a chain of AI agents, the compliance boundary extends to every agent that performs a high-risk function.
EU AI Act compliance requirements 2026
Article-by-article obligations
The high-risk provisions enforceable August 2, 2026 span risk management, data governance, logging, transparency, human oversight, cybersecurity resilience, and post-market monitoring. Below is what each article requires and where Salt Security’s Agentic Security Graph provides coverage.
Coverage legend
Direct technical control
Audit and documentation support
Supports broader QMS program
Article 9 Risk management system — continuous and iterative across the AI lifecycle
High-risk AI systems must have a documented risk management system that runs continuously throughout development and operation, not a one-time assessment at deployment.
AG-SPM Continuous Discovery automatically builds and maintains a live risk inventory of every AI agent, MCP server connection, and API. New connections and configuration drift are flagged as emerging risks in real time.
Article 10 · Highlighted EU AI Act Article 10: data governance — prevent unauthorized access and data poisoning at inference time
Article 10 requires high-risk AI systems to implement data governance practices that protect against unauthorized access and ensure data integrity throughout the system’s lifecycle — including at inference time, when an AI agent is actively calling APIs and processing data.
Salt’s API Data Flow Visibility delivers deep observability into data traversing the action layer at inference time. Anomalous data access patterns and malformed API responses that could introduce compromised inputs are detected automatically.
Article 11 Technical documentation — complete interface inventory before market placement
Providers must produce and maintain technical documentation describing all components, interfaces, and capabilities of the AI system before it is placed on the market.
The Agentic Security Graph produces a continuous, exportable inventory of every AI agent, MCP server, and API endpoint in scope — direct input to Article 11 technical documentation requirements.
Article 12 · Highlighted EU AI Act Article 12: record keeping — tamper-evident logs retained for 6 months minimum
Article 12 mandates automatic logging of all events relevant to identifying risks and ensuring traceability. Logs must be tamper-evident and retained for at least 6 months, or 24 months for biometric and law enforcement systems.
Salt’s immutable audit trail captures a complete, tamper-evident log of every AI-to-API interaction: request payloads, response data, timing, authentication context, and anomaly flags. Retention policies are configurable to Article 12 minimums.
Article 14 Human oversight — ability to stop the system and intervene in real time
High-risk AI systems must be designed to allow human operators to effectively oversee operation and intervene or halt the system when anomalous behavior is detected.
AG-DR Real-Time Alerting surfaces anomalous agent behavior with full context. Security operators can see exactly what APIs an agent is calling and terminate or quarantine sessions exhibiting unauthorized behavior.
Article 15 · Highlighted EU AI Act Article 15: cybersecurity resilience — protection against adversarial attacks, data poisoning, and model evasion
Article 15(3) requires technical robustness against adversarial attacks by unauthorized third parties. Article 15(5) enumerates specific threats: data poisoning, adversarial examples, confidentiality attacks, and model evasion. Protection must extend to the interfaces through which AI systems interact with the world — in practice, APIs and MCP servers.
Behavioral Threat Protection builds AI-powered baselines for every agent and API interaction. East-West Traffic Analysis monitors lateral API traffic between agents and MCP servers, identifying prompt injection patterns and unauthorized data access.
Article 72 and 73 Post-market monitoring and mandatory incident reporting within 24–72 hours
Article 72 requires an established, documented monitoring system from the first day of deployment. Article 73 mandates incident reporting: 24 hours for life/safety risks, 72 hours for other serious incidents, 15 days for malfunctions.
Salt’s continuous monitoring is a direct implementation of Article 72. Every behavioral baseline and anomaly detection is a post-market monitoring data point. Behavioral detection identifies incidents as they occur — the precondition for meeting Article 73’s timeframe requirements.
Article 17 Quality management system covering data governance, logging, and cybersecurity
Providers must implement a documented quality management system covering data governance practices, logging infrastructure, post-market monitoring, and cybersecurity controls.
Salt provides the cybersecurity monitoring, logging, and posture evidence that a QMS requires. Salt is the technical control layer whose outputs feed the provider’s QMS documentation and continuous improvement processes.
The compliance gap most organizations are missing
Traditional tools only cover half the picture
Enterprise AI security investment is concentrated at the model layer. Those controls are necessary. But Article 15 is explicit: protection must extend to the actions an AI system takes, not only the outputs it generates.
Traditional AI security tools
Responsible AI guardrails, output filtering, LLM red-teaming, model governance.
