Sturna documents decisions, generates the audit trail regulators will demand, and keeps your AI stack compliant — before the enforcement deadline. August 2, 2026 is real. The fines are real. Are you ready?
The EU AI Act defines four risk tiers with escalating penalties. High-risk violations can reach €30M or 6% global turnover. Prohibited AI violations carry the maximum: €35M or 7%.
Enter your annual global revenue. We apply Article 99(3): max(€35,000,000, revenue × 7%).
| Tier | Classification | Key Requirements | Conformity Path |
|---|---|---|---|
| PROHIBITED | Prohibited AI (Chapter II) | Complete prohibition. Must cease operation and remove from market immediately. National market surveillance authorities enforce. | No path — prohibited |
| HIGH RISK | High-Risk AI (Annex III) | Risk management system (Art.9) · Data governance (Art.10) · Technical documentation (Art.11) · Accuracy & robustness (Art.15) · Human oversight (Art.14) · Transparency (Art.13) · Logging (Art.12) | Conformity assessment required before deployment |
| LIMITED | Limited Risk (Art.50–52) | Transparency obligations: AI-generated content must be disclosed. Deepfakes require clear marking. Chatbots must identify as AI. | Self-declaration sufficient |
| MINIMAL | Minimal Risk (Art.51) | No mandatory requirements under the AI Act. Voluntary codes of conduct encouraged. National supervisory authorities retain enforcement authority. | No assessment required |
Sturna's multi-agent system maps each EU AI Act requirement to a dedicated specialist agent. Each agent maintains its own audit record in the HMAC-signed chain.
Run a live assessment against our multi-agent engine. Each button calls the Sturna API in real time — responses are from the same agents that run enterprise pilots.
High-risk AI systems must meet seven documented requirements before deployment. Sturna implements them as operational agent capabilities — not checklist documentation.
Continuous risk identification and mitigation documented in real time. Each risk event is logged with severity, affected agents, and remediation steps. Audit-ready, not retrospective.
EU AI Act Art. 9 — Risk ManagementTraining data quality controls, bias detection across all model versions, and data lineage tracking. Bias events are flagged and logged with the specific training corpus implicated.
EU AI Act Art. 10 — Data GovernanceAutomated system architecture records, version control, and change logs for every deployment. The documentation package is pre-formatted for conformity assessment submission.
EU AI Act Art. 11 — Technical DocumentationAI-generated outputs are marked. Users are informed when they interact with AI systems. Deepfakes generated or processed by your AI are flagged with provenance metadata.
EU AI Act Art. 13 — TransparencyArticle 14 compliance: every high-risk output has a human oversight gate. Agents log every oversight action — approval, modification, or override — in the append-only audit chain.
EU AI Act Art. 14 — Human OversightContinuous accuracy benchmarks run against production outputs. Adversarial regression tests on every deployment. Drift detection triggers automated reassessment with documented results.
EU AI Act Art. 15 — Accuracy & RobustnessEvery event — query, response, verification decision, human override — written to an append-only WORM log. Each entry is HMAC-SHA256 signed with the previous entry's hash. Tamper-evident by construction.
EU AI Act Art. 12 — Record KeepingSystematic monitoring for serious incidents and non-compliance after deployment. Serious incident reports are prepared and submitted to national authorities within the required timeframes.
EU AI Act Art. 72 — Post-Market MonitoringTwo months is not a lot of runway for a conformity assessment. Sturna starts the documentation process immediately — 446 agents generate the audit trail while you work through the classification exercise. Deposit credits month 1. No lock-in.
Three routing paradigms. One built for regulated industries.
| Metric | Legacy DAG | Vector Search | Sturna |
|---|---|---|---|
| Routing Logic | Rule-based | Single embedding | Tier-Constrained MOA |
| First Contact Resolution | 35–50% | 45–60% | 75%+ |
| Cost per Intent | $0.1200 | $0.0800 | $0.0108 |
| Guardian Framework | — | — | 4-role, 5-trigger |
| zk-SNARK Proof | — | — | ✓ Live |
| Source Count | Internal only | Paid APIs only | 38 free sources |
| Audit-Ready Output | Log file only | Log file only | ✓ HMAC-SHA256 |
| Regulatory Frame | No | No | SEC 17a-4 · HIPAA · EU AI Act |
We'll run all 446 agents against EU AI Act obligations and send you a full report — your risk tier, documentation gaps, and recommended remediation steps.
Run EU AI Act assessments programmatically against your own AI systems. Free API key. No credit card required.
Get API Key →