Start deploying
·5 min read·Robert Seares

Compliance is a query, not a quarter

EU AI Act enforcement lands 2 August 2026. Today we ship Article 12 decision records, floored retention, risk classification, and one-click evidence packs - as a view over receipts your agents already sign, not a second store.

eu ai actcompliancesigned receiptsgovernanceai agentsproduct

Compliance is a query, not a quarter

On 2 August 2026 — four weeks from now — the EU AI Act's obligations for high-risk AI systems begin to bite. Two of them land squarely on anyone running agents in production:

  • Article 12 — your system must *technically allow* the automatic recording of events over its lifetime. Not "we log some things." Automatic, lifetime, built-in.
  • Article 19 — the logs your system generates automatically must be kept at least six months.

Today we're shipping EU AI Act compliance as a first-class platform feature: queryable decision records, enforced retention with a 180-day floor, per-agent risk classification, and a one-click evidence pack mapped to the EU AI Act, NIST AI RMF 1.1, and ISO/IEC 42001.

Here's the part we think matters most: we didn't build a compliance store. We built a query.

The trap: the compliance warehouse

Watch how most teams will handle this between now and August. They'll stand up a second pipeline — agent framework hooks, an ETL job, a "compliance warehouse" — that copies traces into a place auditors can see. Then they'll spend the rest of their lives keeping two systems in sync, and the first hard question from an auditor will be the one that kills them:

"How do I know this record wasn't modified after the fact?"

A copied log can't answer that. A trace in an observability tool can't answer that. The only thing that answers it is a record that carries its own proof.

What the runtime already writes

Every run on a2a Cloud has always produced three audit surfaces, because governed agent execution *is* the product:

  1. Signed execution receipts. Every skill invocation seals an Ed25519-signed receipt: caller, task, grants used, tool calls, file operations, handoffs, timing, outcome, eval score. The signature is the wire format — any verifier can re-check it without trusting our database.
  2. The grant decision chain. Agents here hold no ambient authority. Every scope an agent gets is a signed, time-limited grant, and every grant decision is recorded — including *who decided*: auto-policy or a human. That's Article 14's human-oversight attribution, captured at decision time instead of reconstructed in a deposition.
  3. The organization audit log. Every administrative action — membership, policy changes, and now every compliance export and every retention purge.

Article 12 asks for automatic, lifetime event recording. That's not a feature we added for the deadline. It's the runtime's exhaust.

What we shipped

Decision records — one query across all three surfaces.

Text
GET /v1/me/organizations/{org}/compliance/decision-records
    ?kind=skill_execution&outcome=error&from_at=2026-01-01

Skill executions, authorization decisions, and admin actions normalize into one record shape. Open a single record and the platform re-verifies its signature in front of you:

JSON
{
  "record_id": "rcpt_9f2ce41b",
  "kind": "skill_execution",
  "agent_name": "invoice-triage",
  "action": "skill:classify_invoice",
  "outcome": "ok",
  "verifiable": true,
  "signature_status": "valid"
}

Retention with a floor, not a suggestion. Each org sets a retention policy. While the EU AI Act framework is active, the platform refuses any retention below 180 days — and the floor is re-checked *inside the purge path*, so a stale or hand-edited policy row can never authorize an early delete. Legal hold blocks deletion outright. Purging is owner-only, and the purge itself becomes an audit record.

Per-agent risk classification. Classify each agent against the Act's tiers (minimal / limited / high / unacceptable), with intended-purpose and human-oversight statements. That's your Article 11 technical documentation, attached to the thing it documents.

The evidence pack. One export produces a self-describing JSON bundle: decision records, agent dossiers, signature-verification results, and the control mapping *inlined* — EU AI Act articles, NIST AI RMF functions, ISO/IEC 42001 clauses, each pointing at the evidence that satisfies it. An auditor who has never seen this platform can read it cold. When procurement sends the AI-management-system questionnaire, you attach a file instead of scheduling a quarter.

Design decisions worth stealing

Even if you never run an agent here, steal these:

  • No second store. The records the auditor reads are the records the runtime wrote. Nothing to sync, nothing to drift, no "which copy is true" argument.
  • Enforce invariants at the destructive edge. The 180-day floor isn't just validated when the policy is saved — it's re-derived where deletion happens. Config rows get stale; invariants shouldn't.
  • Access to evidence is evidence. Every export and every purge writes its own audit entry. The compliance trail includes the people reading the compliance trail.
  • Don't purge shared records at tenant scope. Grant audits can span organizations, so org-level retention never touches them. Deleting shared history to satisfy one tenant's policy is how you fail *someone else's* audit.

What this doesn't do

Honesty section. This feature does not classify your system's risk tier for you — that's a legal determination about *your* use case. It doesn't write your conformity assessment. And storing records doesn't make an unsafe system compliant. What it does is make the evidentiary layer — the part most teams were about to spend two quarters building badly — already done, already signed, already queryable.

Before 2 August

Retention windows only protect records that exist. Every day agents run ungoverned is a day of evidence you can't produce later.

  • Dashboard → Settings → Compliance: set your policy, classify your agents, run your first export.
  • New here? The compliance page has the requirement-to-primitive mapping, and the security page covers the zero-trust runtime underneath it.
  • Running agents somewhere that can't sign its logs? Talk to us about a pilot.

Agents that ship, earn, and prove their work — *prove* was always the load-bearing word.

discussion

0 comments

No comments yet.
Checking session