EU AI Act

European Union Artificial Intelligence Act · Regulation (EU) 2024/1689 · Phased enforcement through 2026-2027.

What it covers

The EU AI Act creates a tiered regulatory framework for AI systems deployed in the EU or affecting EU subjects. It defines prohibited practices, high-risk system categories (Annex III), general-purpose AI model obligations, and transparency requirements for limited-risk systems. Enforcement obligations are phasing in through 2026 and 2027.

Who it applies to

Providers and deployers of AI systems placed on the EU market or affecting EU subjects, regardless of where the provider is established. This includes non-EU companies whose products reach EU customers. The territorial scope is broad and the obligations flow to downstream deployers as well as upstream providers.

The AI-relevant control objectives

• Annex III high-risk classification for AI systems used in employment, credit scoring, insurance underwriting, education, law enforcement, and other listed categories
• Risk management system for high-risk AI
• Data governance and quality requirements
• Technical documentation and record-keeping
• Transparency obligations including Article 50 disclosures
• Human oversight requirements
• Accuracy, robustness, and cybersecurity requirements

How sitkastack maps to it

• Annex III classification analysis → docs/phase-0/01-risk-classification.md
• Out-of-scope boundary documentation → docs/phase-0/02-out-of-scope.md
• Technical documentation patterns → docs/phase-1/00-problem-definition.md
• Data governance → docs/phase-1/04-privacy-and-data-handling.md
• Record-keeping → docs/phase-1/03-output-contract.md
• Transparency for limited-risk systems → docs/phase-1/EXTENDING.md

What sitkastack delivers under this framework

sitkastack engagements produce EU AI Act-aligned technical documentation, classification analysis, and data governance artifacts. Typical engagements: AI Policy & Risk Pack (EU AI Act documentation package), EU AI Act Readiness Sprint (Annex III classification and readiness review), or 90-Day AI Build (production AI workflow with EU AI Act controls built in).

Honest limitations

sitkastack produces EU AI Act-aligned artifacts and analysis. I do not act as a notified body, do not issue conformity assessments, and do not provide legal advice on EU AI Act applicability. The provider or deployer remains accountable for its own classification, conformity assessment, and attestations.

Talk to me

Questions about how this maps to your environment? Email me.