- Model output visibility
- Prompt/response monitoring
- No API action visibility
- No MCP server monitoring
- No Article 12 log infrastructure
Traditional API security tools
API gateway monitoring, traffic analysis, authentication enforcement.
- API traffic visibility
- Authentication context
- No AI agent context
- No behavioral baseline per agent
- No agentic security posture
Salt Security: purpose-built for the gap the EU AI Act exposes
Salt Security’s Agentic Security Graph operates across all three layers the Act’s scope of concern covers: the LLM/model layer, the MCP server layer, and the API layer. It is the only platform that provides a unified control plane combining API security context with AI agent understanding, closing the compliance gap that traditional tools leave open.
AG-SPM
Posture and documentation. Discovers every AI agent, MCP server, and API endpoint. Continuous interface inventory for Arts. 9, 11, and 13.
AG-DR
Detection and response. Real-time behavioral detection across the action layer. Enables Art. 14 oversight and surfaces incidents for Arts. 20 and 73.
Agentic Security Graph
Continuous compliance record. Tamper-evident logging of every AI-to-API interaction satisfies Art. 12. Continuous monitoring is the Art. 15 and Art. 72 evidence supervisory authorities expect.
Common questions
EU AI Act: frequently asked questions
What is the EU AI Act and does it apply to my organization?
The EU AI Act (Regulation (EU) 2024/1689) is the world’s first comprehensive AI regulation. It applies to any organization that places AI systems on the EU market, operates high-risk AI systems within the EU, or whose AI outputs are used in the EU — including non-EU companies. If you use AI in hiring, credit, infrastructure, biometrics, or law enforcement, you are almost certainly in scope.
What are the EU AI Act compliance requirements for 2026?
The major obligations taking effect August 2, 2026 include: a continuous risk management system (Art. 9), data governance with inference-time protections (Art. 10), complete technical documentation (Art. 11), tamper-evident logging retained for 6 months minimum (Art. 12), transparency for deployers (Art. 13), human oversight capability (Art. 14), cybersecurity resilience (Art. 15), a quality management system (Art. 17), and post-market monitoring from day one of deployment (Art. 72).
What does EU AI Act Article 15 require specifically?
Article 15 requires that high-risk AI systems be designed and developed to achieve an appropriate level of cybersecurity resilience. Article 15(5) enumerates specific attack types that must be guarded against: data poisoning, adversarial examples targeting model behavior, confidentiality attacks, and model evasion. These threats primarily target the interfaces through which AI systems interact with external data sources and services — in practice, APIs and MCP servers.
What does EU AI Act Article 10 require for data governance?
Article 10 establishes data governance requirements for high-risk AI systems, including practices to prevent unauthorized access, protect data integrity, and ensure that training, validation, and test data are managed appropriately. Data governance obligations extend through the AI lifecycle including at inference time — when AI agents are actively accessing and processing data through API calls.
What does EU AI Act Article 12 require for record keeping?
Article 12 mandates that high-risk AI systems automatically generate logs enabling traceability and risk identification. Logs must be tamper-evident. Minimum retention is 6 months for most high-risk systems, and 24 months for biometric identification and law enforcement systems. The logging obligation covers both provider systems and deployer operational logs.
Are AI agents that invoke APIs in scope under the EU AI Act?
Yes. If an AI agent calls APIs — including internal microservices, third-party platforms, or MCP servers — that action layer falls under the Act’s cybersecurity (Art. 15) and logging (Art. 12) mandates. In multi-agent architectures, Recitals 99 and 100 indicate that every agent in the chain performing a high-risk function is in scope. The compliance boundary extends to the entire action layer, not just the model itself.
Every month you delay is a month of monitoring data you will not have
The August 2, 2026 enforcement date is fixed
Only Salt Salt Security’s Agentic Security Graph can be deployed in days and begins building your continuous compliance record from day one. The articles that require the longest accumulation of evidence — Articles 15, 72, and 73 — are the ones where time matters most.and continuously discovers all APIs, capturing granular details about them to help you eliminate blind spots, assess risk, and manage API sprawl with our industry-leading posture governance engine.
Disclaimer: Regulation (EU) 2024/1689 (EU AI Act) entered into force August 1, 2024. High-risk AI system provisions apply from August 2, 2026. GPAI model provisions applied from August 2, 2025. This page is for informational purposes and does not constitute legal advice. Organizations should consult qualified EU legal counsel regarding their specific compliance obligations.