Standards
The EU AI Act: from legal obligation to evidence
The first comprehensive AI regulation, translated into testable evidence.
What the EU AI Act is. It is the first comprehensive AI regulation by a major regulator, and — like GDPR before it — it is on track to become a global reference. It is risk-based: applications posing unacceptable risk are banned, high-risk systems carry binding legal requirements, and everything else is largely unregulated. Obligations phase in over time (for example, the Article 50 transparency rules apply from August 2026).
For high-risk systems the Act is explicit about engineering duties: risk management, data governance, human oversight, and — under Article 15 — accuracy, robustness, and cybersecurity. That last clause is where autonomous agents are most exposed.
How we use it. PharosOne produces the adversarial-robustness and security evidence those obligations call for. We run our live attack corpus against your agent and crosswalk each finding to AIUC-1 controls, which in turn map back to the Act's requirements — so a legal obligation becomes something you can actually test and show. Where the Act requires ongoing monitoring, we note where point-in-time testing ends and continuous coverage via the runtime SDK begins.
Track the regulation at artificialintelligenceact.eu.
The Act speaks in obligations; engineers need controls. The bridge is testable evidence.
Configurations like yours — generic results describe the population, not your specific agent.